m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: m3tam3re/nixos-config:feature/agent-lib-m3-kratos
Branches Tags
m3tam3re/nixos-config:master m3tam3re/nixos-config:__dolt_remote_info__ m3tam3re/nixos-config:feature/agent-lib-m3-kratos m3tam3re/nixos-config:feat/hyprland-lua
..
compare: m3tam3re/nixos-config:2f74f732e5a8358765b1def0c1de84b632809c7d
Branches Tags
m3tam3re/nixos-config:master m3tam3re/nixos-config:__dolt_remote_info__ m3tam3re/nixos-config:feature/agent-lib-m3-kratos m3tam3re/nixos-config:feat/hyprland-lua

6 Commits
feature/agent-lib-m3-kratos .. 2f74f732e5

Author SHA1 Message Date
m3ta-chiron 2f74f732e5 chore: flake update 2026-05-07 19:33:45 +02:00
m3ta-chiron f5c1625295 chore: add nix to hermes agent 2026-05-07 18:10:58 +02:00
m3ta-chiron 39b6e6e2c4 bd init: initialize beads issue tracking 2026-05-07 17:35:05 +02:00
m3ta-chiron 1a8310fc9a feat: -minio +rustfs 2026-05-05 19:53:15 +02:00
m3tam3re 1b05ed5dc0 Merge pull request 'feat: Migrate MinIO → RustFS on m3-atlas' (#10) from feat/rustfs-migration into master 
Reviewed-on: #10
 2026-05-05 18:09:25 +02:00
m3ta-chiron b7dd7f2bf7 feat: migrate m3-atlas from MinIO to RustFS 
- Replace minio.nix with rustfs.nix using rustfs-flake NixOS module
- Add rustfs flake input (github:rustfs/rustfs-flake)
- Reuse same ports (API: 3008, Console: 3007) and data dir (/var/storage/s3)
- Add separate agenix secrets for access-key and secret-key
- Keep Traefik routes unchanged (s3.m3tam3re.com, minio.m3tam3re.com)
- MinIO had 6 unfixed CVEs and is abandoned upstream
 2026-05-02 11:44:32 +02:00
45 changed files with 897 additions and 7850 deletions
Expand all files Collapse all files
.a5c/.gitignore
-3
View File
@@ -1,3 +0,0 @@
node_modules/
runs/
*.log
.a5c/inputs/project-install.json
-5
View File
@@ -1,5 +0,0 @@
{
"projectRoot": "/home/m3tam3re/p/NIX/nixos-config",
"isNewProject": false,
"additionalContext": "Install and configure babysitter for this existing NixOS flake configuration repository. Respect AGENTS.md instructions, Beads workflow, Nix conventions, and avoid interactive/destructive operations unless explicitly approved."
}
.a5c/package-lock.json
Generated
-4570
View File
File diff suppressed because it is too large Load Diff
.a5c/package.json
-9
View File
@@ -1,9 +0,0 @@
{
"name": "nixos-config-a5c",
"version": "1.0.0",
"private": true,
"type": "module",
"dependencies": {
"@a5c-ai/babysitter-sdk": "latest"
}
}
.a5c/project-profile.json
-596
View File
@@ -1,596 +0,0 @@
{
"projectName": "nixos-config",
"description": "A reliable, elegant, multi-system NixOS flake configuration for personal desktop, server, cloud, Home Manager, package, overlay, and secret management.",
"goals": [
{
"id": "goal-reliability-1",
"description": "Keep all managed NixOS systems reproducible, reliable, and easy to validate before deployment.",
"category": "reliability",
"priority": "high",
"status": "active"
},
{
"id": "goal-architecture-1",
"description": "Maintain an elegant multi-system architecture with clear host boundaries and reusable common modules.",
"category": "architecture",
"priority": "high",
"status": "active"
},
{
"id": "goal-modularization-1",
"description": "Continue breaking up the former monorepo by keeping Home Manager profiles in m3ta-home and custom packages/modules in m3ta-nixpkgs where appropriate.",
"category": "modularization",
"priority": "high",
"status": "active"
},
{
"id": "goal-cicd-1",
"description": "CI/CD is not currently configured; add useful Gitea Actions validation later for formatting, linting, flake evaluation, and safe host checks.",
"category": "automation",
"priority": "medium",
"status": "deferred"
}
],
"techStack": {
"languages": [
{
"name": "Nix",
"role": "primary system, module, overlay, and package configuration language"
},
{
"name": "Markdown",
"role": "project, agent, and workflow documentation"
},
{
"name": "JSON/YAML",
"role": "tool configuration and metadata"
}
],
"frameworks": [
{
"name": "Nix flakes",
"category": "reproducible dependency and output model"
},
{
"name": "NixOS modules",
"category": "host and service configuration"
},
{
"name": "Home Manager",
"category": "user environment management"
},
{
"name": "Agenix",
"category": "encrypted secret management"
},
{
"name": "Disko",
"category": "server disk provisioning"
},
{
"name": "NUR",
"category": "community package access"
},
{
"name": "llm-agents.nix",
"category": "LLM agent packages overlay"
},
{
"name": "m3ta-home",
"category": "external reusable Home Manager profiles"
},
{
"name": "m3ta-nixpkgs",
"category": "external custom packages/modules/overlays"
}
],
"databases": [],
"infrastructure": [
{
"name": "m3-ares",
"category": "desktop NixOS host"
},
{
"name": "m3-kratos",
"category": "desktop NixOS host"
},
{
"name": "m3-daedalus",
"category": "portable laptop/Home Manager configuration"
},
{
"name": "m3-atlas",
"category": "primary server NixOS host"
},
{
"name": "m3-helios",
"category": "minimal server/AdGuard host"
},
{
"name": "m3-hermes",
"category": "secondary server/Hermes host"
},
{
"name": "m3-aether",
"category": "cloud VM/minimal server host"
}
],
"buildTools": [
"nix",
"nixos-rebuild",
"nix build",
"nix flake show",
"alejandra",
"statix",
"deadnix"
],
"packageManagers": [
"nix flakes"
]
},
"architecture": {
"pattern": "Pure Nix flake-based NixOS configuration repository with host-specific modules, common shared modules, overlays, custom packages, agenix secrets, and externalized Home Manager/package inputs.",
"modules": [
{
"name": "flake.nix",
"path": "flake.nix",
"description": "Top-level entry point defining inputs, packages, overlays, Home Manager modules, NixOS configurations, and dev shells."
},
{
"name": "hosts/common",
"path": "hosts/common",
"description": "Shared NixOS configuration, nix settings, overlays, Home Manager setup, ports, extra services, and users."
},
{
"name": "hosts",
"path": "hosts",
"description": "Per-host NixOS/Home Manager configurations for desktops, servers, and cloud VM."
},
{
"name": "modules/nixos",
"path": "modules/nixos",
"description": "Reusable NixOS modules."
},
{
"name": "modules/home-manager",
"path": "modules/home-manager",
"description": "Reusable Home Manager module exports."
},
{
"name": "overlays",
"path": "overlays",
"description": "Nixpkgs overlays for stable, locked, pinned, master, temporary, and agent packages."
},
{
"name": "pkgs",
"path": "pkgs",
"description": "Custom package export set."
},
{
"name": "secrets",
"path": "secrets",
"description": "Encrypted agenix secret files and registry."
}
],
"entryPoints": [
"flake.nix",
"hosts/<host>/default.nix",
"hosts/<host>/configuration.nix",
"hosts/common/default.nix",
"hosts/common/users/m3tam3re.nix",
"overlays/default.nix",
"pkgs/default.nix",
"secrets.nix"
],
"dataFlow": "flake.nix wires inputs, overlays, packages, NixOS modules, and Home Manager. Host modules import common configuration and host-specific hardware/programs/services/secrets. Host profile flags in hosts/common/users/m3tam3re.nix feed the external m3ta-home mkHome integration. Secrets flow through agenix registry and host secret modules."
},
"team": [
{
"name": "m3tam3re",
"role": "solo developer and operator",
"responsibilities": [
"architecture",
"implementation",
"host maintenance",
"deployments",
"review"
]
},
{
"name": "m3ta-chiron",
"role": "agent contributor",
"responsibilities": [
"semi-autonomous implementation",
"validation",
"documentation updates",
"conventional commits"
]
}
],
"workflows": [
{
"name": "development",
"description": "Default feature-branch workflow for solo development with conventional commits and validation before push.",
"steps": [
"review Beads issues with bd ready --json",
"claim work with bd update <id> --claim when applicable",
"edit Nix modules or project files",
"run alejandra .",
"run statix check .",
"run targeted nix flake or host dry-run checks",
"commit with conventional commit format",
"pull --rebase and push"
],
"triggers": [
"new feature",
"bug fix",
"refactor",
"agent task"
]
},
{
"name": "nix validation",
"description": "Quality gate for Nix configuration changes.",
"steps": [
"alejandra .",
"statix check .",
"deadnix check or deadnix -w when appropriate",
"nix flake show",
"sudo nixos-rebuild dry-run --flake .#<host> for affected hosts"
],
"triggers": [
"Nix code changes",
"before deployment",
"before commit"
]
},
{
"name": "host deployment",
"description": "Manual deployment after successful dry-run validation.",
"steps": [
"sudo nixos-rebuild dry-run --flake .#<host>",
"sudo nixos-rebuild switch --flake .#<host>"
],
"triggers": [
"manual host update"
]
},
{
"name": "dependency/input update",
"description": "Controlled flake input updates without manually editing flake.lock.",
"steps": [
"use nix flake update or nixos-rebuild --update-input <input>",
"validate affected outputs",
"commit flake.nix/flake.lock changes"
],
"triggers": [
"planned dependency update",
"security update"
]
},
{
"name": "beads issue tracking",
"description": "Persistent issue tracking and session handoff workflow.",
"steps": [
"bd ready --json",
"bd show <id>",
"bd update <id> --claim",
"bd close <id> --reason <summary>",
"bd dolt push"
],
"triggers": [
"start of tracked work",
"completion of tracked work"
]
}
],
"processes": [
{
"id": "cradle/project-install",
"name": "Babysitter project install",
"status": "installing",
"purpose": "Create and save a Babysitter project profile and setup recommendations."
}
],
"tools": {
"formatting": [
{
"name": "alejandra",
"purpose": "Nix formatting",
"configPaths": [
"flake.nix devShells.default"
]
}
],
"linting": [
{
"name": "statix",
"purpose": "Nix anti-pattern linting",
"configPaths": [
"flake.nix devShells.default"
]
},
{
"name": "deadnix",
"purpose": "Detect unused Nix code",
"configPaths": [
"flake.nix devShells.default"
]
}
],
"testing": [
{
"name": "nix flake show",
"purpose": "Evaluate flake outputs",
"configPaths": [
"flake.nix"
]
},
{
"name": "nixos-rebuild dry-run",
"purpose": "Validate host configurations without applying changes",
"configPaths": [
"flake.nix",
"hosts/*"
]
},
{
"name": "nix build",
"purpose": "Build selected outputs such as host toplevels or ISOs",
"configPaths": [
"flake.nix"
]
}
],
"issueTracking": [
{
"name": "Beads",
"command": "bd",
"purpose": "Persistent task tracking"
}
]
},
"services": [
{
"name": "code.m3ta.dev",
"type": "git hosting",
"url": "git+ssh://gitea@code.m3ta.dev"
},
{
"name": "GitHub",
"type": "flake input hosting",
"url": "github:* flake inputs"
},
{
"name": "Agenix",
"type": "secret encryption",
"url": "github:ryantm/agenix"
},
{
"name": "Hermes Agent",
"type": "NixOS module/agent service",
"url": "github:NousResearch/hermes-agent"
},
{
"name": "RustFS",
"type": "NixOS server service flake",
"url": "github:rustfs/rustfs-flake"
}
],
"externalIntegrations": [
{
"service": "Beads",
"category": "issue tracking",
"enabled": true
},
{
"service": "Dolt",
"category": "Beads storage/sync",
"enabled": true
},
{
"service": "Agenix",
"category": "secrets",
"enabled": true
},
{
"service": "Home Manager",
"category": "user environment",
"enabled": true
},
{
"service": "m3ta-home",
"category": "external home profiles",
"enabled": true
},
{
"service": "m3ta-nixpkgs",
"category": "external Nix modules/packages",
"enabled": true
},
{
"service": "NUR",
"category": "Nix packages",
"enabled": true
},
{
"service": "Disko",
"category": "disk provisioning",
"enabled": true
},
{
"service": "Hermes Agent",
"category": "LLM/agent service",
"enabled": true
}
],
"cicd": {
"provider": null,
"enabled": false,
"configPaths": [],
"pipelines": [],
"notes": "CI/CD is intentionally disabled for now. If re-enabled later, prefer Gitea Actions because this repository is hosted on code.m3ta.dev.",
"babysitterIntegration": {
"enabled": false,
"triggerOn": [],
"processIds": []
}
},
"painPoints": [
{
"id": "pp-architecture-1",
"description": "The repository is transitioning away from a monorepo; boundaries with m3ta-home and m3ta-nixpkgs must remain clear.",
"severity": "high",
"category": "architecture",
"discoveredVia": "user interview",
"suggestedRemediation": "Keep host-specific decisions local while moving reusable Home Manager profiles and package/module abstractions to their dedicated inputs."
},
{
"id": "pp-validation-1",
"description": "A single shared Nix change can require validating several hosts to be confident.",
"severity": "medium",
"category": "validation",
"discoveredVia": "repo structure and AGENTS workflow",
"suggestedRemediation": "Use targeted affected-host validation locally for now; add a Gitea Actions validation matrix later if CI/CD is re-enabled."
},
{
"id": "pp-dependency-1",
"description": "Multiple pinned, locked, stable, master, and external SSH flake inputs increase update complexity.",
"severity": "medium",
"category": "dependency management",
"discoveredVia": "flake and history analysis",
"suggestedRemediation": "Update inputs intentionally, group related updates, and validate affected host outputs."
},
{
"id": "pp-operations-1",
"description": "Service additions often need synchronized module, secret, and network/TLS changes.",
"severity": "medium",
"category": "operations",
"discoveredVia": "git history and tree structure",
"suggestedRemediation": "Use checklist-style issue templates or Babysitter processes for service changes."
}
],
"bottlenecks": [
{
"id": "bn-flake-1",
"description": "flake.nix and flake.lock are high-churn files whose changes can affect many hosts at once.",
"impact": "High; evaluation failures can block all hosts.",
"location": "flake.nix, flake.lock",
"frequency": "very frequent"
},
{
"id": "bn-secrets-1",
"description": "Secret registry and host secret modules must stay aligned with encrypted .age files.",
"impact": "Medium to high; missing or mismatched secrets break host deployment.",
"location": "secrets.nix, hosts/*/secrets.nix, secrets/*.age",
"frequency": "recurring"
},
{
"id": "bn-services-1",
"description": "Server service changes can span service modules, secrets, Traefik/networking, and flake inputs.",
"impact": "High for m3-atlas and m3-hermes changes; requires host-specific dry-runs.",
"location": "hosts/m3-atlas/services, hosts/m3-hermes/services, hosts/common",
"frequency": "frequent"
},
{
"id": "bn-home-1",
"description": "Home Manager behavior depends on both the external m3ta-home input and local host flags.",
"impact": "Medium; may require coordinated updates across repositories.",
"location": "flake.nix, hosts/common/users/m3tam3re.nix, m3ta-home input",
"frequency": "frequent after migration"
}
],
"conventions": {
"naming": {
"files": "hyphen-case for Nix/docs where practical; host directories use m3-* names",
"hosts": "m3-<greek-name>",
"modules": "one module per file/directory where possible",
"nixVariables": "camelCase"
},
"git": {
"branchStrategy": "default feature branches for non-trivial work; master as integration branch",
"commits": "conventional commits for agent work",
"reviews": "optional for solo development",
"releaseCadence": "continuous/manual as needed",
"remote": "code.m3ta.dev over SSH for private inputs and repo access"
},
"codeStyle": {
"formatter": "alejandra",
"indentation": "2 spaces",
"nixStyle": "explicit pkgs references preferred; avoid with pkgs, builtins.fetchTarball, import <nixpkgs>, builtins.getAttr/hasAttr"
},
"importOrder": [
"module function arguments",
"imports",
"let bindings",
"options/config"
],
"errorHandling": "Nix configuration should fail explicitly during evaluation/build; avoid hiding errors or impure paths.",
"testingConventions": "Run alejandra, statix, deadnix as appropriate, nix flake show, and host-specific nixos-rebuild dry-run before switching.",
"additionalRules": [
"Use Beads for persistent task tracking.",
"Use non-interactive flags for shell file operations.",
"Do not modify flake.lock directly; use nix flake update.",
"Do not commit plaintext secrets.",
"Use SSH URLs for code.m3ta.dev flake inputs.",
"Operate Babysitter semi-autonomously with breakpoints for destructive, deployment, or architecture-changing decisions."
]
},
"repositories": [
{
"name": "nixos-config",
"path": "/home/m3tam3re/p/NIX/nixos-config",
"role": "primary multi-host NixOS configuration"
},
{
"name": "m3ta-home",
"url": "git+ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home",
"role": "external Home Manager profiles"
},
{
"name": "m3ta-nixpkgs",
"url": "git+ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs",
"role": "external custom packages/modules/overlays"
}
],
"claudeMdInstructions": [
"Respect AGENTS.md as the source of project workflow rules.",
"Resolve the active Babysitter process library before using library processes.",
"Use cradle/project-install for project setup or profile refresh.",
"Use evolutionary GSD: map affected Nix modules/hosts, make focused changes, verify, and iterate.",
"Prefer alejandra, statix, deadnix, nix flake show, and targeted host dry-runs for Nix changes.",
"Preserve boundaries between nixos-config, m3ta-home, and m3ta-nixpkgs.",
"Use breakpoints for destructive operations, deployments, architecture changes, and secret-handling decisions.",
"Babysitter CI/CD is not currently enabled; if re-added later, use Gitea Actions rather than GitHub Actions."
],
"installedSkills": [
"project-install",
"babysit",
"specializations/devops-sre-platform/skills/cicd-pipelines/SKILL.md",
"specializations/devops-sre-platform/skills/gitops/SKILL.md",
"specializations/devops-sre-platform/skills/secrets-management/SKILL.md"
],
"installedAgents": [
"general-purpose",
"specializations/devops-sre-platform/agents/platform-engineer/AGENT.md",
"specializations/devops-sre-platform/agents/cicd-specialist/AGENT.md"
],
"installedProcesses": [
"cradle/project-install",
"methodologies/gsd/quick.js",
"methodologies/gsd/verify-work.js",
"methodologies/gsd/iterative-convergence.js",
"methodologies/evolutionary.js",
"specializations/devops-sre-platform/iac-testing.js"
],
"preferences": {
"babysitterAutonomy": "semi-autonomous",
"breakpointTolerance": "moderate",
"externalIntegrationsRequested": false,
"cicdDesired": false,
"cicdNote": "Deferred for now; Gitea Actions is the preferred provider if CI/CD is added later."
},
"createdAt": "2026-05-29T15:50:48.754Z",
"updatedAt": "2026-05-29T16:07:19.245463Z",
"version": 1
}
.a5c/project-profile.md
-238
View File
@@ -1,238 +0,0 @@
# Project Profile: nixos-config
A reliable, elegant, multi-system NixOS flake configuration for personal desktop, server, cloud, Home Manager, package, overlay, and secret management.
> Last updated: 2026-05-29T16:02:11.092188Z | Version: 1
## Goals
- **reliability** [high]: Keep all managed NixOS systems reproducible, reliable, and easy to validate before deployment. (active)
- **architecture** [high]: Maintain an elegant multi-system architecture with clear host boundaries and reusable common modules. (active)
- **modularization** [high]: Continue breaking up the former monorepo by keeping Home Manager profiles in m3ta-home and custom packages/modules in m3ta-nixpkgs where appropriate. (active)
- **automation** [medium]: CI/CD is not currently configured; add useful Gitea Actions validation later for formatting, linting, flake evaluation, and safe host checks. (deferred)
## Tech Stack
### Languages
- Nix (primary system, module, overlay, and package configuration language)
- Markdown (project, agent, and workflow documentation)
- JSON/YAML (tool configuration and metadata)
### Frameworks
- Nix flakes [reproducible dependency and output model]
- NixOS modules [host and service configuration]
- Home Manager [user environment management]
- Agenix [encrypted secret management]
- Disko [server disk provisioning]
- NUR [community package access]
- llm-agents.nix [LLM agent packages overlay]
- m3ta-home [external reusable Home Manager profiles]
- m3ta-nixpkgs [external custom packages/modules/overlays]
### Infrastructure
- m3-ares [desktop NixOS host]
- m3-kratos [desktop NixOS host]
- m3-daedalus [portable laptop/Home Manager configuration]
- m3-atlas [primary server NixOS host]
- m3-helios [minimal server/AdGuard host]
- m3-hermes [secondary server/Hermes host]
- m3-aether [cloud VM/minimal server host]
**Build tools:** nix, nixos-rebuild, nix build, nix flake show, alejandra, statix, deadnix
**Package managers:** nix flakes
## Architecture
**Pattern:** Pure Nix flake-based NixOS configuration repository with host-specific modules, common shared modules, overlays, custom packages, agenix secrets, and externalized Home Manager/package inputs.
**Data flow:** flake.nix wires inputs, overlays, packages, NixOS modules, and Home Manager. Host modules import common configuration and host-specific hardware/programs/services/secrets. Host profile flags in hosts/common/users/m3tam3re.nix feed the external m3ta-home mkHome integration. Secrets flow through agenix registry and host secret modules.
### Modules
| Module | Path | Description |
|--------|------|-------------|
| flake.nix | `flake.nix` | Top-level entry point defining inputs, packages, overlays, Home Manager modules, NixOS configurations, and dev shells. |
| hosts/common | `hosts/common` | Shared NixOS configuration, nix settings, overlays, Home Manager setup, ports, extra services, and users. |
| hosts | `hosts` | Per-host NixOS/Home Manager configurations for desktops, servers, and cloud VM. |
| modules/nixos | `modules/nixos` | Reusable NixOS modules. |
| modules/home-manager | `modules/home-manager` | Reusable Home Manager module exports. |
| overlays | `overlays` | Nixpkgs overlays for stable, locked, pinned, master, temporary, and agent packages. |
| pkgs | `pkgs` | Custom package export set. |
| secrets | `secrets` | Encrypted agenix secret files and registry. |
**Entry points:** `flake.nix`, `hosts/<host>/default.nix`, `hosts/<host>/configuration.nix`, `hosts/common/default.nix`, `hosts/common/users/m3tam3re.nix`, `overlays/default.nix`, `pkgs/default.nix`, `secrets.nix`
## Team
- **m3tam3re** (solo developer and operator): architecture, implementation, host maintenance, deployments, review
- **m3ta-chiron** (agent contributor): semi-autonomous implementation, validation, documentation updates, conventional commits
## Workflows
### development
Default feature-branch workflow for solo development with conventional commits and validation before push.
**Triggers:** new feature, bug fix, refactor, agent task
1. review Beads issues with bd ready --json
2. claim work with bd update <id> --claim when applicable
3. edit Nix modules or project files
4. run alejandra .
5. run statix check .
6. run targeted nix flake or host dry-run checks
7. commit with conventional commit format
8. pull --rebase and push
### nix validation
Quality gate for Nix configuration changes.
**Triggers:** Nix code changes, before deployment, before commit
1. alejandra .
2. statix check .
3. deadnix check or deadnix -w when appropriate
4. nix flake show
5. sudo nixos-rebuild dry-run --flake .#<host> for affected hosts
### host deployment
Manual deployment after successful dry-run validation.
**Triggers:** manual host update
1. sudo nixos-rebuild dry-run --flake .#<host>
2. sudo nixos-rebuild switch --flake .#<host>
### dependency/input update
Controlled flake input updates without manually editing flake.lock.
**Triggers:** planned dependency update, security update
1. use nix flake update or nixos-rebuild --update-input <input>
2. validate affected outputs
3. commit flake.nix/flake.lock changes
### beads issue tracking
Persistent issue tracking and session handoff workflow.
**Triggers:** start of tracked work, completion of tracked work
1. bd ready --json
2. bd show <id>
3. bd update <id> --claim
4. bd close <id> --reason <summary>
5. bd dolt push
## Processes
- **Babysitter project install** (`cradle/project-install`, undefined)
## Tools
### Linting
- statix
- deadnix
### Testing
- nix flake show
- nixos-rebuild dry-run
- nix build
### Formatting
- alejandra
## Services
- **code.m3ta.dev** (git hosting) - git+ssh://gitea@code.m3ta.dev
- **GitHub** (flake input hosting) - github:* flake inputs
- **Agenix** (secret encryption) - github:ryantm/agenix
- **Hermes Agent** (NixOS module/agent service) - github:NousResearch/hermes-agent
- **RustFS** (NixOS server service flake) - github:rustfs/rustfs-flake
## CI/CD
**Status:** Not configured/enabled for now.
No Babysitter CI/CD workflow is currently installed. If CI/CD is added later, prefer Gitea Actions because this repository is hosted on code.m3ta.dev.
## Pain Points
- **high** [architecture]: The repository is transitioning away from a monorepo; boundaries with m3ta-home and m3ta-nixpkgs must remain clear.
- Remediation: Keep host-specific decisions local while moving reusable Home Manager profiles and package/module abstractions to their dedicated inputs.
- **medium** [validation]: A single shared Nix change can require validating several hosts to be confident.
- Remediation: Use targeted affected-host validation locally for now; add a Gitea Actions validation matrix later if CI/CD is re-enabled.
- **medium** [dependency management]: Multiple pinned, locked, stable, master, and external SSH flake inputs increase update complexity.
- Remediation: Update inputs intentionally, group related updates, and validate affected host outputs.
- **medium** [operations]: Service additions often need synchronized module, secret, and network/TLS changes.
- Remediation: Use checklist-style issue templates or Babysitter processes for service changes.
## Bottlenecks
- flake.nix and flake.lock are high-churn files whose changes can affect many hosts at once. at flake.nix, flake.lock (very frequent)
Impact: High; evaluation failures can block all hosts.
- Secret registry and host secret modules must stay aligned with encrypted .age files. at secrets.nix, hosts/*/secrets.nix, secrets/*.age (recurring)
Impact: Medium to high; missing or mismatched secrets break host deployment.
- Server service changes can span service modules, secrets, Traefik/networking, and flake inputs. at hosts/m3-atlas/services, hosts/m3-hermes/services, hosts/common (frequent)
Impact: High for m3-atlas and m3-hermes changes; requires host-specific dry-runs.
- Home Manager behavior depends on both the external m3ta-home input and local host flags. at flake.nix, hosts/common/users/m3tam3re.nix, m3ta-home input (frequent after migration)
Impact: Medium; may require coordinated updates across repositories.
## Conventions
### Naming
- **files:** hyphen-case for Nix/docs where practical; host directories use m3-* names
- **hosts:** m3-<greek-name>
- **modules:** one module per file/directory where possible
- **nixVariables:** camelCase
### Git
- **branchStrategy:** default feature branches for non-trivial work; master as integration branch
- **commits:** conventional commits for agent work
- **reviews:** optional for solo development
- **releaseCadence:** continuous/manual as needed
- **remote:** code.m3ta.dev over SSH for private inputs and repo access
**Import order:** module function arguments > imports > let bindings > options/config
**Error handling:** Nix configuration should fail explicitly during evaluation/build; avoid hiding errors or impure paths.
**Testing:** Run alejandra, statix, deadnix as appropriate, nix flake show, and host-specific nixos-rebuild dry-run before switching.
### Additional Rules
- Use Beads for persistent task tracking.
- Use non-interactive flags for shell file operations.
- Do not modify flake.lock directly; use nix flake update.
- Do not commit plaintext secrets.
- Use SSH URLs for code.m3ta.dev flake inputs.
- Operate Babysitter semi-autonomously with breakpoints for destructive, deployment, or architecture-changing decisions.
## Repositories
- **nixos-config** [`/home/m3tam3re/p/NIX/nixos-config`]
- **m3ta-home** - git+ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home
- **m3ta-nixpkgs** - git+ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs
## CLAUDE.md Instructions
- Respect AGENTS.md as the source of project workflow rules.
- Resolve the active Babysitter process library before using library processes.
- Use cradle/project-install for project setup or profile refresh.
- Use evolutionary GSD: map affected Nix modules/hosts, make focused changes, verify, and iterate.
- Prefer alejandra, statix, deadnix, nix flake show, and targeted host dry-runs for Nix changes.
- Preserve boundaries between nixos-config, m3ta-home, and m3ta-nixpkgs.
- Use breakpoints for destructive operations, deployments, architecture changes, and secret-handling decisions.
- Babysitter CI/CD is not currently enabled; if re-added later, use Gitea Actions rather than GitHub Actions.
## Installed Extensions
- Skills: project-install, babysit, specializations/devops-sre-platform/skills/cicd-pipelines/SKILL.md, specializations/devops-sre-platform/skills/gitops/SKILL.md, specializations/devops-sre-platform/skills/secrets-management/SKILL.md
- Agents: general-purpose, specializations/devops-sre-platform/agents/platform-engineer/AGENT.md, specializations/devops-sre-platform/agents/cicd-specialist/AGENT.md
- Processes: cradle/project-install, methodologies/gsd/quick.js, methodologies/gsd/verify-work.js, methodologies/gsd/iterative-convergence.js, methodologies/evolutionary.js, specializations/devops-sre-platform/iac-testing.js
.a5c/quality-gates.json
-53
View File
@@ -1,53 +0,0 @@
{
"qualityThreshold": 80,
"testCoverage": {
"minimum": 0,
"rationale": "NixOS configuration repository without a coverage-producing test suite."
},
"formatting": [
{
"name": "alejandra",
"command": "alejandra .",
"ciCommand": "alejandra --check ."
}
],
"linting": [
{
"name": "statix",
"command": "statix check ."
},
{
"name": "deadnix",
"command": "deadnix . --fail"
}
],
"evaluation": [
{
"name": "flake outputs",
"command": "nix flake show"
},
{
"name": "affected host dry-run",
"command": "sudo nixos-rebuild dry-run --flake .#<host>",
"when": "Run for affected hosts when practical and safe."
}
],
"commitChecks": [
"alejandra .",
"statix check .",
"deadnix . --fail",
"nix flake show"
],
"deployGates": [
"formatting passes",
"linting passes",
"flake outputs evaluate",
"affected host dry-run succeeds",
"secrets are encrypted and host secret modules remain aligned"
],
"cicdIntegrationPoints": [],
"cicd": {
"enabled": false,
"notes": "No CI/CD integration is currently configured. Add Gitea Actions later if automated Babysitter or Nix validation is desired."
}
}
.beads/issues.jsonl
-3
View File
@@ -1,3 +0,0 @@
{"_type":"issue","id":"home-profile-restructuring-edz","title":"Create copy-hermes-skills systemd service","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:44:42Z","started_at":"2026-04-26T12:36:30Z","closed_at":"2026-04-26T12:44:42Z","close_reason":"Created systemd service in hosts/m3-hermes/services/hermes-agent.nix - copies skills to /var/lib/hermes/.agents/skills before hermes-agent starts","labels":["hermes-agent","nixos"],"dependencies":[{"issue_id":"home-profile-restructuring-edz","depends_on_id":"home-profile-restructuring-ycz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":1,"comment_count":0}
{"_type":"issue","id":"home-profile-restructuring-ycz","title":"Build hermes-agent skills using mkOpencodeSkills","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":2,"created_at":"2026-04-26T12:30:09Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:35:15Z","started_at":"2026-04-26T12:31:35Z","closed_at":"2026-04-26T12:35:15Z","close_reason":"Added inputs to module signature and defined hermesSkills via inputs.agents.lib.mkOpencodeSkills with basecamp, anthropic, and kestra external skills. Verified with nixos-rebuild dry-run --flake .#m3-hermes (no errors).","labels":["hermes-agent","nixos"],"dependency_count":0,"dependent_count":1,"comment_count":0}
{"_type":"issue","id":"home-profile-restructuring-cxa","title":"Verify skills available at /var/lib/hermes/.agents/skills","status":"closed","priority":2,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:50:58Z","started_at":"2026-04-26T12:38:15Z","closed_at":"2026-04-26T12:50:58Z","close_reason":"Manually verified - skills are present at /var/lib/hermes/.agents/skills on m3-hermes","labels":["hermes-agent","testing"],"dependencies":[{"issue_id":"home-profile-restructuring-cxa","depends_on_id":"home-profile-restructuring-edz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":0,"comment_count":0}
.claude/settings.json
+26
View File
@@ -0,0 +1,26 @@
{
"hooks": {
"PreCompact": [
{
"hooks": [
{
"command": "bd prime",
"type": "command"
}
],
"matcher": ""
}
],
"SessionStart": [
{
"hooks": [
{
"command": "bd prime",
"type": "command"
}
],
"matcher": ""
}
]
}
}
.gitignore
-8
View File
@@ -40,16 +40,8 @@ opencode.json
.pi* .pi*
.worktrees/ .worktrees/
docs/plans/ docs/plans/
CLAUDE.md
# Beads / Dolt files (added by bd init) # Beads / Dolt files (added by bd init)
.dolt/ .dolt/
*.db *.db
.beads-credential-key .beads-credential-key
# --- babysitter managed ---
.a5c/creds.env
.a5c/creds.env.tmp.*
.a5c/logs/
.a5c/runs/
# --- end babysitter managed ---
CLAUDE.md
+69
View File
@@ -0,0 +1,69 @@
# Project Instructions for AI Agents
This file provides instructions and context for AI coding agents working on this project.
<!-- BEGIN BEADS INTEGRATION v:1 profile:minimal hash:ca08a54f -->
## Beads Issue Tracker
This project uses **bd (beads)** for issue tracking. Run `bd prime` to see full workflow context and commands.
### Quick Reference
```bash
bd ready # Find available work
bd show <id> # View issue details
bd update <id> --claim # Claim work
bd close <id> # Complete work
```
### Rules
- Use `bd` for ALL task tracking — do NOT use TodoWrite, TaskCreate, or markdown TODO lists
- Run `bd prime` for detailed command reference and session close protocol
- Use `bd remember` for persistent knowledge — do NOT use MEMORY.md files
## Session Completion
**When ending a work session**, you MUST complete ALL steps below. Work is NOT complete until `git push` succeeds.
**MANDATORY WORKFLOW:**
1. **File issues for remaining work** - Create issues for anything that needs follow-up
2. **Run quality gates** (if code changed) - Tests, linters, builds
3. **Update issue status** - Close finished work, update in-progress items
4. **PUSH TO REMOTE** - This is MANDATORY:
```bash
git pull --rebase
bd dolt push
git push
git status # MUST show "up to date with origin"
```
5. **Clean up** - Clear stashes, prune remote branches
6. **Verify** - All changes committed AND pushed
7. **Hand off** - Provide context for next session
**CRITICAL RULES:**
- Work is NOT complete until `git push` succeeds
- NEVER stop before pushing - that leaves work stranded locally
- NEVER say "ready to push when you are" - YOU must push
- If push fails, resolve and retry until it succeeds
<!-- END BEADS INTEGRATION -->
## Build & Test
_Add your build and test commands here_
```bash
# Example:
# npm install
# npm test
```
## Architecture Overview
_Add a brief overview of your project architecture_
## Conventions & Patterns
_Add your project-specific conventions here_
agent-sources.lock.json
-1411
View File
File diff suppressed because it is too large Load Diff
flake.lock
Generated
+329 -265
View File
@@ -24,9 +24,9 @@
"agenix_2": { "agenix_2": {
"inputs": { "inputs": {
"darwin": "darwin_2", "darwin": "darwin_2",
"home-manager": "home-manager_3", "home-manager": "home-manager_4",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_6",
"systems": "systems_3" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1770165109, "lastModified": 1770165109,
@@ -42,57 +42,16 @@
"type": "github" "type": "github"
} }
}, },
"agent-lib": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1780681759,
"narHash": "sha256-eszNyFb1If4ePaJD1aQTvHFog8lvpwjCTl8F9rUlXnk=",
"ref": "refs/heads/master",
"rev": "9a4ee71b1a9008422266e4364a76ee2f08868b5a",
"revCount": 25,
"type": "git",
"url": "ssh://gitea@code.m3ta.dev/m3tam3re/agent-lib"
},
"original": {
"type": "git",
"url": "ssh://gitea@code.m3ta.dev/m3tam3re/agent-lib"
}
},
"agent-lib_2": {
"inputs": {
"nixpkgs": [
"m3ta-home",
"nixpkgs"
]
},
"locked": {
"lastModified": 1780157040,
"narHash": "sha256-j2d3nj3FvOlxQ+Zlse+rMo3qHD3m4Gick5uiwtTaA2o=",
"ref": "refs/heads/master",
"rev": "f63712a9ba03da6e2f591766d0f055aa65e6d237",
"revCount": 24,
"type": "git",
"url": "ssh://gitea@code.m3ta.dev/m3tam3re/agent-lib"
},
"original": {
"type": "git",
"url": "ssh://gitea@code.m3ta.dev/m3tam3re/agent-lib"
}
},
"agents": { "agents": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1780133320, "lastModified": 1777399938,
"narHash": "sha256-8AiN9tV9PBb5xblJiPlhumBbKj61qLjzqXXFtkj3vvY=", "narHash": "sha256-xXPqUQezDdDtF8MbpZnwD1HkybOYwF92evx8rJ6OXCU=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "920c00313ae242bd93275c30131b9ab1e52ee2fb", "rev": "9a91f1ee0cf011a7eaf1f16a9e17610b0457e055",
"revCount": 88, "revCount": 85,
"type": "git", "type": "git",
"url": "ssh://gitea@code.m3ta.dev/m3tam3re/AGENTS" "url": "ssh://gitea@code.m3ta.dev/m3tam3re/AGENTS"
}, },
@@ -104,11 +63,11 @@
"agents_2": { "agents_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1778518220, "lastModified": 1777399938,
"narHash": "sha256-6AQs9VZ0/DuD4njPbYHRE4v+SgJc6SBrGwemTWxikVc=", "narHash": "sha256-xXPqUQezDdDtF8MbpZnwD1HkybOYwF92evx8rJ6OXCU=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "b6e1aaa6261c5056d024d8d4785659eaa4e675e6", "rev": "9a91f1ee0cf011a7eaf1f16a9e17610b0457e055",
"revCount": 87, "revCount": 85,
"type": "git", "type": "git",
"url": "https://code.m3ta.dev/m3tam3re/AGENTS" "url": "https://code.m3ta.dev/m3tam3re/AGENTS"
}, },
@@ -120,11 +79,11 @@
"agents_3": { "agents_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1778518220, "lastModified": 1777399938,
"narHash": "sha256-6AQs9VZ0/DuD4njPbYHRE4v+SgJc6SBrGwemTWxikVc=", "narHash": "sha256-xXPqUQezDdDtF8MbpZnwD1HkybOYwF92evx8rJ6OXCU=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "b6e1aaa6261c5056d024d8d4785659eaa4e675e6", "rev": "9a91f1ee0cf011a7eaf1f16a9e17610b0457e055",
"revCount": 87, "revCount": 85,
"type": "git", "type": "git",
"url": "https://code.m3ta.dev/m3tam3re/AGENTS" "url": "https://code.m3ta.dev/m3tam3re/AGENTS"
}, },
@@ -255,15 +214,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1778446047, "lastModified": 1777369708,
"narHash": "sha256-oQvcadh2BCkrog+SGrG6YffKJrveYpjj3TdQJWaKhaM=", "narHash": "sha256-1xW7cRZNsFNPQD+cE0fwnLVStnDth0HSoASEIFeT7uI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "bun2nix", "repo": "bun2nix",
"rev": "f2bc12af1a6369648aac41041ceeaa0b866599c6", "rev": "e659e1cc4b8e1b21d0aa85f1c481f9db61ecfa98",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "staging-2.1.0",
"repo": "bun2nix", "repo": "bun2nix",
"type": "github" "type": "github"
} }
@@ -320,11 +280,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1780290312, "lastModified": 1777713215,
"narHash": "sha256-eTAlX0CwgB84Ts3GaBd944A3DRXVMzgA0EqroZBISUo=", "narHash": "sha256-8GzXDOXckDWwST8TY5DbwYFjdvQLlP7K9CLSVx6iTTo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "115e5211780054d8a890b41f0b7734cafad54dfe", "rev": "63b4e7e6cf75307c1d26ac3762b886b5b0247267",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -333,50 +293,6 @@
"type": "github" "type": "github"
} }
}, },
"dms": {
"inputs": {
"nixpkgs": [
"m3ta-home",
"nixpkgs"
],
"quickshell": "quickshell"
},
"locked": {
"lastModified": 1777431599,
"narHash": "sha256-g6r/Gx8PTDzO3jCNzzySA+Ff1lmLF9nDlMCNyyoQjoE=",
"owner": "AvengeMedia",
"repo": "DankMaterialShell",
"rev": "eb5afcdc40ea5446c27e18552ff4a19f9daf9484",
"type": "github"
},
"original": {
"owner": "AvengeMedia",
"ref": "stable",
"repo": "DankMaterialShell",
"type": "github"
}
},
"dms-plugin-registry": {
"inputs": {
"nixpkgs": [
"m3ta-home",
"nixpkgs"
]
},
"locked": {
"lastModified": 1780281921,
"narHash": "sha256-ZDsDl7lTOfM+Le2l6gDyEP3o+KHR3TUCkuxd9hQaLro=",
"owner": "AvengeMedia",
"repo": "dms-plugin-registry",
"rev": "ee4eeacce5a7041ed39f8cd7fe64b6e0e888e73b",
"type": "github"
},
"original": {
"owner": "AvengeMedia",
"repo": "dms-plugin-registry",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
@@ -406,11 +322,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1778716662, "lastModified": 1777988971,
"narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=", "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb", "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -462,26 +378,43 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"hermes-agent": { "hermes-agent": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_3",
"npm-lockfile-fix": "npm-lockfile-fix", "npm-lockfile-fix": "npm-lockfile-fix",
"pyproject-build-systems": "pyproject-build-systems", "pyproject-build-systems": "pyproject-build-systems",
"pyproject-nix": "pyproject-nix_2", "pyproject-nix": "pyproject-nix_2",
"uv2nix": "uv2nix_2" "uv2nix": "uv2nix_2"
}, },
"locked": { "locked": {
"lastModified": 1780061757, "lastModified": 1778092994,
"narHash": "sha256-0CmNH879jnsAAszo1nkkFm8RNE49xtwUditYdFIYBCM=", "narHash": "sha256-vpYpQTIbQnn32IF3sW9icfMFE9MR2C0mA45t4dQryBw=",
"owner": "NousResearch", "owner": "NousResearch",
"repo": "hermes-agent", "repo": "hermes-agent",
"rev": "77a1650c78a4cb1813d8a81fa1da40a15b6a3ec5", "rev": "a345f7b6e56b8f497608089ddf2a7c80997c90c9",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NousResearch", "owner": "NousResearch",
"ref": "v2026.5.29.2",
"repo": "hermes-agent", "repo": "hermes-agent",
"type": "github" "type": "github"
} }
@@ -514,11 +447,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1780593650, "lastModified": 1777988791,
"narHash": "sha256-CHo7k65YTL3HY+WQVedDTupji+LMgNlKCdrtRHZFAK4=", "narHash": "sha256-DtbtSW5+Hls7z+D9BfsAXvFuivt5iZ0OzUXjQ8d8lB8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "447fd9ff62501dae7206dfe180ee89f8de27b7d5", "rev": "d987617879f613053f6fdf4491fe28ce0283d543",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -528,6 +461,27 @@
} }
}, },
"home-manager_3": { "home-manager_3": {
"inputs": {
"nixpkgs": [
"hyprpanel",
"nixpkgs"
]
},
"locked": {
"lastModified": 1750798083,
"narHash": "sha256-DTCCcp6WCFaYXWKFRA6fiI2zlvOLCf5Vwx8+/0R8Wc4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ff31a4677c1a8ae506aa7e003a3dba08cb203f82",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_4": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"m3ta-home", "m3ta-home",
@@ -549,7 +503,7 @@
"type": "github" "type": "github"
} }
}, },
"home-manager_4": { "home-manager_5": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"m3ta-home", "m3ta-home",
@@ -557,11 +511,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1780099287, "lastModified": 1777988791,
"narHash": "sha256-efIPwVGtIWIjWcznhaop6XN6HxnOL8800hF6CBNvlqQ=", "narHash": "sha256-DtbtSW5+Hls7z+D9BfsAXvFuivt5iZ0OzUXjQ8d8lB8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "7d8127d308c3fb9664f7e643eec944be74ebb37d", "rev": "d987617879f613053f6fdf4491fe28ce0283d543",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -576,7 +530,7 @@
"rose-pine-hyprcursor", "rose-pine-hyprcursor",
"nixpkgs" "nixpkgs"
], ],
"systems": "systems_4" "systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1709914708, "lastModified": 1709914708,
@@ -592,21 +546,41 @@
"type": "github" "type": "github"
} }
}, },
"hyprpanel": {
"inputs": {
"flake-utils": "flake-utils",
"home-manager": "home-manager_3",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1776923321,
"narHash": "sha256-QowlCOrE4jGOTDCUCEx/E8gHjqSx3r25y7v4dEBpBhk=",
"owner": "Jas-SinghFSU",
"repo": "HyprPanel",
"rev": "1961ba86ad5ab880beb639e5454054b2b5037e0d",
"type": "github"
},
"original": {
"owner": "Jas-SinghFSU",
"repo": "HyprPanel",
"type": "github"
}
},
"llm-agents": { "llm-agents": {
"inputs": { "inputs": {
"blueprint": "blueprint", "blueprint": "blueprint",
"bun2nix": "bun2nix", "bun2nix": "bun2nix",
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_5",
"systems": "systems_2", "systems": "systems_3",
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1780640554, "lastModified": 1778165912,
"narHash": "sha256-dgnL2gTgRoO1D4z6wkARGCO/gimq3/UE/mVFcQcWBn8=", "narHash": "sha256-zMMLwm4nCFTTjmbDHT7btnyJDh0IGcboUYjXdJ5rw/E=",
"owner": "numtide", "owner": "numtide",
"repo": "llm-agents.nix", "repo": "llm-agents.nix",
"rev": "f764eba1fdd162a1f2bc923f7e7034b894a22b4a", "rev": "8ff1896efe8e98262dbea505c123e8cf80eaaa4d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -618,11 +592,7 @@
"m3ta-home": { "m3ta-home": {
"inputs": { "inputs": {
"agenix": "agenix_2", "agenix": "agenix_2",
"agent-lib": "agent-lib_2", "home-manager": "home-manager_5",
"agents": "agents",
"dms": "dms",
"dms-plugin-registry": "dms-plugin-registry",
"home-manager": "home-manager_4",
"m3ta-nixpkgs": "m3ta-nixpkgs", "m3ta-nixpkgs": "m3ta-nixpkgs",
"nix-colors": "nix-colors", "nix-colors": "nix-colors",
"nixpkgs": [ "nixpkgs": [
@@ -631,11 +601,11 @@
"nur": "nur" "nur": "nur"
}, },
"locked": { "locked": {
"lastModified": 1780420920, "lastModified": 1777909626,
"narHash": "sha256-dxcRmexgCX+DlmlFRE/eW3gzdohVU7+JTAkzUzvG/1Y=", "narHash": "sha256-blEbEb6DOUI3oPs30cxuctCw2EKeF5MG2A5GhxMHReI=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "19dea8277ef9c473e95e2dc3be367044dfa3f65c", "rev": "d0921278e29f0596e3dd4b63a1e5785f0b444444",
"revCount": 45, "revCount": 17,
"type": "git", "type": "git",
"url": "ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home" "url": "ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home"
}, },
@@ -656,11 +626,11 @@
"openspec": "openspec" "openspec": "openspec"
}, },
"locked": { "locked": {
"lastModified": 1779944037, "lastModified": 1777989693,
"narHash": "sha256-jO6zAJjgc9n3SeDJW1EbV6CEqOa9DK+2AhTgWc+ImHQ=", "narHash": "sha256-KhlYbZUqL+xaWKkjDFLLsEJiDfdLGKIcu3XKzekh5Vg=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "ae1fb97c21b311dc03a46e8d50867048e5568c88", "rev": "5a4581db07f06876f8331a26faef3ff844f9e906",
"revCount": 323, "revCount": 279,
"type": "git", "type": "git",
"url": "ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs" "url": "ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs"
}, },
@@ -673,16 +643,16 @@
"inputs": { "inputs": {
"agents": "agents_3", "agents": "agents_3",
"basecamp": "basecamp_2", "basecamp": "basecamp_2",
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_8",
"nixpkgs-master": "nixpkgs-master_2", "nixpkgs-master": "nixpkgs-master_2",
"openspec": "openspec_2" "openspec": "openspec_2"
}, },
"locked": { "locked": {
"lastModified": 1779944037, "lastModified": 1778175057,
"narHash": "sha256-jO6zAJjgc9n3SeDJW1EbV6CEqOa9DK+2AhTgWc+ImHQ=", "narHash": "sha256-AzSXrIBua6nZWXY/VX1tFwc6DOwCvz6ZaZHjlFhXJgA=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "ae1fb97c21b311dc03a46e8d50867048e5568c88", "rev": "8d7a1b4f3d96f4bad2edf290eea2e15267b346d2",
"revCount": 323, "revCount": 284,
"type": "git", "type": "git",
"url": "ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs" "url": "ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs"
}, },
@@ -747,7 +717,7 @@
"nixos-generators": { "nixos-generators": {
"inputs": { "inputs": {
"nixlib": "nixlib", "nixlib": "nixlib",
"nixpkgs": "nixpkgs_8" "nixpkgs": "nixpkgs_9"
}, },
"locked": { "locked": {
"lastModified": 1769813415, "lastModified": 1769813415,
@@ -859,11 +829,11 @@
}, },
"nixpkgs-master": { "nixpkgs-master": {
"locked": { "locked": {
"lastModified": 1779457550, "lastModified": 1777989294,
"narHash": "sha256-yALoy2CrvwvNfwMtGZDRdc+jqVNHulyuM5iVK12lUAI=", "narHash": "sha256-Px89zfbZjq7zhM2KL9lw4f7Rh/j1z5yWEQu/SmKtKYA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a9c18fd234dbe4fd8de4bac53760b785c47e94ff", "rev": "2a2d7f76ae9d33b4cb70713b6a1611d3d71b16a0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -875,11 +845,11 @@
}, },
"nixpkgs-master_2": { "nixpkgs-master_2": {
"locked": { "locked": {
"lastModified": 1779457550, "lastModified": 1778169579,
"narHash": "sha256-yALoy2CrvwvNfwMtGZDRdc+jqVNHulyuM5iVK12lUAI=", "narHash": "sha256-Tq/NKW6AApJzZ0fKnxUTff+w2cAiMxwh+j0aGFO5JhM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a9c18fd234dbe4fd8de4bac53760b785c47e94ff", "rev": "3c76fb7d83cd4e83303a7d48aa4868f8c9d47fb3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -891,11 +861,11 @@
}, },
"nixpkgs-master_3": { "nixpkgs-master_3": {
"locked": { "locked": {
"lastModified": 1780675612, "lastModified": 1777997195,
"narHash": "sha256-0uf5rIKWl6ljqZtDdYhVpBru9cggmUyoOw+m7IZNKYk=", "narHash": "sha256-EWFYub0APofhkFF/gRn4PS9k5xanNE4G6fjXuJvqXek=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a08eccd152a1534c8e01e69709fd21b108e5be2d", "rev": "5b58ac2559522402f322cb8280e6006dde6b6aca",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -907,11 +877,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1779796641, "lastModified": 1777673416,
"narHash": "sha256-ZsIrKmhp4vbBXoXXmR/tBXA/UCsAQiJL9vsgZEduhVY=", "narHash": "sha256-5c2POKPOjU40Kh0MirOdScBLG0bu9TAuPYAtPRNZMBs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "25f538306313eae3927264466c70d7001dcea1df", "rev": "26ef669cffa904b6f6832ab57b77892a37c1a671",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -922,6 +892,22 @@
} }
}, },
"nixpkgs_10": { "nixpkgs_10": {
"locked": {
"lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": { "locked": {
"lastModified": 1710272261, "lastModified": 1710272261,
"narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=", "narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=",
@@ -938,6 +924,22 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1772479524,
"narHash": "sha256-u7nCaNiMjqvKpE+uZz9hE7pgXXTmm5yvdtFaqzSzUQI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4215e62dc2cd3bc705b0a423b9719ff6be378a43",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1775036866, "lastModified": 1775036866,
"narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=", "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=",
@@ -953,13 +955,29 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1780365719, "lastModified": 1750776420,
"narHash": "sha256-QfWfccTN+70ZQ4m2qlU9PiKfz2Yppq94058iJyARNwc=", "narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1778036283,
"narHash": "sha256-62EWg6lI0qyzm7oAx5cAnGkLutvJsRBe0KkEW2JDZCE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ffa10e26ae11d676b2db836259889f1f571cb14f", "rev": "ed67bc86e84e51d4a88e73c7fd36006dc876476f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -969,7 +987,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1754028485, "lastModified": 1754028485,
"narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
@@ -985,55 +1003,39 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": {
"locked": {
"lastModified": 1772479524,
"narHash": "sha256-u7nCaNiMjqvKpE+uZz9hE7pgXXTmm5yvdtFaqzSzUQI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4215e62dc2cd3bc705b0a423b9719ff6be378a43",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1779560665,
"narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1778869304, "lastModified": 1777954456,
"narHash": "sha256-30sZNZoA1cqF5JNO9fVX+wgiQYjB7HJqqJ4ztCDeBZE=", "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d233902339c02a9c334e7e593de68855ad26c4cb", "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nixos",
"ref": "nixos-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_8": { "nixpkgs_8": {
"locked": {
"lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1736657626, "lastModified": 1736657626,
"narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=", "narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=",
@@ -1049,22 +1051,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_9": {
"locked": {
"lastModified": 1780365719,
"narHash": "sha256-QfWfccTN+70ZQ4m2qlU9PiKfz2Yppq94058iJyARNwc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ffa10e26ae11d676b2db836259889f1f571cb14f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"npm-lockfile-fix": { "npm-lockfile-fix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -1089,14 +1075,14 @@
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_6" "nixpkgs": "nixpkgs_7"
}, },
"locked": { "locked": {
"lastModified": 1780290189, "lastModified": 1777992649,
"narHash": "sha256-2igu6l2/d4RikYmC/SsykZ1jF1e4+Df+2qWPYjq2xto=", "narHash": "sha256-7OeieVckZDBJWph65bvR9ECk0h7XEVCEKHkw+YctsbI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "8b6210602dcbd4409ab1c3453ea0c292637c2799", "rev": "86ff5b8bacae59f4de5e3f0f97da0b8fd2e41e95",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1113,11 +1099,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1780667345, "lastModified": 1777992649,
"narHash": "sha256-JkFBPvT91un8Hq2wrMJxcJgiWwpIl6X5frAH6E8f32M=", "narHash": "sha256-7OeieVckZDBJWph65bvR9ECk0h7XEVCEKHkw+YctsbI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "c81bd4bb3912e373c17eaff12d67d478dfedf418", "rev": "86ff5b8bacae59f4de5e3f0f97da0b8fd2e41e95",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1135,11 +1121,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1779302169, "lastModified": 1777903600,
"narHash": "sha256-OOSPtUXC4F2umtsZPkyWlPQxhXBsxF2vqBXLeI/lqIw=", "narHash": "sha256-OXBCaHEHe5S2mTL5w6ot+++Cua/xfYfwIjEtchNHj18=",
"owner": "Fission-AI", "owner": "Fission-AI",
"repo": "OpenSpec", "repo": "OpenSpec",
"rev": "79303b521068c5f525ee61db06b915fc44b098f4", "rev": "7c3acccaf7d01006e3aac2194a2a1967e4d66984",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1156,11 +1142,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1779302169, "lastModified": 1778120451,
"narHash": "sha256-OOSPtUXC4F2umtsZPkyWlPQxhXBsxF2vqBXLeI/lqIw=", "narHash": "sha256-MUSPD16+hoFBfQWYahtNLN2BIFEAlFFo2KNofrc947g=",
"owner": "Fission-AI", "owner": "Fission-AI",
"repo": "OpenSpec", "repo": "OpenSpec",
"rev": "79303b521068c5f525ee61db06b915fc44b098f4", "rev": "053d8a59d587f3c027a06ad80503a6b43d4f2a92",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1257,42 +1243,20 @@
"type": "github" "type": "github"
} }
}, },
"quickshell": {
"inputs": {
"nixpkgs": [
"m3ta-home",
"dms",
"nixpkgs"
]
},
"locked": {
"lastModified": 1776854048,
"narHash": "sha256-lLbV66V3RMNp1l8/UelmR4YzoJ5ONtgvEtiUMJATH/o=",
"ref": "refs/heads/master",
"rev": "783c953987dc56ff0601abe6845ed96f1d00495a",
"revCount": 806,
"type": "git",
"url": "https://git.outfoxxed.me/quickshell/quickshell"
},
"original": {
"rev": "783c953987dc56ff0601abe6845ed96f1d00495a",
"type": "git",
"url": "https://git.outfoxxed.me/quickshell/quickshell"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"agent-lib": "agent-lib", "agents": "agents",
"disko": "disko", "disko": "disko",
"hermes-agent": "hermes-agent", "hermes-agent": "hermes-agent",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"hyprpanel": "hyprpanel",
"llm-agents": "llm-agents", "llm-agents": "llm-agents",
"m3ta-home": "m3ta-home", "m3ta-home": "m3ta-home",
"m3ta-nixpkgs": "m3ta-nixpkgs_2", "m3ta-nixpkgs": "m3ta-nixpkgs_2",
"nix-colors": "nix-colors_2", "nix-colors": "nix-colors_2",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_9", "nixpkgs": "nixpkgs_10",
"nixpkgs-45570c2": "nixpkgs-45570c2", "nixpkgs-45570c2": "nixpkgs-45570c2",
"nixpkgs-9e58ed7": "nixpkgs-9e58ed7", "nixpkgs-9e58ed7": "nixpkgs-9e58ed7",
"nixpkgs-locked": "nixpkgs-locked", "nixpkgs-locked": "nixpkgs-locked",
@@ -1300,13 +1264,18 @@
"nixpkgs-stable": "nixpkgs-stable", "nixpkgs-stable": "nixpkgs-stable",
"nur": "nur_2", "nur": "nur_2",
"rose-pine-hyprcursor": "rose-pine-hyprcursor", "rose-pine-hyprcursor": "rose-pine-hyprcursor",
"rustfs": "rustfs" "rustfs": "rustfs",
"skills-anthropic": "skills-anthropic",
"skills-basecamp": "skills-basecamp",
"skills-kestra": "skills-kestra",
"skills-superpowers": "skills-superpowers",
"skills-vercel": "skills-vercel"
} }
}, },
"rose-pine-hyprcursor": { "rose-pine-hyprcursor": {
"inputs": { "inputs": {
"hyprlang": "hyprlang", "hyprlang": "hyprlang",
"nixpkgs": "nixpkgs_10", "nixpkgs": "nixpkgs_11",
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
@@ -1330,11 +1299,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1780564157, "lastModified": 1777635550,
"narHash": "sha256-FOemUn2RVIeosaYbe5ukB7V6nHVke0n0Kep3DNYdfh4=", "narHash": "sha256-QHknn6JYNb4+8ztMl7Ngk3Px3r2FRUPwbbrswYuHSpA=",
"owner": "rustfs", "owner": "rustfs",
"repo": "rustfs-flake", "repo": "rustfs-flake",
"rev": "253266a4361fe87a6ab57a6c630aeb820925f9b7", "rev": "efaad834053c41ac618804fb4e7612cea455848e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1343,6 +1312,86 @@
"type": "github" "type": "github"
} }
}, },
"skills-anthropic": {
"flake": false,
"locked": {
"lastModified": 1777816720,
"narHash": "sha256-6GyoLtVWna20TrLg7Y2R6wCWD6C4GbDtIB0jbl5VESY=",
"owner": "anthropics",
"repo": "skills",
"rev": "d230a6dd6eb1a0dbee9fec55e2f00a96e28dff81",
"type": "github"
},
"original": {
"owner": "anthropics",
"repo": "skills",
"type": "github"
}
},
"skills-basecamp": {
"flake": false,
"locked": {
"lastModified": 1777902228,
"narHash": "sha256-XDsWpUhFb/gxatRFla07nwoc2y3WwaBLsiDdtCnqx38=",
"owner": "basecamp",
"repo": "basecamp-cli",
"rev": "b56ada1b3d42b42a9422ba39b30a223f9f960231",
"type": "github"
},
"original": {
"owner": "basecamp",
"repo": "basecamp-cli",
"type": "github"
}
},
"skills-kestra": {
"flake": false,
"locked": {
"lastModified": 1773046826,
"narHash": "sha256-w1zFqfCAcu9FsaGf8uAyaaYVbSwwtUzotfDJ1jSt+q0=",
"owner": "kestra-io",
"repo": "agent-skills",
"rev": "b536825bf5b9213d7a7fb5ab7c47823f1044490b",
"type": "github"
},
"original": {
"owner": "kestra-io",
"repo": "agent-skills",
"type": "github"
}
},
"skills-superpowers": {
"flake": false,
"locked": {
"lastModified": 1777932301,
"narHash": "sha256-3E3rO6hR87JUfS3XV1Eaoz6SDWOftleWvN9UPNFEMjw=",
"owner": "obra",
"repo": "superpowers",
"rev": "f2cbfbefebbfef77321e4c9abc9e949826bea9d7",
"type": "github"
},
"original": {
"owner": "obra",
"repo": "superpowers",
"type": "github"
}
},
"skills-vercel": {
"flake": false,
"locked": {
"lastModified": 1777394685,
"narHash": "sha256-YxCMuTl+pVJ7dXhaL7l9vDw9k2orlG31j7/0pgllMJk=",
"owner": "vercel-labs",
"repo": "skills",
"rev": "7c0a9af3f8738965b71341712710ac7371089b34",
"type": "github"
},
"original": {
"owner": "vercel-labs",
"repo": "skills",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
@@ -1389,6 +1438,21 @@
} }
}, },
"systems_4": { "systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": { "locked": {
"lastModified": 1689347949, "lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -1403,7 +1467,7 @@
"type": "github" "type": "github"
} }
}, },
"systems_5": { "systems_6": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -1426,11 +1490,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1780220602, "lastModified": 1775636079,
"narHash": "sha256-eynAfOmbmxJnkp7YewvCEbShNnnYJ9gLLqkzsYtBPeM=", "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "db947814a175b7ca6ded66e21383d938df01c227", "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1441,7 +1505,7 @@
}, },
"utils": { "utils": {
"inputs": { "inputs": {
"systems": "systems_5" "systems": "systems_6"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
flake.nix
+35 -8
View File
@@ -15,7 +15,7 @@
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs-45570c2.url = "github:nixos/nixpkgs/45570c299dc2b63c8c574c4cd77f0b92f7e2766e"; nixpkgs-45570c2.url = "github:nixos/nixpkgs/45570c299dc2b63c8c574c4cd77f0b92f7e2766e";
nixpkgs-locked.url = "github:nixos/nixpkgs/2744d988fa116fc6d46cdfa3d1c936d0abd7d121"; nixpkgs-locked.url = "github:nixos/nixpkgs/2744d988fa116fc6d46cdfa3d1c936d0abd7d121";
@@ -39,21 +39,41 @@
nixos-generators = {url = "github:nix-community/nixos-generators";}; nixos-generators = {url = "github:nix-community/nixos-generators";};
hyprpanel.url = "github:Jas-SinghFSU/HyprPanel";
rose-pine-hyprcursor.url = "github:ndom91/rose-pine-hyprcursor"; rose-pine-hyprcursor.url = "github:ndom91/rose-pine-hyprcursor";
nix-colors.url = "github:misterio77/nix-colors"; nix-colors.url = "github:misterio77/nix-colors";
m3ta-home = { m3ta-home = {
url = "git+ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home"; url = "git+ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home";
# url = "path:/home/m3tam3re/p/NIX/m3ta-home";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
agent-lib = { agents = {
url = "git+ssh://gitea@code.m3ta.dev/m3tam3re/agent-lib"; # url = "path:/home/m3tam3re/p/AI/AGENTS";
inputs.nixpkgs.follows = "nixpkgs"; url = "git+ssh://gitea@code.m3ta.dev/m3tam3re/AGENTS";
}; };
## Skills
hermes-agent.url = "github:NousResearch/hermes-agent/v2026.5.29.2"; skills-basecamp = {
url = "github:basecamp/basecamp-cli";
flake = false;
};
skills-anthropic = {
url = "github:anthropics/skills";
flake = false;
};
skills-kestra = {
url = "github:kestra-io/agent-skills";
flake = false;
};
skills-superpowers = {
url = "github:obra/superpowers";
flake = false;
};
skills-vercel = {
url = "github:vercel-labs/skills";
flake = false;
};
hermes-agent.url = "github:NousResearch/hermes-agent";
rustfs = { rustfs = {
url = "github:rustfs/rustfs-flake"; url = "github:rustfs/rustfs-flake";
@@ -68,6 +88,7 @@
nixpkgs, nixpkgs,
m3ta-nixpkgs, m3ta-nixpkgs,
nur, nur,
agents,
... ...
} @ inputs: let } @ inputs: let
inherit (self) outputs; inherit (self) outputs;
@@ -83,7 +104,7 @@
in { in {
packages = packages =
forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
overlays = removeAttrs allOverlays ["mkLlmAgentsOverlay"]; overlays = builtins.removeAttrs allOverlays ["mkLlmAgentsOverlay"];
lib.mkLlmAgentsOverlay = allOverlays.mkLlmAgentsOverlay; lib.mkLlmAgentsOverlay = allOverlays.mkLlmAgentsOverlay;
homeManagerModules = import ./modules/home-manager; homeManagerModules = import ./modules/home-manager;
@@ -170,6 +191,11 @@
inherit system; inherit system;
config.allowUnfree = true; # Allow unfree packages in devShell config.allowUnfree = true; # Allow unfree packages in devShell
}; };
m3taLib = m3ta-nixpkgs.lib.x86_64-linux;
rules = m3taLib.coding-rules.mkCodingRules {
inherit agents;
languages = ["nix"];
};
in { in {
default = pkgs.mkShell { default = pkgs.mkShell {
buildInputs = with pkgs; [ buildInputs = with pkgs; [
@@ -180,6 +206,7 @@
statix statix
deadnix deadnix
]; ];
inherit (rules) instructions shellHook;
}; };
}); });
}; };
hosts/common/default.nix
+1 -2
View File
@@ -21,8 +21,7 @@
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
extraSpecialArgs = { extraSpecialArgs = {
inputs = inputs // {agents = null;}; inherit inputs outputs system;
inherit outputs system;
videoDrivers = config.services.xserver.videoDrivers or []; videoDrivers = config.services.xserver.videoDrivers or [];
}; };
}; };
hosts/common/ports.nix
-5
View File
@@ -39,11 +39,6 @@
outline = 3019; outline = 3019;
authentik = 3023; authentik = 3023;
tuwunel = 3024; tuwunel = 3024;
honcho = 3025;
# Agent infrastructure
hermes-api = 8642;
hermes-dashboard = 9119;
# Home automation # Home automation
homarr = 7575; homarr = 7575;
hosts/common/users/m3tam3re.nix
+2 -6
View File
@@ -37,7 +37,7 @@
# ── Server hosts ── # ── Server hosts ──
m3-atlas = { m3-atlas = {
context = "server"; context = "server";
sets = []; sets = ["coding"];
}; };
m3-helios = { m3-helios = {
context = "server"; context = "server";
@@ -53,10 +53,7 @@
}; };
}; };
profile = profile = hostProfiles.${hostname} or {
hostProfiles.${
hostname
} or {
context = "server"; context = "server";
sets = []; sets = [];
}; };
@@ -90,7 +87,6 @@
hyprland.enable = true; hyprland.enable = true;
rofi.enable = true; rofi.enable = true;
wayland.enable = true; wayland.enable = true;
dms.enable = true;
}; };
apps = { apps = {
crypto.enable = true; crypto.enable = true;
hosts/m3-ares/services/default.nix
-1
View File
@@ -1,7 +1,6 @@
{pkgs, ...}: { {pkgs, ...}: {
imports = [ imports = [
./containers ./containers
./greetd.nix
./hermes-agent.nix ./hermes-agent.nix
./netbird.nix ./netbird.nix
#./n8n.nix #./n8n.nix
hosts/m3-ares/services/greetd.nix
-38
View File
@@ -1,38 +0,0 @@
# greetd login manager for m3-kratos (replaces broken GDM on nixos-unstable).
# Uses tuigreet as the greeter, launching Hyprland after authentication.
{
pkgs,
config,
lib,
...
}: let
tuigreet = "${lib.getExe pkgs.tuigreet}";
# Use start-hyprland wrapper to avoid Hyprland startup warnings
# withUWSM=true is set in programs.nix; start-hyprland handles this correctly
hyprlandCmd = "${config.programs.hyprland.package}/bin/start-hyprland";
in {
services.greetd = {
enable = true;
settings = {
default_session = {
user = "greeter";
# Minimal config: verified supported flags only
# The --time and --remember are tested; power commands omitted
# to avoid potential quoting/parsing issues
command = builtins.concatStringsSep " " [
tuigreet
"--time"
"--remember"
"--asterisks"
"--cmd ${hyprlandCmd}"
];
};
};
};
# Required for --remember to persist username between logins
systemd.tmpfiles.rules = [
"d /var/cache/tuigreet 0755 greeter greeter - -"
];
}
hosts/m3-ares/services/hermes-agent.nix
+2 -13
View File
@@ -17,20 +17,9 @@ in {
settings = { settings = {
# ── Model ────────────────────────────────────────────────────────── # ── Model ──────────────────────────────────────────────────────────
model = { model = {
default = "gpt-5.5"; default = "glm-5.1";
provider = "openai-codex";
};
fallback_providers = [
{
provider = "zai"; provider = "zai";
model = "glm-5.1"; };
}
{
provider = "minimax";
model = "MiniMax-M2.7";
}
];
credential_pool_strategies = { credential_pool_strategies = {
zai = "fill_first"; zai = "fill_first";
hosts/m3-atlas/secrets.nix
-8
View File
@@ -3,14 +3,6 @@
secrets = { secrets = {
baserow-env = {file = ../../secrets/baserow-env.age;}; baserow-env = {file = ../../secrets/baserow-env.age;};
ghost-env = {file = ../../secrets/ghost-env.age;}; ghost-env = {file = ../../secrets/ghost-env.age;};
honcho-selfhost-db-password = {
file = ../../secrets/honcho-selfhost-db-password.age;
owner = "postgres";
group = "postgres";
mode = "400";
};
honcho-selfhost-env = {file = ../../secrets/honcho-selfhost-env.age;};
honcho-selfhost-jwt-secret = {file = ../../secrets/honcho-selfhost-jwt-secret.age;};
kestra-config = { kestra-config = {
file = ../../secrets/kestra-config.age; file = ../../secrets/kestra-config.age;
mode = "644"; mode = "644";
hosts/m3-atlas/services/containers/default.nix
-1
View File
@@ -2,7 +2,6 @@
imports = [ imports = [
./baserow.nix ./baserow.nix
./ghost.nix ./ghost.nix
./honcho.nix
./kestra.nix ./kestra.nix
./littlelink.nix ./littlelink.nix
./matomo.nix ./matomo.nix
hosts/m3-atlas/services/containers/honcho.nix
-209
View File
@@ -1,209 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
serviceName = "honcho";
image = "ghcr.io/plastic-labs/honcho:v3.0.6";
apiIp = "10.89.0.24";
deriverIp = "10.89.0.25";
redisIp = "10.89.0.26";
postgresHost = "10.89.0.1";
postgresPort = config.m3ta.ports.get "postgres";
honchoPort = config.m3ta.ports.get "honcho";
# m3-atlas Netbird mesh address, discovered from `netbird status -d`.
# Binding the host port here keeps self-hosted Honcho off public interfaces.
netbirdBindAddress = "100.81.142.56";
netbirdRange = "100.64.0.0/16";
dbName = "honcho";
dbUser = "honcho";
redisName = "${serviceName}-redis";
runtimeDirectory = "/run/${serviceName}";
runtimeEnvFile = "${runtimeDirectory}/env";
# Keep auth disabled for the first deployment because Honcho clients need
# generated JWTs. The JWT secret is still provisioned so enabling auth later is
# a one-line change here plus client token generation.
authUseAuth = false;
sharedEnvironment = {
CACHE_ENABLED = "true";
CACHE_URL = "redis://${redisName}:6379/0?suppress=true";
LOG_LEVEL = "INFO";
TELEMETRY_ENABLED = "false";
VECTOR_STORE_MIGRATED = "false";
VECTOR_STORE_TYPE = "pgvector";
AUTH_USE_AUTH = lib.boolToString authUseAuth;
};
sharedEnvironmentFiles = [
runtimeEnvFile
config.age.secrets."${serviceName}-selfhost-env".path
];
webNetwork = ip: [
"--add-host=postgres:${postgresHost}"
"--network=web:ip=${ip}"
];
# The shared web network is intentionally internal. API and deriver also join
# this egress-only network so LLM provider calls can leave the host without
# exposing any extra inbound ports.
networksWithEgress = ip:
(webNetwork ip)
++ [
"--network=${serviceName}-egress"
];
apiHealthCmd = ''/app/.venv/bin/python -c "import urllib.request; urllib.request.urlopen('http://localhost:8000/health', timeout=2).read()"'';
in {
system.activationScripts.createPodmanNetworkHonchoEgress = lib.mkAfter ''
if ! /run/current-system/sw/bin/podman network exists ${serviceName}-egress; then
/run/current-system/sw/bin/podman network create ${serviceName}-egress
fi
'';
virtualisation.oci-containers.containers = {
"${serviceName}-redis" = {
image = "docker.io/redis:8.2";
autoStart = true;
volumes = ["${serviceName}_redis_data:/data"];
extraOptions =
(webNetwork redisIp)
++ [
"--health-cmd=redis-cli ping"
"--health-interval=5s"
"--health-timeout=5s"
"--health-retries=5"
];
};
"${serviceName}-api" = {
inherit image;
autoStart = true;
entrypoint = "sh";
cmd = ["docker/entrypoint.sh"];
environment = sharedEnvironment;
environmentFiles = sharedEnvironmentFiles;
ports = ["${netbirdBindAddress}:${toString honchoPort}:8000"];
dependsOn = [redisName];
extraOptions =
(networksWithEgress apiIp)
++ [
"--health-cmd=${apiHealthCmd}"
"--health-interval=5s"
"--health-timeout=5s"
"--health-retries=5"
"--health-start-period=10s"
];
};
"${serviceName}-deriver" = {
inherit image;
autoStart = true;
entrypoint = "/app/.venv/bin/python";
cmd = ["-m" "src.deriver"];
environment = sharedEnvironment;
environmentFiles = sharedEnvironmentFiles;
dependsOn = ["${serviceName}-api" redisName];
extraOptions = networksWithEgress deriverIp;
};
};
systemd.services = {
"${serviceName}-postgres-bootstrap" = {
description = "Bootstrap Honcho PostgreSQL role, database, password, and pgvector";
after = ["postgresql.service" "agenix.service"];
requires = ["postgresql.service" "agenix.service"];
before = ["${serviceName}-env.service" "podman-${serviceName}-api.service" "podman-${serviceName}-deriver.service"];
requiredBy = ["podman-${serviceName}-api.service" "podman-${serviceName}-deriver.service"];
path = [
config.services.postgresql.package
pkgs.coreutils
];
serviceConfig = {
Type = "oneshot";
User = "postgres";
Group = "postgres";
};
script = ''
set -euo pipefail
test -s ${config.age.secrets."${serviceName}-selfhost-db-password".path}
psql -v ON_ERROR_STOP=1 --dbname=postgres <<'SQL'
DO $$
BEGIN
CREATE ROLE ${dbUser} LOGIN;
EXCEPTION WHEN duplicate_object THEN
NULL;
END
$$;
SELECT 'CREATE DATABASE ${dbName} OWNER ${dbUser}'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${dbName}')\gexec
ALTER DATABASE ${dbName} OWNER TO ${dbUser};
\set honcho_password `cat ${config.age.secrets."${serviceName}-selfhost-db-password".path}`
ALTER ROLE ${dbUser} WITH LOGIN PASSWORD :'honcho_password';
SQL
psql -v ON_ERROR_STOP=1 --dbname=${dbName} <<'SQL'
CREATE EXTENSION IF NOT EXISTS vector;
GRANT ALL PRIVILEGES ON DATABASE ${dbName} TO ${dbUser};
SQL
'';
};
"${serviceName}-env" = {
description = "Generate Honcho runtime environment file with agenix secrets";
after = ["agenix.service" "${serviceName}-postgres-bootstrap.service"];
requires = ["agenix.service" "${serviceName}-postgres-bootstrap.service"];
before = ["podman-${serviceName}-api.service" "podman-${serviceName}-deriver.service"];
requiredBy = ["podman-${serviceName}-api.service" "podman-${serviceName}-deriver.service"];
path = [
pkgs.coreutils
pkgs.python3
];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
set -euo pipefail
install -d -m 0750 ${runtimeDirectory}
db_password_encoded=$(
python3 -c 'import sys, urllib.parse; print(urllib.parse.quote(sys.stdin.read().strip(), safe=""))' \
< ${config.age.secrets."${serviceName}-selfhost-db-password".path}
)
jwt_secret=$(tr -d '\r\n' < ${config.age.secrets."${serviceName}-selfhost-jwt-secret".path})
umask 077
cat > ${runtimeEnvFile} <<ENV
DB_CONNECTION_URI=postgresql+psycopg://${dbUser}:$db_password_encoded@postgres:${toString postgresPort}/${dbName}
AUTH_JWT_SECRET=$jwt_secret
ENV
'';
};
"podman-${serviceName}-api" = {
after = ["${serviceName}-env.service" "${serviceName}-postgres-bootstrap.service"];
requires = ["${serviceName}-env.service" "${serviceName}-postgres-bootstrap.service"];
};
"podman-${serviceName}-deriver" = {
after = ["${serviceName}-env.service" "${serviceName}-postgres-bootstrap.service"];
requires = ["${serviceName}-env.service" "${serviceName}-postgres-bootstrap.service"];
};
};
networking.firewall.extraCommands = ''
# Self-hosted Honcho API: only Netbird mesh peers may reach ${netbirdBindAddress}:${toString honchoPort}.
ip46tables -A nixos-fw -p tcp --dport ${toString honchoPort} -s ${netbirdRange} -j nixos-fw-accept
'';
}
hosts/m3-atlas/services/hermes-agent.nix
+191
View File
@@ -0,0 +1,191 @@
{config, ...}: let
# Default ElevenLabs voice: Bella (German-capable female)
elevenlabsVoiceId = "hpp4J3VqNfWAUOO0d1Us";
in {
services.hermes-agent = {
enable = true;
addToSystemPackages = true;
# Secrets via agenix
environmentFiles = [config.age.secrets."hermes-env".path];
# Non-secret environment variables
environment = {
#
};
# ── Container mode (podman) ──────────────────────────────────────────
container = {
enable = true;
backend = "podman";
};
settings = {
# ── Model ──────────────────────────────────────────────────────────
model = {
default = "glm-5.1";
provider = "zai";
base_url = "https://api.z.ai/api/coding/paas/v4/";
};
credential_pool_strategies = {
zai = "fill_first";
};
toolsets = ["all"];
# ── Agent ──────────────────────────────────────────────────────────
agent = {
max_turns = 90;
gateway_timeout = 1800;
tool_use_enforcement = "auto";
};
# ── Terminal ───────────────────────────────────────────────────────
terminal = {
backend = "local";
modal_mode = "auto";
cwd = ".";
timeout = 180;
persistent_shell = true;
};
# ── Browser ────────────────────────────────────────────────────────
browser = {
inactivity_timeout = 120;
command_timeout = 30;
cloud_provider = "local";
};
# ── Checkpoints / Compression ──────────────────────────────────────
checkpoints = {
enabled = true;
max_snapshots = 50;
};
file_read_max_chars = 100000;
compression = {
enabled = true;
threshold = 0.5;
target_ratio = 0.2;
protect_last_n = 20;
};
# ── Display ────────────────────────────────────────────────────────
display = {
compact = false;
personality = "kawaii";
resume_display = "full";
busy_input_mode = "interrupt";
inline_diffs = true;
skin = "default";
tool_progress = "all";
};
# ── TTS / STT / Voice ──────────────────────────────────────────────
tts = {
provider = "elevenlabs";
elevenlabs = {
voice_id = elevenlabsVoiceId;
model_id = "eleven_multilingual_v2";
};
};
stt = {
enabled = true;
provider = "local";
local = {model = "base";};
};
voice = {
record_key = "ctrl+b";
max_recording_seconds = 120;
silence_threshold = 200;
silence_duration = 3.0;
};
# ── Memory ─────────────────────────────────────────────────────────
memory = {
memory_enabled = true;
user_profile_enabled = true;
memory_char_limit = 2200;
user_char_limit = 1375;
};
# ── Delegation ─────────────────────────────────────────────────────
delegation = {
max_iterations = 50;
};
# ── Discord ────────────────────────────────────────────────────────
discord = {
require_mention = true;
auto_thread = true;
reactions = true;
};
# ── Approvals / Security ───────────────────────────────────────────
approvals = {
mode = "manual";
timeout = 60;
};
security = {
redact_secrets = true;
tirith_enabled = true;
tirith_fail_open = true;
};
# ── Cron / Session ─────────────────────────────────────────────────
cron = {wrap_response = true;};
session_reset = {
mode = "both";
idle_minutes = 1440;
at_hour = 4;
};
# ── Web ────────────────────────────────────────────────────────────
web = {backend = "exa";};
# ── Platform Toolsets ──────────────────────────────────────────────
platform_toolsets = {
cli = [
"browser"
"clarify"
"code_execution"
"cronjob"
"delegation"
"file"
"image_gen"
"memory"
"session_search"
"skills"
"terminal"
"todo"
"tts"
"vision"
"web"
];
telegram = [
"browser"
"clarify"
"code_execution"
"cronjob"
"delegation"
"file"
"image_gen"
"memory"
"session_search"
"skills"
"terminal"
"todo"
"tts"
"vision"
"web"
];
};
};
};
}
hosts/m3-atlas/services/postgres.nix
+1 -2
View File
@@ -28,7 +28,6 @@
host kestra kestra 10.89.0.0/24 scram-sha-256 host kestra kestra 10.89.0.0/24 scram-sha-256
host netbird netbird 10.89.0.0/24 scram-sha-256 host netbird netbird 10.89.0.0/24 scram-sha-256
host authentik authentik 10.89.0.0/24 scram-sha-256 host authentik authentik 10.89.0.0/24 scram-sha-256
host honcho honcho 10.89.0.0/24 scram-sha-256
# Deny all other connections # Deny all other connections
local all all reject local all all reject
@@ -39,7 +38,7 @@
services.postgresqlBackup = { services.postgresqlBackup = {
enable = true; enable = true;
startAt = "03:10:00"; startAt = "03:10:00";
databases = ["baserow" "paperless" "kestra" "authentik" "netbird" "honcho"]; databases = ["baserow" "paperless" "kestra" "authentik" "netbird"];
}; };
networking.firewall = { networking.firewall = {
extraCommands = '' extraCommands = ''
hosts/m3-atlas/services/traefik.nix
-15
View File
@@ -43,12 +43,6 @@
dynamicConfigOptions = { dynamicConfigOptions = {
http = { http = {
services = { services = {
# ── Hermes Dashboard (m3-hermes over Netbird) ────────────────
hermes-dashboard = {
loadBalancer.servers = [
{url = "http://100.81.231.152:9119";}
];
};
dummy = { dummy = {
loadBalancer.servers = [ loadBalancer.servers = [
{url = "http://192.168.0.1";} # Diese URL wird nie verwendet {url = "http://192.168.0.1";} # Diese URL wird nie verwendet
@@ -85,15 +79,6 @@
}; };
routers = { routers = {
# ── Hermes Dashboard — Netbird mesh only ─────────────────────
hermes-dashboard = {
rule = "Host(`dash.m3ta.dev`)";
service = "hermes-dashboard";
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
api = { api = {
rule = "Host(`r.m3tam3re.com`)"; rule = "Host(`r.m3tam3re.com`)";
service = "api@internal"; service = "api@internal";
hosts/m3-hermes/secrets.nix
-3
View File
@@ -7,9 +7,6 @@
hermes-cloud-env = { hermes-cloud-env = {
file = ../../secrets/hermes-cloud-env.age; file = ../../secrets/hermes-cloud-env.age;
}; };
hermes-api-server-key = {
file = ../../secrets/hermes-api-server-key.age;
};
}; };
}; };
} }
hosts/m3-hermes/services/default.nix
-2
View File
@@ -1,7 +1,5 @@
{ {
imports = [ imports = [
./hermes-agent.nix ./hermes-agent.nix
./hermes-dashboard.nix
./netbird.nix
]; ];
} }
hosts/m3-hermes/services/hermes-agent.nix
+48 -104
View File
@@ -1,6 +1,5 @@
{ {
config, config,
lib,
pkgs, pkgs,
inputs, inputs,
... ...
@@ -8,51 +7,39 @@
# Edge TTS: Seraphina — friendly, multilingual German female voice (free, no API key) # Edge TTS: Seraphina — friendly, multilingual German female voice (free, no API key)
edgeVoice = "de-DE-SeraphinaMultilingualNeural"; edgeVoice = "de-DE-SeraphinaMultilingualNeural";
agentLock = builtins.fromJSON (builtins.readFile ../../../agent-sources.lock.json); # Extra Python packages from the container's writable venv layer.
# matrix-nio is installed via pip in /home/hermes/.venv but the hermes
# process uses the read-only Nix store Python, so we inject the venv's
# site-packages via PYTHONPATH and provide libstdc++ for libolm (e2e).
venvSitePackages = "/home/hermes/.venv/lib/python3.11/site-packages";
gccLibPath = "${pkgs.stdenv.cc.cc.lib}/lib";
agentSkillSelections = { # Build skills using agents flake lib for hermes user
m3ta-agents.exclude = []; hermesSkills = inputs.agents.lib.mkOpencodeSkills {
anthropic.exclude = ["pdf" "skill-creator" "xlsx"]; inherit pkgs;
basecamp.exclude = []; customSkills = "${inputs.agents}/skills";
kestra.exclude = []; externalSkills = [
mattpocock.exclude = ["grill-me" "caveman"]; {
superpowers.exclude = ["brainstorming" "systematic-debugging"]; src = inputs.skills-basecamp;
vercel.exclude = []; skillsDir = "skills";
}
{
src = inputs.skills-anthropic;
skillsDir = "skills";
}
{
src = inputs.skills-kestra;
skillsDir = "skills";
}
];
}; };
sourceRoot = source:
builtins.fetchGit {
inherit (source) url rev;
};
selectedSkillNames = sourceName: let
source = agentLock.sources.${sourceName};
excluded = agentSkillSelections.${sourceName}.exclude;
in
lib.subtractLists excluded (builtins.attrNames source.items.skills);
copySkill = sourceName: skillName: let
source = agentLock.sources.${sourceName};
item = source.items.skills.${skillName};
in ''
cp -R ${sourceRoot source}/${source.root}/${item.path} $out/${skillName}
'';
copySourceSkills = sourceName:
lib.concatMapStringsSep "\n" (copySkill sourceName) (selectedSkillNames sourceName);
# Build skills from the agent-lib lockfile instead of the legacy AGENTS flake.
hermesSkills = pkgs.runCommand "hermes-agent-lib-skills" {} ''
mkdir -p $out
${lib.concatMapStringsSep "\n" copySourceSkills (builtins.attrNames agentSkillSelections)}
'';
in { in {
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /var/lib/hermes/.config 0755 hermes hermes -" "d /home/hermes/.config 0755 hermes hermes -"
"d /var/lib/hermes/.config/tea 0755 hermes hermes -" "d /home/hermes/.config/tea 0755 hermes hermes -"
"L+ /var/lib/hermes/.config/tea/yml - - - - ${pkgs.writeText "tea-yml" '' "L+ /home/hermes/.config/tea/yml - - - - ${pkgs.writeText "tea-yml" ''
logins: logins:
- name: m3ta - name: m3ta
url: https://code.m3ta.dev url: https://code.m3ta.dev
@@ -61,6 +48,13 @@ in {
user: m3ta-chiron user: m3ta-chiron
default: true default: true
''}" ''}"
"f /home/hermes/.gitconfig 0644 hermes hermes - ${pkgs.writeText "gitconfig" ''
[user]
name = m3ta-chiron
email = m3ta-chiron@agentmail.to
[init]
defaultBranch = main
''}"
]; ];
systemd.services.copy-hermes-skills = { systemd.services.copy-hermes-skills = {
@@ -76,59 +70,29 @@ in {
''; '';
}; };
# Ensure 'uv' is in the hermes-agent service PATH so CronJobs and terminal
# sessions can use 'uv run' for PEP 723 scripts (e.g. garmin-daily.py).
systemd.services.hermes-agent.path = [pkgs.uv];
services.hermes-agent = { services.hermes-agent = {
enable = true; enable = true;
addToSystemPackages = true; addToSystemPackages = true;
# v0.14 lazy-installs heavy optional backends by default. In the sealed
# Nix package, include the backends this host config actively uses so the
# gateway, Matrix bridge, memory, web search, TTS, and local STT work
# without runtime pip/uv mutation.
extraDependencyGroups = [
"matrix"
"honcho"
"exa"
"edge-tts"
"voice"
];
extraPackages = with pkgs; [ extraPackages = with pkgs; [docker git tea nix];
docker
git
curl
jq
tea
nix
python3Minimal
uv
zellij
];
# Secrets via agenix # Secrets via agenix
environmentFiles = [ environmentFiles = [
config.age.secrets."hermes-env".path config.age.secrets."hermes-env".path
config.age.secrets."hermes-cloud-env".path config.age.secrets."hermes-cloud-env".path
config.age.secrets."hermes-api-server-key".path
]; ];
# Non-secret environment variables # Non-secret environment variables
# Git identity is set entirely via env vars (GIT_AUTHOR_*, GIT_COMMITTER_*,
# GIT_INIT_DEFAULT_BRANCH) — no .gitconfig file needed. Env vars take
# precedence over any gitconfig, and the hermes gateway injects them into
# all terminal sessions via .env.
environment = { environment = {
GLM_BASE_URL = "https://api.z.ai/api/coding/paas/v4/"; GLM_BASE_URL = "https://api.z.ai/api/coding/paas/v4/";
GIT_AUTHOR_NAME = "m3ta-chiron"; GIT_AUTHOR_NAME = "m3ta-chiron";
GIT_AUTHOR_EMAIL = "m3ta-chiron@agentmail.to"; GIT_AUTHOR_EMAIL = "m3ta-chiron@agentmail.to";
GIT_COMMITTER_NAME = "m3ta-chiron"; GIT_COMMITTER_NAME = "m3ta-chiron";
GIT_COMMITTER_EMAIL = "m3ta-chiron@agentmail.to"; GIT_COMMITTER_EMAIL = "m3ta-chiron@agentmail.to";
GIT_INIT_DEFAULT_BRANCH = "master";
# ── API Server (OpenAI-compatible, for Hermes Desktop App) ─────────
# Accessible via Netbird mesh VPN — not exposed to the public internet.
# Bind to 0.0.0.0 so the Netbird interface can reach it.
API_SERVER_ENABLED = "true";
API_SERVER_HOST = "0.0.0.0";
API_SERVER_PORT = toString (config.m3ta.ports.get "hermes-api");
}; };
# ── Container mode (podman) ────────────────────────────────────────── # ── Container mode (podman) ──────────────────────────────────────────
@@ -136,26 +100,20 @@ in {
enable = false; enable = false;
backend = "podman"; backend = "podman";
extraVolumes = ["/home/m3tam3re/p:/projects:rw"]; extraVolumes = ["/home/m3tam3re/p:/projects:rw"];
extraOptions = []; extraOptions = [
"--env"
"PYTHONPATH=${venvSitePackages}"
"--env"
"LD_LIBRARY_PATH=${gccLibPath}"
];
}; };
settings = { settings = {
# ── Model ────────────────────────────────────────────────────────── # ── Model ──────────────────────────────────────────────────────────
model = { model = {
default = "gpt-5.5"; default = "glm-5.1";
provider = "openai-codex";
};
fallback_providers = [
{
provider = "zai"; provider = "zai";
model = "glm-5.1"; };
}
{
provider = "minimax";
model = "MiniMax-M2.7";
}
];
credential_pool_strategies = { credential_pool_strategies = {
zai = "fill_first"; zai = "fill_first";
@@ -168,7 +126,6 @@ in {
max_turns = 90; max_turns = 90;
gateway_timeout = 1800; gateway_timeout = 1800;
tool_use_enforcement = "auto"; tool_use_enforcement = "auto";
reasoning_effort = "high";
}; };
# ── Skills ───────────────────────────────────────────────────────── # ── Skills ─────────────────────────────────────────────────────────
@@ -195,8 +152,7 @@ in {
cloud_provider = "local"; cloud_provider = "local";
}; };
# ── Checkpoints v2 ───────────────────────────────────────────────── # ── Checkpoints / Compression ──────────────────────────────────────
# v0.13.0: Single-store rewrite with real pruning + disk guardrails.
checkpoints = { checkpoints = {
enabled = true; enabled = true;
max_snapshots = 50; max_snapshots = 50;
@@ -259,24 +215,12 @@ in {
max_spawn_depth = 2; max_spawn_depth = 2;
}; };
# ── Kanban (v0.13.0 — Multi-Agent Board) ──────────────────────────
# Durable task board with embedded dispatcher in gateway process.
# Workers are full OS processes with identity, heartbeat, reclaim,
# zombie detection, and hallucination gate.
kanban = {
dispatch_in_gateway = true;
dispatch_interval_seconds = 60;
};
# ── Matrix ──────────────────────────────────────────────────────── # ── Matrix ────────────────────────────────────────────────────────
matrix = { matrix = {
homeserver = "https://matrix.m3ta.dev"; homeserver = "https://matrix.m3ta.dev";
user_id = "@chiron:m3ta.dev"; user_id = "@chiron:m3ta.dev";
allowed_users = ["@m3tam3re:m3ta.dev"]; allowed_users = ["@m3tam3re:m3ta.dev"];
encryption = true; encryption = true;
group_sessions_per_user = true;
auto_thread = true;
dm_mention_threads = true;
}; };
# ── Approvals / Security ─────────────────────────────────────────── # ── Approvals / Security ───────────────────────────────────────────
hosts/m3-hermes/services/hermes-dashboard.nix
-69
View File
@@ -1,69 +0,0 @@
{
config,
pkgs,
inputs,
...
}: let
# Netbird mesh VPN range — dashboard only accessible from mesh peers.
# m3-atlas Traefik proxies to this port over Netbird.
netbirdRange = "100.64.0.0/16";
apiPort = config.m3ta.ports.get "hermes-api";
dashboardPort = config.m3ta.ports.get "hermes-dashboard";
# Reference the hermes-agent package from the running service config
hermesPkg = config.services.hermes-agent.package or (inputs.hermes-agent.packages.${pkgs.stdenv.hostPlatform.system}.default or pkgs.hermes-agent);
in {
# ── Hermes Dashboard systemd service ───────────────────────────────────
# Web UI for managing Hermes Agent — sessions, config, kanban, cron, etc.
#
# Flow: Browser → dash.m3ta.dev (TLS via m3-atlas Traefik) → Netbird → :${toString dashboardPort}
#
# --insecure is required to bind 0.0.0.0 (hermes refuses non-localhost otherwise).
# Safe because firewall restricts the dashboard/API ports to Netbird mesh only.
systemd.services.hermes-dashboard = {
description = "Hermes Agent Web Dashboard";
after = ["network.target" "hermes-agent.service"];
wants = ["hermes-agent.service"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "simple";
User = "hermes";
Group = "hermes";
ExecStart = "${hermesPkg}/bin/hermes dashboard --host 0.0.0.0 --port ${toString dashboardPort} --no-open --insecure";
# Environment matching the hermes-agent service
Environment = [
"HERMES_HOME=/var/lib/hermes/.hermes"
"HERMES_MANAGED=true"
"HOME=/var/lib/hermes"
];
# Security hardening (matching hermes-agent service pattern)
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = "read-only";
ReadWritePaths = ["/var/lib/hermes" "/tmp"];
PrivateTmp = true;
# Restart policy
Restart = "on-failure";
RestartSec = 5;
};
};
# ── Firewall: Hermes network endpoints only from Netbird mesh ──────────
networking.firewall = {
extraCommands = ''
# Allow Hermes Dashboard and OpenAI-compatible API only from Netbird mesh VPN
ip46tables -A nixos-fw -p tcp --dport ${toString dashboardPort} -s ${netbirdRange} -j nixos-fw-accept
ip46tables -A nixos-fw -p tcp --dport ${toString apiPort} -s ${netbirdRange} -j nixos-fw-accept
'';
extraStopCommands = ''
ip46tables -D nixos-fw -p tcp --dport ${toString dashboardPort} -s ${netbirdRange} -j nixos-fw-accept 2>/dev/null || true
ip46tables -D nixos-fw -p tcp --dport ${toString apiPort} -s ${netbirdRange} -j nixos-fw-accept 2>/dev/null || true
'';
};
}
hosts/m3-hermes/services/netbird.nix
-29
View File
@@ -1,29 +0,0 @@
{pkgs, ...}: {
services.netbird.enable = true;
systemd.services.netbird = {
environment = {
NB_DISABLE_SSH_CONFIG = "true";
NB_USE_LEGACY_ROUTING = "true";
};
path = [
pkgs.shadow
pkgs.util-linux
];
};
programs.ssh.extraConfig = ''
Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p"
PreferredAuthentications password,publickey,keyboard-interactive
PasswordAuthentication yes
PubkeyAuthentication yes
BatchMode no
ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
CheckHostIP no
LogLevel ERROR
'';
networking.firewall.checkReversePath = "loose";
}
hosts/m3-kratos/configuration.nix
+2 -3
View File
@@ -10,12 +10,11 @@
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.supportedFilesystems = ["zfs"]; boot.supportedFilesystems = ["zfs"];
boot.zfs.package = pkgs.zfs_unstable; boot.zfs.package = pkgs.zfs_unstable;
boot.zfs.forceImportAll = false; boot.zfs.forceImportAll = true;
boot.zfs.forceImportRoot = false;
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.kernelModules = ["amdgpu"]; boot.initrd.kernelModules = ["amdgpu"];
boot.kernelPackages = pkgs.linuxPackages_7_0; boot.kernelPackages = pkgs.linuxPackages_6_18;
services.xserver.videoDrivers = ["amdgpu"]; services.xserver.videoDrivers = ["amdgpu"];
security.polkit.enable = true; security.polkit.enable = true;
security.pam.services.gdm.enableGnomeKeyring = true; security.pam.services.gdm.enableGnomeKeyring = true;
hosts/m3-kratos/default.nix
-1
View File
@@ -48,7 +48,6 @@
podman.enable = true; podman.enable = true;
virtualisation.enable = true; virtualisation.enable = true;
}; };
services.power-profiles-daemon.enable = true;
services.ollama = { services.ollama = {
environmentVariables = { environmentVariables = {
# HCC_AMDGPU_TARGET = "gfx1103"; # HCC_AMDGPU_TARGET = "gfx1103";
hosts/m3-kratos/home.nix
+1 -4
View File
@@ -4,14 +4,10 @@
# m3ta-home via the profile mapping in hosts/common/users/m3tam3re.nix. # m3ta-home via the profile mapping in hosts/common/users/m3tam3re.nix.
{ {
config, config,
inputs,
lib, lib,
... ...
}: }:
with lib; { with lib; {
imports = [
];
config = mkMerge [ config = mkMerge [
# ── XDG / MIME defaults ── # ── XDG / MIME defaults ──
{ {
@@ -60,6 +56,7 @@ with lib; {
]; ];
windowrule = [ windowrule = [
"match:class dev.zed.Zed, workspace 1" "match:class dev.zed.Zed, workspace 1"
"match:class Msty, workspace 1"
"match:class ^(com.obsproject.Studio)$, workspace 2" "match:class ^(com.obsproject.Studio)$, workspace 2"
"match:class ^(brave-browser)$, workspace 4, opacity 1.0" "match:class ^(brave-browser)$, workspace 4, opacity 1.0"
"match:class ^(vivaldi-stable)$, workspace 4, opacity 1.0" "match:class ^(vivaldi-stable)$, workspace 4, opacity 1.0"
hosts/m3-kratos/services/default.nix
+2 -2
View File
@@ -1,7 +1,7 @@
{pkgs, ...}: { {pkgs, ...}: {
imports = [ imports = [
./containers ./containers
./greetd.nix ./hermes-agent.nix
./mem0.nix ./mem0.nix
# ./n8n.nix # ./n8n.nix
./netbird.nix ./netbird.nix
@@ -30,6 +30,6 @@
userServices = true; userServices = true;
}; };
}; };
# displayManager.gdm.enable = true; displayManager.gdm.enable = true;
}; };
} }
hosts/m3-kratos/services/greetd.nix
-38
View File
@@ -1,38 +0,0 @@
# greetd login manager for m3-kratos (replaces broken GDM on nixos-unstable).
# Uses tuigreet as the greeter, launching Hyprland after authentication.
{
pkgs,
config,
lib,
...
}: let
tuigreet = "${lib.getExe pkgs.tuigreet}";
# Use start-hyprland wrapper to avoid Hyprland startup warnings
# withUWSM=true is set in programs.nix; start-hyprland handles this correctly
hyprlandCmd = "${config.programs.hyprland.package}/bin/start-hyprland";
in {
services.greetd = {
enable = true;
settings = {
default_session = {
user = "greeter";
# Minimal config: verified supported flags only
# The --time and --remember are tested; power commands omitted
# to avoid potential quoting/parsing issues
command = builtins.concatStringsSep " " [
tuigreet
"--time"
"--remember"
"--asterisks"
"--cmd ${hyprlandCmd}"
];
};
};
};
# Required for --remember to persist username between logins
systemd.tmpfiles.rules = [
"d /var/cache/tuigreet 0755 greeter greeter - -"
];
}
hosts/m3-kratos/services/hermes-agent.nix
+184
View File
@@ -0,0 +1,184 @@
{config, ...}: let
# Default ElevenLabs voice: Bella (German-capable female)
elevenlabsVoiceId = "hpp4J3VqNfWAUOO0d1Us";
in {
services.hermes-agent = {
enable = true;
addToSystemPackages = true;
# Secrets via agenix
environmentFiles = [config.age.secrets."hermes-env".path];
# Non-secret environment variables
environment = {
GLM_BASE_URL = "https://api.z.ai/api/coding/paas/v4/";
};
settings = {
# ── Model ──────────────────────────────────────────────────────────
model = {
default = "glm-5.1";
provider = "zai";
};
credential_pool_strategies = {
zai = "fill_first";
};
toolsets = ["all"];
# ── Agent ──────────────────────────────────────────────────────────
agent = {
max_turns = 90;
gateway_timeout = 1800;
tool_use_enforcement = "auto";
};
# ── Terminal ───────────────────────────────────────────────────────
terminal = {
backend = "ssh";
modal_mode = "auto";
cwd = ".";
timeout = 180;
persistent_shell = true;
};
# ── Browser ────────────────────────────────────────────────────────
browser = {
inactivity_timeout = 120;
command_timeout = 30;
cloud_provider = "local";
};
# ── Checkpoints / Compression ──────────────────────────────────────
checkpoints = {
enabled = true;
max_snapshots = 50;
};
file_read_max_chars = 100000;
compression = {
enabled = true;
threshold = 0.5;
target_ratio = 0.2;
protect_last_n = 20;
};
# ── Display ────────────────────────────────────────────────────────
display = {
compact = false;
personality = "kawaii";
resume_display = "full";
busy_input_mode = "interrupt";
inline_diffs = true;
skin = "default";
tool_progress = "all";
};
# ── TTS / STT / Voice ──────────────────────────────────────────────
tts = {
provider = "elevenlabs";
elevenlabs = {
voice_id = elevenlabsVoiceId;
model_id = "eleven_multilingual_v2";
};
};
stt = {
enabled = true;
provider = "local";
local = {model = "base";};
};
voice = {
record_key = "ctrl+b";
max_recording_seconds = 120;
silence_threshold = 200;
silence_duration = 3.0;
};
# ── Memory ─────────────────────────────────────────────────────────
memory = {
memory_enabled = true;
user_profile_enabled = true;
memory_char_limit = 2200;
user_char_limit = 1375;
};
# ── Delegation ─────────────────────────────────────────────────────
delegation = {
max_iterations = 50;
};
# ── Discord ────────────────────────────────────────────────────────
discord = {
require_mention = true;
auto_thread = true;
reactions = true;
};
# ── Approvals / Security ───────────────────────────────────────────
approvals = {
mode = "manual";
timeout = 60;
};
security = {
redact_secrets = true;
tirith_enabled = true;
tirith_fail_open = true;
};
# ── Cron / Session ─────────────────────────────────────────────────
cron = {wrap_response = true;};
session_reset = {
mode = "both";
idle_minutes = 1440;
at_hour = 4;
};
# ── Web ────────────────────────────────────────────────────────────
web = {backend = "exa";};
# ── Platform Toolsets ──────────────────────────────────────────────
platform_toolsets = {
cli = [
"browser"
"clarify"
"code_execution"
"cronjob"
"delegation"
"file"
"image_gen"
"memory"
"session_search"
"skills"
"terminal"
"todo"
"tts"
"vision"
"web"
];
telegram = [
"browser"
"clarify"
"code_execution"
"cronjob"
"delegation"
"file"
"image_gen"
"memory"
"session_search"
"skills"
"terminal"
"todo"
"tts"
"vision"
"web"
];
};
};
};
}
issues.jsonl
+1 -1
View File
@@ -1,3 +1,3 @@
{"id":"home-profile-restructuring-edz","title":"Create copy-hermes-skills systemd service","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:44:42Z","started_at":"2026-04-26T12:36:30Z","closed_at":"2026-04-26T12:44:42Z","close_reason":"Created systemd service in hosts/m3-hermes/services/hermes-agent.nix - copies skills to /var/lib/hermes/.agents/skills before hermes-agent starts","labels":["hermes-agent","nixos"],"dependencies":[{"issue_id":"home-profile-restructuring-edz","depends_on_id":"home-profile-restructuring-ycz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":1,"comment_count":0} {"id":"home-profile-restructuring-edz","title":"Create copy-hermes-skills systemd service","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:44:42Z","started_at":"2026-04-26T12:36:30Z","closed_at":"2026-04-26T12:44:42Z","close_reason":"Created systemd service in hosts/m3-hermes/services/hermes-agent.nix - copies skills to /var/lib/hermes/.agents/skills before hermes-agent starts","labels":["hermes-agent","nixos"],"dependencies":[{"issue_id":"home-profile-restructuring-edz","depends_on_id":"home-profile-restructuring-ycz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":1,"comment_count":0}
{"id":"home-profile-restructuring-ycz","title":"Build hermes-agent skills using mkSkills","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":2,"created_at":"2026-04-26T12:30:09Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:35:15Z","started_at":"2026-04-26T12:31:35Z","closed_at":"2026-04-26T12:35:15Z","close_reason":"Added inputs to module signature and defined hermesSkills via inputs.agents.lib.mkSkills with basecamp, anthropic, and kestra external skills. Verified with nixos-rebuild dry-run --flake .#m3-hermes (no errors).","labels":["hermes-agent","nixos"],"dependency_count":0,"dependent_count":1,"comment_count":0} {"id":"home-profile-restructuring-ycz","title":"Build hermes-agent skills using mkOpencodeSkills","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":2,"created_at":"2026-04-26T12:30:09Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:35:15Z","started_at":"2026-04-26T12:31:35Z","closed_at":"2026-04-26T12:35:15Z","close_reason":"Added inputs to module signature and defined hermesSkills via inputs.agents.lib.mkOpencodeSkills with basecamp, anthropic, and kestra external skills. Verified with nixos-rebuild dry-run --flake .#m3-hermes (no errors).","labels":["hermes-agent","nixos"],"dependency_count":0,"dependent_count":1,"comment_count":0}
{"id":"home-profile-restructuring-cxa","title":"Verify skills available at /var/lib/hermes/.agents/skills","status":"closed","priority":2,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:50:58Z","started_at":"2026-04-26T12:38:15Z","closed_at":"2026-04-26T12:50:58Z","close_reason":"Manually verified - skills are present at /var/lib/hermes/.agents/skills on m3-hermes","labels":["hermes-agent","testing"],"dependencies":[{"issue_id":"home-profile-restructuring-cxa","depends_on_id":"home-profile-restructuring-edz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":0,"comment_count":0} {"id":"home-profile-restructuring-cxa","title":"Verify skills available at /var/lib/hermes/.agents/skills","status":"closed","priority":2,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:50:58Z","started_at":"2026-04-26T12:38:15Z","closed_at":"2026-04-26T12:50:58Z","close_reason":"Manually verified - skills are present at /var/lib/hermes/.agents/skills on m3-hermes","labels":["hermes-agent","testing"],"dependencies":[{"issue_id":"home-profile-restructuring-cxa","depends_on_id":"home-profile-restructuring-edz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":0,"comment_count":0}
secrets.nix
-4
View File
@@ -38,9 +38,6 @@ in {
"secrets/basecamp-client-id.age".publicKeys = systems ++ users; "secrets/basecamp-client-id.age".publicKeys = systems ++ users;
"secrets/basecamp-client-secret.age".publicKeys = systems ++ users; "secrets/basecamp-client-secret.age".publicKeys = systems ++ users;
"secrets/gitea-runner-token.age".publicKeys = systems ++ users; "secrets/gitea-runner-token.age".publicKeys = systems ++ users;
"secrets/honcho-selfhost-db-password.age".publicKeys = systems ++ users;
"secrets/honcho-selfhost-env.age".publicKeys = systems ++ users;
"secrets/honcho-selfhost-jwt-secret.age".publicKeys = systems ++ users;
"secrets/outline-key.age".publicKeys = systems ++ users; "secrets/outline-key.age".publicKeys = systems ++ users;
"secrets/restreamer-env.age".publicKeys = systems ++ users; "secrets/restreamer-env.age".publicKeys = systems ++ users;
"secrets/searx.age".publicKeys = systems ++ users; "secrets/searx.age".publicKeys = systems ++ users;
@@ -55,7 +52,6 @@ in {
"secrets/honcho-key.age".publicKeys = systems ++ users; "secrets/honcho-key.age".publicKeys = systems ++ users;
"secrets/hermes-env.age".publicKeys = systems ++ users; "secrets/hermes-env.age".publicKeys = systems ++ users;
"secrets/hermes-cloud-env.age".publicKeys = systems ++ users; "secrets/hermes-cloud-env.age".publicKeys = systems ++ users;
"secrets/hermes-api-server-key.age".publicKeys = systems ++ users;
"secrets/hermes-gitea-token.age".publicKeys = systems ++ users; "secrets/hermes-gitea-token.age".publicKeys = systems ++ users;
"secrets/tuwunel-registration-token.age".publicKeys = systems ++ users; "secrets/tuwunel-registration-token.age".publicKeys = systems ++ users;
} }
secrets/hermes-api-server-key.age
-26
View File
@@ -1,26 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 4NLKrw 2TwbZwX9SwWg4SVC0A2ICmyRjSfO+xtfBcBOK1lh3T4
DSf4DrOAvW7L49lh6cq5IqrMM7gqXv2+67rR3ttn+CE
-> ssh-ed25519 5kwcsA K1hqFOAxq2T+oLp3bQjLYpXtlQVkA7RHCM/8ETMGbwU
xIE4xz50LB5vbDTTLKVcx9vC2iXIsRLThHYYxGjcJyY
-> ssh-ed25519 9d4YIQ bXYb62OM/N+EXpMOZZ6zEbpfaH10Vz62PuUdGODXolw
j64kKzOn8CmSnykEuWnXHZ0nfqwOfOxX4FPR4GSouR0
-> ssh-ed25519 3Bcr1w C4alN6ud7q0K4I7NHuBgC77D6zeTfZVGjNS3EKpvL00
NpjOsg3eJ5LvX0lV7NYuVHLeqeYylHdmw60H+KeG1GY
-> ssh-ed25519 c4NQlA In5wsg4+LTIEbP75B83GMXPCItSPGwKWUW8QO+QjXyY
oK1kikhr4RMq6QMv9kjNjiKrf5srlGh7hGbU2qns2rM
-> ssh-rsa DQlE7w
tcP4yPgGWqHYeE1gw/KD6cswik+9WU2s2f7hg5mK78085sQ7npXRsBVAz2OCRn07
foeAAmnY4YmKriBh421JOVNBDOXHR5dfaIKY9b663L+rYj99ic0rfW26C+dqKitF
SnvveL3Zf16nqg6duSVA7LIcIFgkIlA+RXnHPVho+P4GwEH7W8nCf/4kUquuhB7B
F4Hx1qOknmGyNBJBFi27D04ZDDk/ZVxioYsO6P6TUu7MuaGmQCoVKREDl5RRh4zO
XD8/TFDRsJLqqcbCKIlU+6CN1+L0r4FN4K0UaTjwPNzGvn5EEjBKw9RpOhdvI28I
WlAQ+w6gdQiz9Ju4e5p7Doz2MbNb6894DimawHjzl968Xy5ifX2XA+FBdcW5hU9A
u+7VXKZmbfMyvRA7lmKRoi4SurJAyQd6iXBrVKfTwFc53V/tJi48bsKcE3yXxHH+
lKGuZFNGDDkqCruycjvz94WaIHy3fv5hhmBdgwoCZK1VGSLAnwdm1rG4B9m3t/K8
-> ssh-ed25519 CSMyhg FNYYdEIJYcxkjMuM5lnIs9gIilvgD44uazZE8CjNeho
QHeghlsOOlYNMwhMHT4o7DeuyxGP/3wyqm94HUHjn44
--- zRG6aCTS+X18VpeN+tz38kaUoilk1kN5KrWTWYZ6pV4
ræX _qÔÁ’Ð껿H#p¯f™”}(žA(ã|»?ë0ªyJk¥SD‡\Jm&uõà &Ô9€ýÄ5Ù+çÊ…!v%Y˜ù~ãÁ$û“šZÇÓ° j„z–Â\ßá1,Vf˜
£’æ1zª»#Ó
secrets/hermes-cloud-env.age
BIN
View File
Binary file not shown.
secrets/honcho-key.age
BIN
View File
Binary file not shown.
secrets/honcho-selfhost-db-password.age
-31
View File
@@ -1,31 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVrd2NzQSBJV1Fa
U2gzWjJKOHlsK202dXAzVENFdmZ5ZmJsc01STnRnTWMvdjFyZ21NCjU5Q0hwbVlV
dVlRTUZDb0JESHBaTzk5ancrTWNpLzYrMFk2QWU0Z0EvUmsKLT4gc3NoLWVkMjU1
MTkgM0JjcjF3IEdia0tSQTZWcEE3ODE4VjU2M0ZGay9rbXlzbFNqZWxpb1lGSExw
RW5keGsKWDlwRzcwT1BaTDByT0R6T3hqWTE1UWVyN2xhSzhSMlhBdW5FakNjZ1Ux
NAotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgcnNJRnA2SVVkMHRXZTErc0VFbmduMDBz
ZkQzK3dMQ2xadkMyYllhOE1rOAprWmg4T3RiaTF5QXdmRGUxVDVpVnZWdWxRYTJv
WGVUQUhsT0VjKzl0NnJrCi0+IHNzaC1lZDI1NTE5IDROTEtydyAvc1ZTc0hRd3R4
V2U4dEpaeEZEZlVyc2ZHSlNiVSt3T1M3bndsVXpPNkhVCmt2WlplcVcza2YxV05T
bnRIOWpMYWpxck5jSzRtQVZ2L2ZQS3J1VjVTWDgKLT4gc3NoLWVkMjU1MTkgYzRO
UWxBIHZCKzR5RXN2RmYvc3ZPTGJRRG1peUN6bmNuVFpSd2NPdWJwTTJYdHllRW8K
TEo4QUI1a3ZzQ3NSQldSN1lTMlVwVGhTcTRPaHpYVHZVdHowYmZqR1czVQotPiBz
c2gtcnNhIERRbEU3dwpvRzJjS0h3b2p4RXJrSDI1VEszQ1BvckNUS2laV3hGVVlx
TXd0VkcvQ1hvWElNWnVNa1JoeHhMTDFUUWZnV0YxCjNHajRtZ0lmQzVXZmhyM1Nq
SWoyVTFFdmowNTdZV0J0WHE5cXdZb2U1OVJOb1hYb1lnSjdqN09Bd2IvOUFlckMK
d3hBc3pUK1J2Y3VnTjNSR0Q0cVJUVlluNllBazJ2L1dmOXVvZXI0WjVYbjI1RXhr
Rm1EMzkxcStrYWRJTFNJKwo3YjZ6MEZ3RmtLZytiWGdBWWZEYU9EQWxEZWtzV3dD
dGhJUUd0ajcvUFlxVGJqTVhlWmhSeHpkMHQyWWs5ZS9DClNEV0gzcWM2YlJTQ1lM
bE4zTFJKSFU1VjAybFJvY1FQR2tNSFo2NFVDczBTUW9UWjY4aDVNUzlYaVlkdzJm
dUsKckVaVld4YXpsdGYwWHVrWEtTbDJBU2cwcXlJSGY4ZEhlT2o4QlRBVGxWRHNL
OXlMTGp5b1ZWbnJYV2pzaFFIcApQVmJzVi9kWnRpeWcyaS9weVN3SncxQjhlanBV
dW5FU0VtL2lpS0NSTWtoOVI4akxXOUlhWW5xMkp2SUszSU9QCk1rZVdoNkI5TGRB
L2twWWpPYVlSWUxrRElRcjhHMFczM29lcWlWWlJhbk0vcGFEQmw3UGdXWXJBNXJV
VURYcFQKCi0+IHNzaC1lZDI1NTE5IENTTXloZyBpOEE3YUFzcytOYndXWWNreThp
ZEdveGFlbHlPa0FwZ2xBY0lCcmIycTM4CnI0ZE1DM2d1bzZPV3diL2lZQi9SUnB1
UWFjVVFueTFpMzRINm9Ob0pZMTQKLS0tIFJwZy9uRklOUEl0Z2hDNmx1YWsyNVov
aHZ5VVhtMnVyYTMwbCtkaFFtR28KZzkT96InPG4YYyVKq0ZOrIBPtCJBbTXUJu+8
9G03diIRwzYb6cSBRMtKKGl5NEfbJE7B2OnXeHPeCIPiGArKudKxFg9COHGOUP0h
hUDDL9RGVhd4sMs8zRkxNghRwQzD
-----END AGE ENCRYPTED FILE-----
secrets/honcho-selfhost-env.age
-30
View File
@@ -1,30 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVrd2NzQSBKZllV
QytCeGYyVmtRMUxudm5iWmF3aWdITlRQVE53RnhFNUFabXkwbkg0CkE5Wk1mbXdm
TzRuQTdvNklORUdSdHFIZm1zSVdvMWVnWWpRTUxDSzFBMHcKLT4gc3NoLWVkMjU1
MTkgM0JjcjF3IDlISlRMdC9Sc2hic3JRV1o0WDNsbzByNmdFNnZDdjJSLytEa0xS
VzRzQ2sKYXJGSjJDa2xuYThLNnhIMFhwTTNUSHJWbnFFYzZSRFQxVlVWK2xjNWgv
dwotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgaGUweXhJZmhTOGt3VFQ2R04rQjNOckxx
c3BCMTBWZ0lsQmU3NmlVRkRYWQp6QlMvQkZmemVjekdLVWlDTUlNRG04MTlzaHAz
cW9xd2JjNlE0eFF4NzNvCi0+IHNzaC1lZDI1NTE5IDROTEtydyBWQ2FGUCtFQ2FZ
Wk5uSzZyTDNBTHRPUTkvTlRWR0Q1bHdqRjBycmU0VFc0CkdpSUNZZGw1aGJwUVk0
VnlIR2IxVTJNaFVSNHJQSDR2YWxuN2ZiSERQSUEKLT4gc3NoLWVkMjU1MTkgYzRO
UWxBIHlDYUlJRGxabTZxSnNpTUNWUDRXWUtHa0h3Z3BYTlZkUEtkall1OUh1VzQK
ZEQzSW5tM0xFdWd1a3hibXlxa0N2N2RlemUyMkplRW5CNFZHUCtTSEhWdwotPiBz
c2gtcnNhIERRbEU3dwpoNE9FdlpHYXJFZVRYQnBZNFZPTUhLb3RDdWpNcWxtU2gv
MVF5Tm1tdHBuK3NLQjBnM2JudFFwQVZnb0VpUUljCjhKQk5HQnVrY05yeU53QWhK
MG9QUVN5M2NXUEw2eEhQajFmaHZ4cWpFaXcwd3ZrSzNRWFNRREl5bERac1Y2LzYK
c3BDVXlvQ20xaUt4KzZVRkhiNU5TYkpsbGQraFdvM3RvSkFZRU54SUV4ZWNnVG0y
VVR6Q2swV2RFeUZwNGZxdQoveVhYN3JXVXBpQzdxa1ZKVXROcXRDQXladml5c2ZD
ZjFVSVRaUkZiRVlNUHA3bDg2ek9mcXJnVG9YYStza3BFCktzVXlyZHNCZ1BxYTBO
TUt1T3ZYQmR2VjErdVpPWVBOVDlFZm14Ukp0dkdUamNxODZPNFNTMXNabzNWUzVT
MHIKUkJocFBhNitCMzFkWUhyV29FU3RMWjkvMWNxbzJFbTBHb2NpbW9Cb1dheHhn
Y0N6S2FIQ2NROWtqQm5ORWxtYwo1NnF2RVQybnY2Wm5CQlJZOXVTVVNLUGZIbWZh
V2laZWFQaXhEaGdma3pIWnlSaFpjSlRqNHlRZGNiaWhsWXlYCi9UM0Z2MldUMW01
ekZja1hLNXptaFVCVFN5UVVlRGh0L2wvekxEckNmNTJOTUdoUE9wRzFaNzhqQnpM
dThmWDUKCi0+IHNzaC1lZDI1NTE5IENTTXloZyB5ZzV4Q1pIOGpBOEtUcG1rNVZB
QjFPbEt0OThxNWl3V1VhRTV2RFVrUGhRCmpwSHpUTnhNdlRHMnRvYWk2emJlSlhJ
aWwweUg5dG1rYmRMMEVDTVdHdnMKLS0tIHp6alVpN1IvQ2E5UEV0Zm1nQk53cWJQ
WCtTN08wSXlCSktkaDlPRG9Wa0UKyLX9C4xDpcPIVFsimn4OmCWAKZ1IPxeSzgr0
W6Shg1EWCeMm3dQVJ8O9mji4JW/SJHKwqlJvFTMPhIwcdIo=
-----END AGE ENCRYPTED FILE-----
secrets/honcho-selfhost-jwt-secret.age
-31
View File
@@ -1,31 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDVrd2NzQSBTNk5O
dmZTRnRnOU5JMHU4QitlWWMyaXhscm1aQWNQSWJmVjU3MHdvVmowClkrVTV6VVVV
Q0tiWXlkcGtHS3AwTUtqYmJwdnowMXFLcGNYb1dVZmpVTGcKLT4gc3NoLWVkMjU1
MTkgM0JjcjF3IGVpdFlFTUFZQS9IMzVaRkNHSHltcHV1QlFmYk1yRitvZjhZZzI2
ZDlTR3MKQ0RKT0tWZ0JGOUZCMTk2bitENmxnZzc1VDloNktvaVJFdGxyaVFaMjhJ
VQotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgdmw1MTg1R3lLR1NFNGUzQXpnUS9TNjRq
czVtYlFzUmJnbmJ1c3JFRVZCQQoyYzBmQzdPbFVyU3diWlNuc1JoaHptOTFCUFBX
RFpDZk4rWHByOGp2bkJFCi0+IHNzaC1lZDI1NTE5IDROTEtydyBIZWdsejNPVkdZ
dkN3Z1FLTkNCVTdKSHNIOGU4UUUwdklhS0oxMlc5ekVjCnNZL0ZsV1VMU1p0eEFp
YzBOdndIRzB3KzZXNGRFaHBpVDQ4Wm1jb2E1Z1kKLT4gc3NoLWVkMjU1MTkgYzRO
UWxBIGFteVpubkxhcm80VEllY1llYkx4YXRTRHU4clNwK1F1SWlMTWxtMTYvRncK
YjhvRXBod2I5dUZaWGlyOHcwa3MvWjNPOCtKendiMk9zVE5mVlpTS1RVMAotPiBz
c2gtcnNhIERRbEU3dwpoenRXZkF2ck1LWDhxK25ldG1HVmRzVEh4TVNuaTdwQmVW
eW80TE5kYzd5YkFpZXZhdWVSdEh4VTA2TzhnMzNsCkZud1AvTUdWSHJtOWtEZzlj
ai9SdG1PRUtCN3VWQXlyamVpV1dWTEZkaFZpZHIxQ0c0eHIva1dzeDN6MlJla24K
dXcrNUxUWVdMTFpaRk1YbkszazNDdFhuSVdxbE9rVHNNWDBvbDF4WGlWT0d5RTJR
WmxCSFAzbDVVNWJneWhJZApPVnozRkRsS2J2VkFRVEpDVWJicmhhWXA0eVEvZFEz
eWtsY3ZaNEk1MzlDYVJDb09lZGRsVk9YMXhyOWJsNmJYCk5HRTRjb0RrdlRydjNs
T3prdXMvbnF0Y0FlL0VUbHNuVzZPNWJSK09TdEpuVU83dytiUDJRbmpFazludkkz
d3AKUUp6TkVWSWRHMkozR0lQR1JlNmZ5Nk05WkUwbWJaODUzNmJIVkNEazVRcFFO
ZnVZengyeFhQSlFsbUlta0tPRwo5OURlRTlPNERLWlF6aE9QaS91T0kyb2tIS0kz
L0FYNjhWVWp1Q2xqUVRialcyWkhXbTJwU0R5VmVkbE1GeGEyCmROTFErS2VsMEo1
VHdta2RObmtwMWtJTzRuaEhRbTFFbEE0V1RKbUk3SCtLWlE1cHR5c09ncThxbVY1
cnRETkUKCi0+IHNzaC1lZDI1NTE5IENTTXloZyBZbW1NSStwWGd5RE1kRkk5aTZX
alZtUWk5M3pnU1ZTSFU5UExnS0d4NkcwCjAvblBmUG5MUVVTOEpncjJjY0I1QzN1
eVVNMlVZenJ6MzVDRXFaMVgxREUKLS0tIFIwd1ZtanJuU0Q2Ym9kN3lSS1NtQlky
NC93UWJXa0tXTUVON3NmNVpUR0kKX71fenkAzKU3aIHFjLTpemNxsc5unQTy9f1O
jpfhFHRPG5HuUBtmi6Fuv2n8J8Gw70D0XKs6UgAYV5GY0Db1daJZRbgF9EExbadB
JQm3DLy8LG6KAM250ooGHKJoJSfQ
-----END AGE ENCRYPTED FILE-----