secrets: add basecamp-env.age

.beads/issues.jsonl

@@ -1,2 +1 @@
 {"id":"nixos-config-gx2","title":"form","status":"tombstone","priority":2,"issue_type":"task","created_at":"2026-01-11T11:49:21.688289476+01:00","created_by":"m3tam3re","updated_at":"2026-01-11T11:51:36.426124223+01:00","deleted_at":"2026-01-11T11:51:36.426124223+01:00","deleted_by":"daemon","delete_reason":"delete","original_type":"task"}
-{"id":"nixos-config-n4l","title":"Create Gitea action for nix-update package updates","description":"Create a Gitea action to automatically update packages in this nixos-config repository using nix-update.\n\n**Context:**\n- Gitea instance is already running on m3-atlas at code.m3ta.dev (configured in hosts/m3-atlas/services/gitea.nix)\n- The repository is self-hosted on this Gitea instance\n- nix-update is already referenced in home/features/cli/default.nix\n- Currently no Gitea workflows exist (.gitea/ directory does not exist)\n\n**Goal:**\nAutomate package updates by creating a Gitea Actions workflow that:\n1. Runs nix-update periodically (e.g., weekly or on schedule)\n2. Updates package definitions in pkgs/ directory\n3. Creates pull requests with the updates\n4. Uses appropriate secrets/credentials for the Gitea instance\n\n**Requirements:**\n- Create .gitea/workflows/ directory structure\n- Define workflow file with nix-update command\n- Configure triggers (schedule, manual, or on repository events)\n- Set up proper permissions and secrets\n- Test the workflow execution\n\n**Current Repository State:**\n- pkgs/default.nix exists but is minimal (currently just a comment)\n- Multiple nixpkgs inputs are used (unstable, 25.11, locked, master)\n- Custom m3ta-nixpkgs overlay at code.m3ta.dev/m3tam3re/nixpkgs\n- Uses agenix for secrets management\n\n**Related Files:**\n- hosts/m3-atlas/services/gitea.nix (existing Gitea configuration)\n- hosts/common/ports.nix (port management)\n- home/features/cli/default.nix (nix-update reference)\n\n**Acceptance Criteria:**\n- [ ] Create .gitea/workflows directory\n- [ ] Implement nix-update workflow YAML\n- [ ] Configure appropriate triggers\n- [ ] Test workflow on the repository\n- [ ] Document setup and configuration","status":"closed","priority":2,"issue_type":"feature","owner":"p@m3ta.dev","created_at":"2026-01-13T20:39:49.838916335+01:00","created_by":"m3tm3re","updated_at":"2026-01-13T20:51:43.833041989+01:00","closed_at":"2026-01-13T20:51:43.833041989+01:00","close_reason":"Closed"}

.beads/sync_base.jsonl

@@ -1,2 +0,0 @@
-{"id":"nixos-config-gx2","title":"form","status":"tombstone","priority":2,"issue_type":"task","created_at":"2026-01-11T11:49:21.688289476+01:00","created_by":"m3tam3re","updated_at":"2026-01-11T11:51:36.426124223+01:00","deleted_at":"2026-01-11T11:51:36.426124223+01:00","deleted_by":"daemon","delete_reason":"delete","original_type":"task"}
-{"id":"nixos-config-n4l","title":"Create Gitea action for nix-update package updates","description":"Create a Gitea action to automatically update packages in this nixos-config repository using nix-update.\n\n**Context:**\n- Gitea instance is already running on m3-atlas at code.m3ta.dev (configured in hosts/m3-atlas/services/gitea.nix)\n- The repository is self-hosted on this Gitea instance\n- nix-update is already referenced in home/features/cli/default.nix\n- Currently no Gitea workflows exist (.gitea/ directory does not exist)\n\n**Goal:**\nAutomate package updates by creating a Gitea Actions workflow that:\n1. Runs nix-update periodically (e.g., weekly or on schedule)\n2. Updates package definitions in pkgs/ directory\n3. Creates pull requests with the updates\n4. Uses appropriate secrets/credentials for the Gitea instance\n\n**Requirements:**\n- Create .gitea/workflows/ directory structure\n- Define workflow file with nix-update command\n- Configure triggers (schedule, manual, or on repository events)\n- Set up proper permissions and secrets\n- Test the workflow execution\n\n**Current Repository State:**\n- pkgs/default.nix exists but is minimal (currently just a comment)\n- Multiple nixpkgs inputs are used (unstable, 25.11, locked, master)\n- Custom m3ta-nixpkgs overlay at code.m3ta.dev/m3tam3re/nixpkgs\n- Uses agenix for secrets management\n\n**Related Files:**\n- hosts/m3-atlas/services/gitea.nix (existing Gitea configuration)\n- hosts/common/ports.nix (port management)\n- home/features/cli/default.nix (nix-update reference)\n\n**Acceptance Criteria:**\n- [ ] Create .gitea/workflows directory\n- [ ] Implement nix-update workflow YAML\n- [ ] Configure appropriate triggers\n- [ ] Test workflow on the repository\n- [ ] Document setup and configuration","status":"closed","priority":2,"issue_type":"feature","owner":"p@m3ta.dev","created_at":"2026-01-13T20:39:49.838916335+01:00","created_by":"m3tm3re","updated_at":"2026-01-13T20:51:43.833041989+01:00","closed_at":"2026-01-13T20:51:43.833041989+01:00","close_reason":"Closed"}

flake.lock

@@ -24,11 +24,11 @@
     "agents": {
       "flake": false,
       "locked": {
-        "lastModified": 1768756367,
+        "lastModified": 1767965833,
-        "narHash": "sha256-s6AVS1NHXtfc9m4ccSM1+VzC2pjE6dfx9RT7JmELZpo=",
+        "narHash": "sha256-8tKEfJU4bxlgPJwUTUDQkVJMbwWQMiYt+moLjMIFeVY=",
         "ref": "refs/heads/master",
-        "rev": "8ebb30fb2b50026034ba87e8c0aca63b09a993b3",
+        "rev": "3e20c82603a4ddedf04ff001adf943723a49dc37",
-        "revCount": 10,
+        "revCount": 7,
         "type": "git",
         "url": "https://code.m3ta.dev/m3tam3re/AGENTS"
       },
@@ -82,11 +82,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1768727946,
+        "lastModified": 1766150702,
-        "narHash": "sha256-le2GY+ZR6uRHMuOAc60sBR3gBD2BEk1qOZ3S5C/XFpU=",
+        "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "558e84658d0eafc812497542ad6ca0d9654b3b0f",
+        "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
         "type": "github"
       },
       "original": {
@@ -162,11 +162,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1768836546,
+        "lastModified": 1767930051,
-        "narHash": "sha256-nJZkTamcXXMW+SMYiGFB6lB8l0aJw0xjssfN8xYd/Fs=",
+        "narHash": "sha256-YXtqo8h5bAbqC64XAPMMsZdYk8XkwkyNj/7XOsIyVf8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "b56c5ad14fcf8b5bc887463552483bf000ca562a",
+        "rev": "297a08510894822ddd93ee2cfc66d6ac65a3cebb",
         "type": "github"
       },
       "original": {
@@ -240,18 +240,20 @@
     },
     "m3ta-nixpkgs": {
       "inputs": {
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_3"
-        "opencode": "opencode"
       },
       "locked": {
-        "lastModified": 1769186400,
+        "lastModified": 1768068765,
-        "narHash": "sha256-9e9yvKJPufg0mTroH+vUUzxp+eX1tvy5QLSzKSw6uLI=",
+        "narHash": "sha256-02ZFGjzZxoba0PSeStMyHHe1GPiCUh3Ve6zltevw0RE=",
-        "path": "/home/m3tam3re/p/NIX/nixpkgs",
+        "ref": "refs/heads/master",
-        "type": "path"
+        "rev": "00b858fbbed6d2ad9e9a4303bdbe96dc249c5e22",
+        "revCount": 31,
+        "type": "git",
+        "url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
       },
       "original": {
-        "path": "/home/m3tam3re/p/NIX/nixpkgs",
+        "type": "git",
-        "type": "path"
+        "url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
       }
     },
     "nix-colors": {
@@ -291,7 +293,7 @@
     "nixos-generators": {
       "inputs": {
         "nixlib": "nixlib",
-        "nixpkgs": "nixpkgs_5"
+        "nixpkgs": "nixpkgs_4"
       },
       "locked": {
         "lastModified": 1764234087,
@@ -388,11 +390,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1768844247,
+        "lastModified": 1767950769,
-        "narHash": "sha256-vAPadjf0C/6Xcb/5YO30S38lSV8/gNKRwWSfpS6SGNY=",
+        "narHash": "sha256-oT4Tj7O9361bmMbPwuAcH2zgj2fUZao7F32Bkah+AmE=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "ba686298c491728b8ee1774c8520665293517540",
+        "rev": "3cf525869eaad0c4105795523d158d6985d40885",
         "type": "github"
       },
       "original": {
@@ -404,11 +406,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1768621446,
+        "lastModified": 1767799921,
-        "narHash": "sha256-6YwHV1cjv6arXdF/PQc365h1j+Qje3Pydk501Rm4Q+4=",
+        "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "72ac591e737060deab2b86d6952babd1f896d7c5",
+        "rev": "d351d0653aeb7877273920cd3e823994e7579b0b",
         "type": "github"
       },
       "original": {
@@ -436,11 +438,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1768127708,
+        "lastModified": 1766309749,
-        "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=",
+        "narHash": "sha256-3xY8CZ4rSnQ0NqGhMKAy5vgC+2IVK0NoVEzDoOh4DA4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38",
+        "rev": "a6531044f6d0bef691ea18d4d4ce44d0daa6e816",
         "type": "github"
       },
       "original": {
@@ -451,22 +453,6 @@
       }
     },
     "nixpkgs_4": {
-      "locked": {
-        "lastModified": 1768393167,
-        "narHash": "sha256-n2063BRjHde6DqAz2zavhOOiLUwA3qXt7jQYHyETjX8=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "2f594d5af95d4fdac67fba60376ec11e482041cb",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_5": {
       "locked": {
         "lastModified": 1736657626,
         "narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=",
@@ -482,13 +468,13 @@
         "type": "github"
       }
     },
-    "nixpkgs_6": {
+    "nixpkgs_5": {
       "locked": {
-        "lastModified": 1768564909,
+        "lastModified": 1767767207,
-        "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
+        "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
+        "rev": "5912c1772a44e31bf1c63c0390b90501e5026886",
         "type": "github"
       },
       "original": {
@@ -498,7 +484,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_7": {
+    "nixpkgs_6": {
       "locked": {
         "lastModified": 1710272261,
         "narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=",
@@ -522,11 +508,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1768844638,
+        "lastModified": 1767950946,
-        "narHash": "sha256-d0kHY4VjvpkAtOJxcN9xM9UvYZIxWs9f/gybe2+wHzI=",
+        "narHash": "sha256-1uAvkp3rbtF4fdjiiXfGydNOLFcG6J0/LXbHFgQLxKY=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "5089b930f2ee6d34412f9d2c625bbe3926bb4bee",
+        "rev": "3fabc71263f7765c342740db5360a2308ece715d",
         "type": "github"
       },
       "original": {
@@ -535,25 +521,6 @@
         "type": "github"
       }
     },
-    "opencode": {
-      "inputs": {
-        "nixpkgs": "nixpkgs_4"
-      },
-      "locked": {
-        "lastModified": 1769153255,
-        "narHash": "sha256-ardM8zEJWvTvsFMQZWivjGPB2uIqFw6QPAzrRjAHQKY=",
-        "owner": "anomalyco",
-        "repo": "opencode",
-        "rev": "c130dd425a32fe1c1cd3747ea6565b0e6bf50100",
-        "type": "github"
-      },
-      "original": {
-        "owner": "anomalyco",
-        "ref": "v1.1.34",
-        "repo": "opencode",
-        "type": "github"
-      }
-    },
     "root": {
       "inputs": {
         "agenix": "agenix",
@@ -564,7 +531,7 @@
         "m3ta-nixpkgs": "m3ta-nixpkgs",
         "nix-colors": "nix-colors",
         "nixos-generators": "nixos-generators",
-        "nixpkgs": "nixpkgs_6",
+        "nixpkgs": "nixpkgs_5",
         "nixpkgs-45570c2": "nixpkgs-45570c2",
         "nixpkgs-9e58ed7": "nixpkgs-9e58ed7",
         "nixpkgs-locked": "nixpkgs-locked",
@@ -577,7 +544,7 @@
     "rose-pine-hyprcursor": {
       "inputs": {
         "hyprlang": "hyprlang",
-        "nixpkgs": "nixpkgs_7",
+        "nixpkgs": "nixpkgs_6",
         "utils": "utils"
       },
       "locked": {

home/features/cli/nushell.nix

@@ -68,7 +68,6 @@ in {
           ]
         }
 
-        # Aliases
         alias .. = cd ..
         alias ... = cd ...
         alias h = cd $env.HOME

home/features/coding/default.nix

@@ -23,7 +23,6 @@
         torch
         srt
       ]))
-    opencode-desktop
     pyrefly
     nixd
     alejandra

home/features/coding/opencode.nix

@@ -1,4 +1,7 @@
-{inputs, ...}: {
+{ inputs, ... }: {
+  imports =
+    [ "${inputs.m3ta-nixpkgs}/modules/home-manager/coding/basecamp-mcp.nix" ];
+
   xdg.configFile = {
     "opencode/command" = {
       source = "${inputs.agents}/command";
@@ -18,18 +21,22 @@
     };
   };
 
+  m3ta.coding.opencode.mcp.basecamp = {
+    enable = true;
+    envFile = "/run/agenix/basecamp-env";
+  };
   programs.opencode = {
     enable = true;
     settings = {
       theme = "opencode";
-      plugin = ["oh-my-opencode" "opencode-beads" "opencode-antigravity-auth@beta"];
+      plugin =
-      agent =
+        [ "oh-my-opencode" "opencode-beads" "opencode-antigravity-auth@beta" ];
-        builtins.fromJSON
+      agent = builtins.fromJSON
         (builtins.readFile "${inputs.agents}/agent/agents.json");
       formatter = {
         alejandra = {
-          command = ["alejandra" "-q" "-"];
+          command = [ "alejandra" "-q" "-" ];
-          extensions = [".nix"];
+          extensions = [ ".nix" ];
         };
       };
       mcp = {
@@ -51,19 +58,6 @@
           ];
           enabled = false;
         };
-        Basecamp = {
-          type = "local";
-          command = [
-            "/home/m3tam3re/p/PYTHON/Basecamp-MCP-Server/venv/bin/python"
-            "/home/m3tam3re/p/PYTHON/Basecamp-MCP-Server/basecamp_fastmcp.py"
-          ];
-          environment = {
-            PYTHONPATH = "/home/m3tam3re/p/PYTHON/Basecamp-MCP-Server";
-            VIRTUAL_ENV = "/home/m3tam3re/p/PYTHON/Basecamp-MCP-Server/venv";
-            BASECAMP_ACCOUNT_ID = "5996442";
-          };
-          enabled = false;
-        };
         Exa = {
           type = "local";
           command = [
@@ -77,77 +71,77 @@
       provider = {
         google = {
           models = {
-            antigravity-gemini-3-pro = {
+            "antigravity-gemini-3-pro" = {
               name = "Gemini 3 Pro (Antigravity)";
               limit = {
                 context = 1048576;
                 output = 65535;
               };
               modalities = {
-                input = ["text" "image" "pdf"];
+                input = [ "text" "image" "pdf" ];
-                output = ["text"];
+                output = [ "text" ];
               };
               variants = {
-                low = {thinkingLevel = "low";};
+                low = { thinkingLevel = "low"; };
-                high = {thinkingLevel = "high";};
+                high = { thinkingLevel = "high"; };
               };
             };
-            antigravity-gemini-3-flash = {
+            "antigravity-gemini-3-flash" = {
               name = "Gemini 3 Flash (Antigravity)";
               limit = {
                 context = 1048576;
                 output = 65536;
               };
               modalities = {
-                input = ["text" "image" "pdf"];
+                input = [ "text" "image" "pdf" ];
-                output = ["text"];
+                output = [ "text" ];
               };
               variants = {
-                minimal = {thinkingLevel = "minimal";};
+                minimal = { thinkingLevel = "minimal"; };
-                low = {thinkingLevel = "low";};
+                low = { thinkingLevel = "low"; };
-                medium = {thinkingLevel = "medium";};
+                medium = { thinkingLevel = "medium"; };
-                high = {thinkingLevel = "high";};
+                high = { thinkingLevel = "high"; };
               };
             };
-            antigravity-claude-sonnet-4-5 = {
+            "antigravity-claude-sonnet-4-5" = {
-              name = "Claude Sonnet 4.5 (Antigravity)";
+              name = "Claude Sonnet 4.5 (no thinking) (Antigravity)";
               limit = {
                 context = 200000;
                 output = 64000;
               };
               modalities = {
-                input = ["text" "image" "pdf"];
+                input = [ "text" "image" "pdf" ];
-                output = ["text"];
+                output = [ "text" ];
               };
             };
-            antigravity-claude-sonnet-4-5-thinking = {
+            "antigravity-claude-sonnet-4-5-thinking" = {
               name = "Claude Sonnet 4.5 Thinking (Antigravity)";
               limit = {
                 context = 200000;
                 output = 64000;
               };
               modalities = {
-                input = ["text" "image" "pdf"];
+                input = [ "text" "image" "pdf" ];
-                output = ["text"];
+                output = [ "text" ];
               };
               variants = {
-                low = {thinkingConfig = {thinkingBudget = 8192;};};
+                low = { thinkingConfig = { thinkingBudget = 8192; }; };
-                max = {thinkingConfig = {thinkingBudget = 32768;};};
+                max = { thinkingConfig = { thinkingBudget = 32768; }; };
               };
             };
-            antigravity-claude-opus-4-5-thinking = {
+            "antigravity-claude-opus-4-5-thinking" = {
               name = "Claude Opus 4.5 Thinking (Antigravity)";
               limit = {
                 context = 200000;
                 output = 64000;
               };
               modalities = {
-                input = ["text" "image" "pdf"];
+                input = [ "text" "image" "pdf" ];
-                output = ["text"];
+                output = [ "text" ];
               };
               variants = {
-                low = {thinkingConfig = {thinkingBudget = 8192;};};
+                low = { thinkingConfig = { thinkingBudget = 8192; }; };
-                max = {thinkingConfig = {thinkingBudget = 32768;};};
+                max = { thinkingConfig = { thinkingBudget = 32768; }; };
               };
             };
             "gemini-2.5-flash" = {
@@ -157,8 +151,8 @@
                 output = 65536;
               };
               modalities = {
-                input = ["text" "image" "pdf"];
+                input = [ "text" "image" "pdf" ];
-                output = ["text"];
+                output = [ "text" ];
               };
             };
             "gemini-2.5-pro" = {
@@ -168,8 +162,8 @@
                 output = 65536;
               };
               modalities = {
-                input = ["text" "image" "pdf"];
+                input = [ "text" "image" "pdf" ];
-                output = ["text"];
+                output = [ "text" ];
               };
             };
             "gemini-3-flash-preview" = {
@@ -179,8 +173,8 @@
                 output = 65536;
               };
               modalities = {
-                input = ["text" "image" "pdf"];
+                input = [ "text" "image" "pdf" ];
-                output = ["text"];
+                output = [ "text" ];
               };
             };
             "gemini-3-pro-preview" = {
@@ -190,8 +184,8 @@
                 output = 65535;
               };
               modalities = {
-                input = ["text" "image" "pdf"];
+                input = [ "text" "image" "pdf" ];
-                output = ["text"];
+                output = [ "text" ];
               };
             };
           };
@@ -201,11 +195,11 @@
   };
 
   home.file.".config/opencode/oh-my-opencode.json".text = builtins.toJSON {
-    "$schema" = "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json";
+    "$schema" =
-    google_auth = false;
+      "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json";
     agents = {
       Sisyphus = {
-        model = "zai-coding-plan/glm-4.7";
+        model = "opencode/glm-4.7-free";
         permission = {
           edit = "allow";
           bash = {
@@ -272,21 +266,21 @@
         };
       };
       explore = {
-        model = "zai-coding-plan/glm-4.5-air";
+        model = "opencode/glm-4.7-free";
         permission = {
           edit = "deny";
           bash = "deny";
         };
       };
       oracle = {
-        model = "zai-coding-plan/glm-4.7";
+        model = "opencode/glm-4.7-free";
         permission = {
           edit = "deny";
           bash = "deny";
         };
       };
       frontend-ui-ux-engineer = {
-        model = "zai-coding-plan/glm-4.7";
+        model = "opencode/glm-4.7-free";
         permission = {
           edit = "allow";
           bash = {
@@ -306,71 +300,20 @@
         };
       };
       document-writer = {
-        model = "zai-coding-plan/glm-4.5-air";
+        model = "opencode/glm-4.7-free";
         permission = {
           edit = "allow";
           bash = "deny";
         };
       };
       multimodal-looker = {
-        model = "zai-coding-plan/glm-4.7";
+        model = "opencode/glm-4.7-free";
         permission = {
           edit = "deny";
           bash = "deny";
         };
       };
-      "Prometheus (Planner)" = {
-        model = "zai-coding-plan/glm-4.7";
-        permission = {
-          edit = "deny";
-          bash = "allow";
     };
-      };
+    disabled_mcps = [ "context7" "websearch" ];
-      "Metis (Plan Consultant)" = {
-        model = "zai-coding-plan/glm-4.7";
-        permission = {
-          edit = "deny";
-          bash = "allow";
-        };
-      };
-      "Momus (Plan Reviewer)" = {
-        model = "zai-coding-plan/glm-4.7";
-        permission = {
-          edit = "deny";
-          bash = "allow";
-        };
-      };
-      "Atlas" = {
-        model = "zai-coding-plan/glm-4.7";
-        permission = {
-          edit = "deny";
-          bash = "allow";
-        };
-      };
-    };
-    "categories" = {
-      "visual-engineering" = {
-        "model" = "zai-coding-plan/glm-4.7";
-      };
-      "ultrabrain" = {
-        "model" = "zai-coding-plan/glm-4.7";
-      };
-      "artistry" = {
-        "model" = "zai-coding-plan/glm-4.7";
-      };
-      "quick" = {
-        "model" = "zai-coding-plan/glm-4.5-ai";
-      };
-      "unspecified-low" = {
-        "model" = "zai-coding-plan/glm-4.7";
-      };
-      "unspecified-high" = {
-        "model" = "zai-coding-plan/glm-4.7";
-      };
-      "writing" = {
-        "model" = "zai-coding-plan/glm-4.7";
-      };
-    };
-    disabled_mcps = ["context7" "websearch"];
   };
 }

home/features/desktop/hyprland.nix

@@ -31,7 +31,6 @@ in {
           "XDG_CURRENT_DESKTOP,Hyprland"
           "XDG_SESSION_TYPE,wayland"
           "XDG_SESSION_DESKTOP,Hyprland"
-          "NIXOS_OZONE_WL,1"
         ];
 
         input = {

hosts/common/extraServices/flatpak.nix

@@ -14,6 +14,7 @@ in {
     xdg.portal = {
       # xdg desktop intergration (required for flatpak)
       enable = true;
+      wlr.enable = true;
       extraPortals = with pkgs; [
         xdg-desktop-portal-hyprland
       ];

hosts/m3-ares/hardware.nix

@@ -1,10 +1,8 @@
-{ config, pkgs, inputs, ... }: {
+{
-  # Workaround for tuxedo-drivers module bug in unstable (nixpkgs#480391)
+  config,
-  # The unstable module has a type error - use stable module until fix propagates
+  pkgs,
-  disabledModules = [ "hardware/tuxedo-drivers.nix" ];
+  ...
-  imports =
+}: {
-    [ "${inputs.nixpkgs-stable}/nixos/modules/hardware/tuxedo-drivers.nix" ];
-
   hardware.nvidia = {
     prime = {
       offload.enable = false;
@@ -38,12 +36,18 @@
     };
   };
 
-  environment.systemPackages = with pkgs; [ tuxedo-backlight ];
+  environment.systemPackages = with pkgs; [
-  security.sudo.extraRules = [{
+    tuxedo-backlight
-    users = [ "@wheel" ];
+  ];
-    commands = [{
+  security.sudo.extraRules = [
+    {
+      users = ["@wheel"];
+      commands = [
+        {
           command = "/run/current-system/sw/bin/set-backlight";
-      options = [ "NOPASSWD" ];
+          options = ["NOPASSWD"];
-    }];
+        }
-  }];
+      ];
+    }
+  ];
 }

hosts/m3-ares/secrets.nix

@@ -33,14 +33,6 @@
         file = ../../secrets/exa-key.age;
         owner = "m3tam3re";
       };
-      basecamp-client-id = {
-        file = ../../secrets/basecamp-client-id.age;
-        owner = "m3tam3re";
-      };
-      basecamp-client-secret = {
-        file = ../../secrets/basecamp-client-secret.age;
-        owner = "m3tam3re";
-      };
       tailscale-key.file = ../../secrets/tailscale-key.age;
       m3tam3re-secrets = {
         file = ../../secrets/m3tam3re-secrets.age;

hosts/m3-atlas/secrets.nix

@@ -1,35 +1,51 @@
 {
   age = {
     secrets = {
-      baserow-env = { file = ../../secrets/baserow-env.age; };
+      baserow-env = {
-      ghost-env = { file = ../../secrets/ghost-env.age; };
+        file = ../../secrets/baserow-env.age;
+      };
+      ghost-env = {
+        file = ../../secrets/ghost-env.age;
+      };
       kestra-config = {
         file = ../../secrets/kestra-config.age;
         mode = "644";
       };
-      kestra-env = { file = ../../secrets/kestra-env.age; };
+      kestra-env = {
-      littlelink-m3tam3re = { file = ../../secrets/littlelink-m3tam3re.age; };
+        file = ../../secrets/kestra-env.age;
-      minio-root-cred = { file = ../../secrets/minio-root-cred.age; };
+      };
-      n8n-env = { file = ../../secrets/n8n-env.age; };
+      littlelink-m3tam3re = {
-      paperless-key = { file = ../../secrets/paperless-key.age; };
+        file = ../../secrets/littlelink-m3tam3re.age;
-      restreamer-env = { file = ../../secrets/restreamer-env.age; };
+      };
-      searx = { file = ../../secrets/searx.age; };
+      minio-root-cred = {
-      tailscale-key = { file = ../../secrets/tailscale-key.age; };
+        file = ../../secrets/minio-root-cred.age;
+      };
+      n8n-env = {
+        file = ../../secrets/n8n-env.age;
+      };
+      paperless-key = {
+        file = ../../secrets/paperless-key.age;
+      };
+      restreamer-env = {
+        file = ../../secrets/restreamer-env.age;
+      };
+      searx = {
+        file = ../../secrets/searx.age;
+      };
+      tailscale-key = {
+        file = ../../secrets/tailscale-key.age;
+      };
       traefik = {
         file = ../../secrets/traefik.age;
         owner = "traefik";
       };
-      vaultwarden-env = { file = ../../secrets/vaultwarden-env.age; };
+      vaultwarden-env = {
+        file = ../../secrets/vaultwarden-env.age;
+      };
       m3tam3re-secrets = {
         file = ../../secrets/m3tam3re-secrets.age;
         owner = "m3tam3re";
       };
-      gitea-runner-token = {
-        file = ../../secrets/gitea-runner-token.age;
-        mode = "600";
-        owner = "gitea-runner";
-        group = "gitea-runner";
-      };
     };
   };
 }

hosts/m3-atlas/services/default.nix

@@ -2,7 +2,6 @@
   imports = [
     ./containers
     ./gitea.nix
-    ./gitea-actions-runner.nix
     ./headscale.nix
     ./minio.nix
     ./mysql.nix

hosts/m3-atlas/services/gitea-actions-runner.nix

@@ -1,57 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
-  services.gitea-actions-runner = {
-    instances.default = {
-      enable = true;
-      name = "${config.networking.hostName}-runner";
-      url = "https://code.m3ta.dev";
-      tokenFile = config.age.secrets.gitea-runner-token.path;
-
-      # nixos:host is primary, ubuntu is fallback
-      labels = [
-        "nixos:host"
-      ];
-
-      # Host execution packages
-      hostPackages = with pkgs; [
-        bash
-        curl
-        coreutils
-        git
-        jq
-        nix
-        nix-update
-        nodejs
-        # Add any other tools you need for nix-update workflows
-      ];
-
-      # Advanced settings
-      settings = {
-        runner = {
-          capacity = 4; # One job at a time (increase if you have resources)
-          timeout = "4h"; # Nix builds can take a while
-        };
-        cache = {enabled = true;};
-        container = {
-          enable_ipv6 = true;
-          privileged = false;
-        };
-      };
-    };
-  };
-
-  # User management (auto-created by module, but ensuring proper setup)
-  users.users.gitea-runner = {
-    home = "/var/lib/gitea-runner";
-    group = "gitea-runner";
-    isSystemUser = true;
-    createHome = true;
-  };
-  users.groups.gitea-runner = {};
-
-  # Firewall: Allow Podman bridge networks for cache actions
-  networking.firewall.trustedInterfaces = ["br-+"];
-}

hosts/m3-kratos/secrets.nix

@@ -5,7 +5,9 @@
         file = ../../secrets/anytype-key.age;
         owner = "m3tam3re";
       };
-      tailscale-key = { file = ../../secrets/tailscale-key.age; };
+      tailscale-key = {
+        file = ../../secrets/tailscale-key.age;
+      };
       wg-DE = {
         file = ../../secrets/wg-DE.age;
         path = "/etc/wireguard/DE.conf";
@@ -38,14 +40,6 @@
         file = ../../secrets/exa-key.age;
         owner = "m3tam3re";
       };
-      basecamp-client-id = {
-        file = ../../secrets/basecamp-client-id.age;
-        owner = "m3tam3re";
-      };
-      basecamp-client-secret = {
-        file = ../../secrets/basecamp-client-secret.age;
-        owner = "m3tam3re";
-      };
     };
   };
 }

hosts/m3-kratos/services/default.nix

@@ -15,7 +15,7 @@
     gvfs.enable = true;
     trezord.enable = true;
     gnome.gnome-keyring.enable = true;
-    qdrant.enable = true;
+    qdrant.enable = false;
     stirling-pdf.enable = true;
     avahi = {
       enable = true;

overlays/default.nix

@@ -8,6 +8,7 @@
   # You can change versions, add patches, set compilation flags, anything really.
   # https://nixos.wiki/wiki/Overlays
   modifications = final: prev: {
+    qdrant = inputs.nixpkgs-stable.legacyPackages.${prev.system}.qdrant;
     #   n8n = import ./mods/n8n.nix {inherit prev;};
 
     #   brave = prev.brave.override {

secrets.nix

@@ -18,6 +18,7 @@ let
 in {
   "secrets/anytype-key.age".publicKeys = systems ++ users;
   "secrets/anytype-key-ares.age".publicKeys = systems ++ users;
+  "secrets/basecamp-env.age".publicKeys = systems ++ users;
   "secrets/baserow-env.age".publicKeys = systems ++ users;
   "secrets/ghost-env.age".publicKeys = systems ++ users;
   "secrets/littlelink-m3tam3re.age".publicKeys = systems ++ users;
@@ -29,9 +30,6 @@ in {
   "secrets/paperless-key.age".publicKeys = systems ++ users;
   "secrets/ref-key.age".publicKeys = systems ++ users;
   "secrets/exa-key.age".publicKeys = systems ++ users;
-  "secrets/basecamp-client-id.age".publicKeys = systems ++ users;
-  "secrets/basecamp-client-secret.age".publicKeys = systems ++ users;
-  "secrets/gitea-runner-token.age".publicKeys = systems ++ users;
   "secrets/restreamer-env.age".publicKeys = systems ++ users;
   "secrets/searx.age".publicKeys = systems ++ users;
   "secrets/tailscale-key.age".publicKeys = systems ++ users;

secrets/basecamp-client-secret.age

@@ -1,21 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 4NLKrw eqiq6a9Ht012v9ryAt2uZwpCU5/DFbiMZIkH0A/ovhc
-c2ubOjYEc6RjhrZUCyKvB7chJwlCBv1KeIXdXlYcyNA
--> ssh-ed25519 5kwcsA R+KKgXolqFgs3sPFKLWBj8CYMHvsE0vcoPYjqgaYSDc
-jdl1BcHDXY3lvAfFKeHl8lNgbjbxLPOL+5OaPBsJC5o
--> ssh-ed25519 9d4YIQ KYeIi3u2JB3efI5pSlc4up2wgAvR+X1xsHuRSZmr5RY
-Qy6wagBuOXuy5b23stKEc/zfMpN53/56LKMgPFd5fwo
--> ssh-ed25519 3Bcr1w yYclbDnxBkGQF+MmcqNDG2VHZDcXK01Orl2c0L4auy4
-wbC9r7P4hnJT+V0Ic3Pk9nQ5ZUoPL+/qR9Ab5OHv3d0
--> ssh-rsa DQlE7w
-CQBYcl5SvyoDAm5n1QWE9o2er5GxYZvG2zrBtOPs+S7gnm6yHL2rtKDfxf+tpp/E
-8xJHSi6t9zTWYwZ+udU8gjmawe8GcaWGYOHqjCd4H6Ic5c1aMMfUQsPR2aWlJ7R5
-4B1D83pZ/PHp1Qqb/AJKoiw3DNo4KrvYS+nX4FXuDD8o9JRuY5KjbY+9E2UcHx0s
-8XGZq26TY8I2hVA8519bZeI4FTqoBx0yUBuE3VjTlrd/XtgpvNk0YswyMBiqpdhG
-PY+KZAnEPw3TbFtfmqbLk5QXrm4pn/TE/z4kzN9+3CkT2zbBBPGwaBAtQsOQ6yKL
-ZQRtnEm9FJzOBu3fFodeBfea8vEzEmuro+zbw/94tk0zjpMzfSehRfLE8tusgO+S
-/W/7yzlMVeutlWbzwpMZ4mALjz/PAYq8O3Kh88dbu9XEh0i/oWPBJiHlUdYND2YJ
-5WOSlXDnotRmwB8vGmyPWS72jBfgPZLVfA7y73RzOhc6vwo4jU5Nh6ee+3LPOjfW
-
---- 6X7pxwraQpXikkDgLrY3ay7zcwdk9U9LHx/MP8jEgcw
-<3‘jÂ<6A>ö¼uWÙF“’DæÙŸ™$Hð¹Ç†s)àSÚˆ›/ïÂëº pí3üA‰Sö^ùïóïVß‹u@9‡»µ´rš+L2

secrets/gitea-runner-token.age

@@ -1,5 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 4NLKrw yQsk1NS2ujPzm4WJLl/CYi0EZRCIFvgJP2aLG09KJQE
-H2QT+huNTEpE2ndSeyL38e1JW1Z+UEHObqhZQ66E28M
---- 1lhPBj02CB6BsouveThOL4pyTKXQhrUro59YXz0+fRk
-qœË=÷¼V<C2BC>wÃ×Ü®1A<31>½ß²uš!óI›(ÏÄ?¤CC"ßÞ‹’3.ëÎåŽãsŒô :"úÔº|¦ÑæÆçY2”þ\ï<>ýˆ›Í¨«