The full nix-ld library list shadowed nix's own curl, breaking
libnixstore.so with "CURL_OPENSSL_4 not found". The prebuilt node
watcher binding only needs libstdc++/libgcc_s, so use stdenv.cc.cc.lib
and let nix-built tools resolve their own deps via RUNPATH.
The file watcher binding (and other node-precompiled .node modules
loaded via dlopen) failed with "libstdc++.so.6: cannot open shared
object file" because systemd services don't inherit the user shell's
LD path. Reuse the nix-ld library list so the service sees the same
common libraries unwrapped binaries get globally.
The opencode-serve unit ran with systemd's minimal default PATH, so
shell commands invoked by the agent (git, make, nix, node, rg, etc.)
were not found. Set systemd.services.opencode-serve.path on both sgx
and amd to a common dev toolset.
Mirror of the sgx opencode setup: systemd service on port 4196 fronted
by nginx with a per-host ACME cert (DNS-01 via internetbs). Adds amd
key + path rule to .sops.yaml so secrets under .secrets/amd/ encrypt
for the host.
- Included `opencode` in the `packages` list for both HALO and AMD system configurations.
- Improves development environment by providing additional tooling.
- Introduced `sound.nix` to manage audio device priorities using PipeWire's WirePlumber configuration.
- Linked `sound.nix` to `default.nix` for streamlined system audio customization.
- Ensures defined priority levels for HDMI, USB microphones, and SPDIF outputs.
- Added `nvtopPackages.amd` to the package list for better GPU monitoring on AMD systems.
- Enhances system configuration by enabling real-time visualization of GPU usage.
Create 6 new NixOS modules to reduce duplication across system configs:
- hardware/wooting: Wooting keyboard udev rules and Bluetooth compat
- services/nginx-base: Common nginx server settings
- services/acme-base: ACME certificate defaults
- services/xremap: Key remapping with sensible defaults
- system/no-sleep: Disable sleep/suspend/hibernate targets
- system/kernel-tweaks: PM freeze timeout and zram configuration
Update system configuration files to use these new modules.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Tune sysctl parameters for better I/O and memory performance:
- Lower swappiness to reduce disk swapping with zram
- Reduce vfs_cache_pressure to keep filesystem caches longer
- Adjust dirty page writeback ratios for SSD performance
- Configure zram with zstd compression
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Enabled Docker support by setting `docker.enable` to true.
- Disabled Podman's Docker compatibility mode with `podman.dockerCompat`.
- Improves virtualization configuration by prioritizing Docker usage.
- Added support for Steam by enabling it in `default.nix` under `programs.steam`.
- Aligns with the pattern of including widely used software for enhanced functionality.
- Dropped `mitigations=off` from `boot.kernelParams` for improved alignment with security best practices.
- Ensures the system maintains mitigations against CPU vulnerabilities by default.
- Added `cider-2` to the `programs` list in `default.nix` for extended functionality.
- Aligns with the existing pattern of including commonly used utilities.
- Added `lockdown=confidentiality`, `quiet`, `splash`, `video=efifb:nobgrt`, and `mitigations=off` to `boot.kernelParams` for improved boot behavior.
- Enhances security, reduces verbosity, and
- Refactored hardware-configuration.nix for better formatting and added `noatime` option for `/` filesystem.
- Enabled `build` service and set CPU frequency governor to `performance` for enhanced optimization.
- Updated default.nix with additional service and power management features.
