diff --git a/.secrets/x1/files.yaml b/.secrets/x1/files.yaml new file mode 100644 index 0000000..a20919b --- /dev/null +++ b/.secrets/x1/files.yaml @@ -0,0 +1,41 @@ +hello: ENC[AES256_GCM,data:fXNDiacuFhmqmbo9FiGmoBKeOk7KvuVw3ytzcEzj/VxkqoDCGtJ2YX/TaVQfsQ==,iv:bHP2CYXZth3DX6OIeqdzv3zmFVWdRaNBvLuZx0FSyf8=,tag:bn1w5QcyyQ5EcXyoFnc1Zw==,type:str] +example_key: ENC[AES256_GCM,data:lumROh5JwNpCJrNzxg==,iv:FLmpmVtzMUzPV9Y0nLTKXzisUqCZKonv44LviQTMsfU=,tag:Hp2N7AG7lGNQstt27Ty8pw==,type:str] +#ENC[AES256_GCM,data:KrggG2yc0mFi3zoZ+WLd7w==,iv:GQZPZZH4xGxFcP5BLiwUIVQkCi7Bsmalsz/myNBbdoI=,tag:fzmEQLnWjfVc+iywEFwp9Q==,type:comment] +example_array: + - ENC[AES256_GCM,data:7go3euwMIP7BDuq96vo=,iv:P8hx+DSSbkhrw0SOKLMtcc4/TZBODnQnQFRUxv49oio=,tag:Xi5JbLc+xvcOOv10pY1ydw==,type:str] + - ENC[AES256_GCM,data:WVgP3/Hak8ha5yaPmTU=,iv:2DwnOLze1a0vXfOey2xv4qOVE1PhOMq3e+GR/3RiOPU=,tag:TftAtYcHRQctTV5sBHPKFw==,type:str] +example_number: ENC[AES256_GCM,data:fOprnAAZ/267JQ==,iv:5jvsM3i5iHcpSJWqcryqQJQZCrEP72jcAkyc7qVVirk=,tag:nxecWgcSZOyzuwvOlFawyw==,type:float] +example_booleans: + - ENC[AES256_GCM,data:iCUmxA==,iv:On6DiKbzithmRq+smOW4pEq3tod0zWWT7dyW9ArolLY=,tag:yoD9ODLYSZkuP0qkUrkR3w==,type:bool] + - ENC[AES256_GCM,data:dAYxptk=,iv:JAm9mvA5EH581cZkaNK8yYkV8U8o2gWR2jAh+mUMxt0=,tag:W5sHPszsOzUDZ6mQgIcq+w==,type:bool] +hosts: ENC[AES256_GCM,data:/28ojxFukz4ThwSjQGURtf+h5Ic5WJN6P8nC75zQWan6LANOVc1zk5tVh7qmSLXcGvGW/2IE0dpz2ysY+z7ujYdKSDA2neFy8+NoBXc3REG60nF/QdNiHMg2rlLfq9n7eQAqXGBSpED/41Y/YO2nuV8ehL4GtsDOuFZnxujnLbu+Q6u30yf+/IVqlk3VnWm5C+Fy6bdX2bYOUyM5ce313i4u5slBEBs0l1lQjX1vE4KK5F6t3d410NdGHShB+RXkOhaBujKX/hKEXWQku/nnjgOiP+JURB/qA/SZzxO/yoV7htNvCE/JcfmTk85SVPAmp7uy4egyK4FveKRXtT5Gla1Vnrg1v9NAVCuYgQECqhE3IYEjtUlxul0h+OI4JmnP6y90nLz8RozxGw4qIc8yJgOZmVORqr2PqbFbtdj8MKid9Df0ciU=,iv:YhMTYHV3kc3LQrAGaPgkek5ZrEYYcZxNOPyKUSbgsC8=,tag:Axx5CIPWdDb8hukM7H4sxg==,type:str] +wg: ENC[AES256_GCM,data:HjvSsKAkH2yIpuPPteNz/7guP46OrRvH2eKIQPxMSf/kiWXHTRUZDUmGakbOryirkakkgQF1fwxRXehiFULvfaPb9WNx6kR7X7orNWmSR5CRmNWBCB5y7CRsSlO3frL8iKR1JLFjew7omktHiXBew63q38YvsvOeXI2zoLumuGuXl6JH5D9hK2AvEBUehMSkBzrLFgZNeNjsxnFatQEic9e6namjJ2TqcT4F1z4u/5yptkmUCpn4isLjV23zFOALOXcjjyy/9ztcKMGiGE+ULQM3fm+7c3ryux/PmREr2Aj0IDQMDXgJCPvdiHhXvC7K/oGwJPDJeP0v,iv:Lnz5RyUi9D3dClgzFmm4EeD6SZGuFFbs6JBIZevUIdo=,tag:EjheBu/a392lcAgQVVtIuw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1z87u2na6vts0sqg6sc73p9ym6e5g9a0gf3hp9e7ha47e83zy4efqcjhk0y + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRRXJtL2lpZlR1TDBRalZr + dmdpdmRrVGF0TnJFZHExQ3BuSS96Z0E5aENNCjNHbmJCRzdUVG9GOEdMaERRNzY2 + aStWNTR2UHkwL3MvNGJnZGFhTXFaencKLS0tIFNlTDZWQVRpbWxJb2JlenRFRDJY + SFVUUHE0emZ6MS9VR0FWcytyQy90elUK3g0fuPB45+JnrRxgD+7Iijz6yUVVXct2 + w5T1UPZElKZQM6VL0QMozD8/piu5sk15cubMnmLjxESztpMRxrgPnw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoYTdLcm9yTmRRaU5Qdlpy + M2dsalNReWhpZTZtNW9xL3pNbVUzOEZuMkJRCmpXcHpCZkt3NEZJYXBNMXc0Q3BY + ZlVBZ2hCenViSW5jRTc1cXFWVEJRZ2cKLS0tIGVROVBxaUFMNXVjdkcwNEE2VzJl + blhTd3BhbmgvZHQ4dkF3TTJMcERRN2sKoPKAYvJzRm72V5WEee+vNqjw+mRL66ir + DQRas5WfwqOIxHcPHpXHLu9zhmwlNKS+vt4GcG81l4eQLFDFmBol5w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-04-04T11:23:03Z" + mac: ENC[AES256_GCM,data:l/WirVeSYQLuaZEjAPyX+5DJu3hfqiw1ZzPUNAbNKFQ1vUQf5Zxo3tfM7ROO+x95T9jGE271TIchTJAVu0C2XFTSPv7fJ9+WWyUr3JeFN1kFXt/k8Q5aLGdffAInhN2exsw/KKP0IXta5t4g2QfFsBZTDKCqLaj+WUeGBEJfjoc=,iv:J+6OIcE6i0Nt1Nb4m+aBBYeCj1iLNFigrRWYyYbY5GU=,tag:XTBvtWFNgRzuVyT7sWkGlg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/.sops.yaml b/.sops.yaml index 7449b04..178f37d 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,6 +2,7 @@ keys: - &server_hetzner age1qur4kh3gay9ryk3jh2snvjp6x9eq94zdrmgkrfcv4fzsu7l6lumq4tr3uy - &server_sgx age149fqcw5jze00vd7jauylrp4j5xyv7amlu57jjfuzghkqtzlnxajs704uz3 - &server_t15 age1f2yu0cc826ej7hs4g865y29zy9uqfy0yp32f2m80typpk2pxqp7sfcffj4 + - &server_x1 age1z87u2na6vts0sqg6sc73p9ym6e5g9a0gf3hp9e7ha47e83zy4efqcjhk0y - &harald age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l creation_rules: - path_regex: .secrets/hetzner/[^/]+\.(yaml|json|env|ini)$ @@ -19,3 +20,8 @@ creation_rules: - age: - *server_t15 - *harald + - path_regex: .secrets/x1/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *server_x1 + - *harald diff --git a/flake.lock b/flake.lock index 1cc38d5..3d8d015 100644 --- a/flake.lock +++ b/flake.lock @@ -388,11 +388,11 @@ ] }, "locked": { - "lastModified": 1742655702, - "narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=", + "lastModified": 1743387206, + "narHash": "sha256-24N3NAuZZbYqZ39NgToZgHUw6M7xHrtrAm18kv0+2Wo=", "owner": "nix-community", "repo": "home-manager", - "rev": "0948aeedc296f964140d9429223c7e4a0702a1ff", + "rev": "15c5f9d04fabd176f30286c8f52bbdb2c853a146", "type": "github" }, "original": { @@ -799,11 +799,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1742751704, - "narHash": "sha256-rBfc+H1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE=", + "lastModified": 1743576891, + "narHash": "sha256-vXiKURtntURybE6FMNFAVpRPr8+e8KoLPrYs9TGuAKc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092", + "rev": "44a69ed688786e98a101f02b712c313f1ade37ab", "type": "github" }, "original": { @@ -2818,11 +2818,11 @@ }, "unstable": { "locked": { - "lastModified": 1742669843, - "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", + "lastModified": 1743583204, + "narHash": "sha256-F7n4+KOIfWrwoQjXrL2wD9RhFYLs2/GGe/MQY1sSdlE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1e5b653dff12029333a6546c11e108ede13052eb", + "rev": "2c8d3f48d33929642c1c12cd243df4cc7d2ce434", "type": "github" }, "original": { diff --git a/overlays/unstable/aider-chat.nix b/overlays/unstable/aider-chat.nix new file mode 100644 index 0000000..429839f --- /dev/null +++ b/overlays/unstable/aider-chat.nix @@ -0,0 +1,257 @@ +{ lib +, stdenv +, python312 +, fetchFromGitHub +, fetchurl +, pkg-config +, gitMinimal +, portaudio +, playwright-driver +, pkgs +, tree-sitter-grammars +}: + +let + python3 = python312.override { + self = python3; + packageOverrides = _: super: { tree-sitter = super.tree-sitter_0_21; }; + }; + + tree-sitter-language-pack = python312.pkgs.buildPythonPackage { + pname = "tree-sitter-language-pack"; + version = "0.6.1"; + src = fetchurl { + url = "https://files.pythonhosted.org/packages/1b/d6/d9120dd60db977534ee1dea1459fa8695bfd220d003f2b7b9b74e9df19e0/tree_sitter_language_pack-0.6.1.tar.gz"; + sha256 = "1f826jb7sikd7rsr92y8c3b4jaf8byifmr01v5i2ar4vdddmyqx4"; + }; + pyproject = true; + + build-system = with python312.pkgs; [ + setuptools + cython + typing-extensions + ]; + + nativeBuildInputs = with pkgs; with pkgs.tree-sitter-grammars; [ + tree-sitter + tree-sitter-c-sharp + tree-sitter-embedded-template + tree-sitter-yaml + ]; + + propagatedBuildInputs = with python312.pkgs; with pkgs.tree-sitter-grammars; [ + tree-sitter + tree-sitter-c-sharp + tree-sitter-embedded-template + tree-sitter-yaml + ]; + + nativeCheckInputs = [ python312.pkgs.pytestCheckHook ]; + # Without cd $out, tests fail to import the compiled cython extensions. + # Without copying the ./tests/ directory to $out, pytest won't detect the + # tests and run them. See also: + # https://github.com/NixOS/nixpkgs/issues/255262 + preCheck = '' + cp -r tests $out/${python3.sitePackages}/tree_sitter_language_pack + cd $out + ''; + + pythonImportsCheck = [ "tree_sitter_language_pack" ]; + }; + + version = "0.79.0"; + aider-chat = python3.pkgs.buildPythonPackage { + pname = "aider-chat"; + inherit version; + pyproject = true; + + src = fetchFromGitHub { + owner = "Aider-AI"; + repo = "aider"; + tag = "v${version}"; + hash = "sha256-8XC/pc5caNp8C7k/YBaLSXakjM13wxFgr2RkmaArIL8="; + }; + + pythonRelaxDeps = true; + + build-system = with python3.pkgs; [ setuptools-scm ]; + + dependencies = with python3.pkgs; [ + aiohappyeyeballs + aiohttp + aiosignal + annotated-types + anyio + attrs + backoff + beautifulsoup4 + certifi + cffi + charset-normalizer + click + configargparse + diff-match-patch + diskcache + distro + filelock + flake8 + frozenlist + fsspec + gitdb + gitpython + grep-ast + h11 + httpcore + httpx + huggingface-hub + idna + importlib-resources + jinja2 + jiter + json5 + jsonschema + jsonschema-specifications + litellm + markdown-it-py + markupsafe + mccabe + mdurl + multidict + networkx + numpy + openai + packaging + pathspec + pexpect + pillow + prompt-toolkit + psutil + ptyprocess + pycodestyle + pycparser + pydantic + pydantic-core + pydub + pyflakes + pygments + pypandoc + pyperclip + python-dotenv + pyyaml + referencing + regex + requests + rich + rpds-py + scipy + smmap + sniffio + sounddevice + socksio + soundfile + soupsieve + tiktoken + tokenizers + tqdm + tree-sitter + tree-sitter-languages + tree-sitter-language-pack + typing-extensions + urllib3 + watchfiles + wcwidth + yarl + zipp + pip + + # Not listed in requirements + mixpanel + monotonic + posthog + propcache + python-dateutil + ]; + + buildInputs = [ portaudio ]; + + nativeCheckInputs = (with python3.pkgs; [ pytestCheckHook ]) ++ [ gitMinimal ]; + + disabledTestPaths = [ + # Tests require network access + "tests/scrape/test_scrape.py" + # Expected 'mock' to have been called once + "tests/help/test_help.py" + ]; + + disabledTests = + [ + # Tests require network + "test_urls" + "test_get_commit_message_with_custom_prompt" + # FileNotFoundError + "test_get_commit_message" + # Expected 'launch_gui' to have been called once + "test_browser_flag_imports_streamlit" + # AttributeError + "test_simple_send_with_retries" + # Expected 'check_version' to have been called once + "test_main_exit_calls_version_check" + # AssertionError: assert 2 == 1 + "test_simple_send_non_retryable_error" + ] + ++ lib.optionals stdenv.hostPlatform.isDarwin [ + # Tests fails on darwin + "test_dark_mode_sets_code_theme" + "test_default_env_file_sets_automatic_variable" + # FileNotFoundError: [Errno 2] No such file or directory: 'vim' + "test_pipe_editor" + ]; + + makeWrapperArgs = [ + "--set AIDER_CHECK_UPDATE false" + "--set AIDER_ANALYTICS false" + ]; + + preCheck = '' + export HOME=$(mktemp -d) + export AIDER_ANALYTICS="false" + ''; + + optional-dependencies = with python3.pkgs; { + playwright = [ + greenlet + playwright + pyee + typing-extensions + ]; + }; + + passthru = { + withPlaywright = aider-chat.overridePythonAttrs ( + { dependencies + , makeWrapperArgs + , propagatedBuildInputs ? [ ] + , ... + }: + { + dependencies = dependencies ++ aider-chat.optional-dependencies.playwright; + propagatedBuildInputs = propagatedBuildInputs ++ [ playwright-driver.browsers ]; + makeWrapperArgs = makeWrapperArgs ++ [ + "--set PLAYWRIGHT_BROWSERS_PATH ${playwright-driver.browsers}" + "--set PLAYWRIGHT_SKIP_VALIDATE_HOST_REQUIREMENTS=true" + ]; + } + ); + }; + + meta = { + description = "AI pair programming in your terminal"; + homepage = "https://github.com/paul-gauthier/aider"; + changelog = "https://github.com/paul-gauthier/aider/blob/v${version}/HISTORY.md"; + license = lib.licenses.asl20; + maintainers = with lib.maintainers; [ happysalada ]; + mainProgram = "aider"; + }; + }; +in +aider-chat diff --git a/overlays/unstable/default.nix b/overlays/unstable/default.nix index 130f452..7ba9efd 100644 --- a/overlays/unstable/default.nix +++ b/overlays/unstable/default.nix @@ -6,6 +6,11 @@ final: prev: { open-webui claude-code aider-chat + vscode ; + goose-cli = channels.unstable.callPackage ./goose.nix { }; + vscode-extensions = channels.unstable.vscode-extensions // { + rooveterinaryinc = { roo-cline = channels.unstable.callPackage ./roo-code.nix { }; }; + }; } diff --git a/overlays/unstable/goose.nix b/overlays/unstable/goose.nix index 8056930..eb644fb 100644 --- a/overlays/unstable/goose.nix +++ b/overlays/unstable/goose.nix @@ -25,18 +25,18 @@ let in rustPlatform.buildRustPackage rec { pname = "goose-cli"; - version = "1.0.16-1"; + version = "1.0.17"; src = fetchFromGitHub { owner = "block"; repo = "goose"; - #tag = "v${version}"; - rev = "e7ad230957053dac7643701a69439ac19d5d2bf6"; - hash = "sha256-328lLQeZClZI/mKFLvUppdZLjYwwiMR6WmS2ZroZxLU="; + tag = "v${version}"; + #rev = "e7ad230957053dac7643701a69439ac19d5d2bf6"; + hash = "sha256-l/lcwTNUq2xJHh0MKhnDZjRJ/5cANbdar/Vusf38esQ="; }; useFetchCargoVendor = true; - cargoHash = "sha256-hcIbwNDagH5pajHrJxp+qJscLRHKr3SAFkNPr4NwtBc="; + cargoHash = "sha256-1xKWzgptnM1ZP0nQXILBoaKVwL2FyXpldTUIa1ITQO0="; nativeBuildInputs = [ pkg-config ]; @@ -61,6 +61,7 @@ rustPlatform.buildRustPackage rec { "--skip=config::base::tests::test_secret_management" # Observer should be Some with both init project keys set "--skip=tracing::langfuse_layer::tests::test_create_langfuse_observer" + "--skip=providers::gcpauth::tests::test_token_refresh_race_condition" ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ # Lazy instance has previously been poisoned diff --git a/overlays/unstable/roo-code.nix b/overlays/unstable/roo-code.nix new file mode 100644 index 0000000..b92f425 --- /dev/null +++ b/overlays/unstable/roo-code.nix @@ -0,0 +1,24 @@ +{ lib +, vscode-utils +, vscode-extensions-update-script +, +}: + +vscode-utils.buildVscodeMarketplaceExtension { + mktplcRef = { + publisher = "RooVeterinaryInc"; + name = "roo-cline"; + version = "3.11.10"; + hash = "sha256-ZonPsVG9IIbdz1i3oBPcOjRsXTYZ/pUOjguUhY0bzWY="; + }; + + passthru.updateScript = vscode-extensions-update-script { }; + + meta = { + description = "AI-powered autonomous coding agent that lives in your editor"; + downloadPage = "https://marketplace.visualstudio.com/items?itemName=RooVeterinaryInc.roo-cline"; + homepage = "https://github.com/RooVetGit/Roo-Code"; + license = lib.licenses.asl20; + maintainers = with lib.maintainers; [ emaryn ]; + }; +} diff --git a/systems/x86_64-linux/x1/default.nix b/systems/x86_64-linux/x1/default.nix index 2f5d4d5..91cff05 100644 --- a/systems/x86_64-linux/x1/default.nix +++ b/systems/x86_64-linux/x1/default.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: with lib; with lib.metacfg; { @@ -7,6 +7,30 @@ with lib.metacfg; # ./ipu.nix ]; + sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ]; + sops.secrets."wg".sopsFile = ../../../.secrets/x1/files.yaml; + sops.secrets."wg".mode = "0444"; + sops.secrets."hosts".sopsFile = ../../../.secrets/x1/files.yaml; + sops.secrets."hosts".mode = "0444"; + + environment.etc."wg0.backup.conf".source = config.sops.secrets."wg".path; + environment.etc."hosts.backup".source = config.sops.secrets."hosts".path; + + services.openssh = { + enable = true; + hostKeys = [ + { + path = "/var/lib/secrets/ssh_host_ed25519_key"; + type = "ed25519"; + } + { + path = "/var/lib/secrets/ssh_host_rsa_key"; + type = "rsa"; + bits = 4096; + } + ]; + }; + hardware.bluetooth.input.General.ClassicBondedOnly = false; services.udev.extraRules = '' KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="342d", ATTRS{idProduct}=="e4c5", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl" @@ -62,6 +86,17 @@ with lib.metacfg; claude-desktop-with-fhs goose-cli aider-chat + #vscode + (vscode-with-extensions.override { + vscodeExtensions = with vscode-extensions; [ + rooveterinaryinc.roo-cline + rust-lang.rust-analyzer + github.copilot + ms-python.python + ms-azuretools.vscode-docker + ms-vscode-remote.remote-ssh + ]; + }) ]; zramSwap.enable = true;