harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
my nix configs
813 commits 4 branches 0 tags 17 MiB
Find a file
Harald Hoyer 1094facb1e refactor(opencode): use $1 substitution, drop BASE_BRANCH and arg parsing 
The workflow command was asking the model to parse $ARGUMENTS into
positional tokens (issue ID, optional base branch). Opencode supports
$1, $2, $3, ... for direct positional substitution at template-load
time — the model never needs to see or parse a joined argument string.
Two simplifications:

1. Replace $ARGUMENTS-parsing with $1. Every reference to the issue ID
   in commands/workflow.md is now $1, which opencode substitutes
   literally before the prompt loads. Eliminates a class of parsing
   errors (whitespace edge cases, mis-splits, hallucinated extra args)
   and removes the orchestrator's need to "remember" an ISSUE_ID
   variable across phases.

2. Drop BASE_BRANCH entirely. It was used in three places:
   - Phase 1 "branch != base" check — actual concern is "don't run on
     a protected branch." Replace with refusal on main/master/develop/
     any matching protected name.
   - Phase 8 `git diff "$BASE_BRANCH"...HEAD` — anchor the diff to
     START_SHA captured at Phase 1 instead. With one-task-per-run
     (ADR-21), the run produces a small bounded diff from a known
     starting point; START_SHA is more accurate than diffing against
     a separate branch tip that may have moved.
   - Failure Handler recovery procedure — user-facing instructions;
     name "your usual integration branch" instead of $BASE_BRANCH.

The command signature collapses from `/workflow <ISSUE-ID> [base-branch]`
to just `/workflow <ISSUE-ID>` — single positional, zero parsing.

Routing matrix Phase 1 row updated for the protected-branch refusal;
ADR-14's recovery-procedure paragraph no longer names BASE_BRANCH.

Refs: config/opencode/workflow-design.md ADR-14, ADR-21
2026-05-13 07:20:41 +02:00
.secrets feat(amd): add opencode web server at opencode.amd.hoyer.world 2026-05-03 15:55:15 +02:00
config refactor(opencode): use $1 substitution, drop BASE_BRANCH and arg parsing 2026-05-13 07:20:41 +02:00
homes refactor(home): extract shared wezterm module 2026-04-27 09:47:49 +02:00
lib chore: statix fix 2026-04-20 10:09:24 +02:00
modules fix: add ssh key 2026-05-05 14:20:00 +02:00
overlays feat(halo): new mtp llama.cpp 2026-05-12 16:14:13 +02:00
packages feat(packages): expose geekbench_6 as flake package 2026-04-27 15:46:35 +02:00
systems feat(halo): llama-server-27B-MTP.nix 2026-05-12 16:16:15 +02:00
.gitattributes remove required from .gitattributes 2024-11-29 15:45:57 +01:00
.gitignore chore: update .gitignore to include .direnv 2025-03-20 09:56:10 +01:00
.sops.yaml feat(amd): add opencode web server at opencode.amd.hoyer.world 2026-05-03 15:55:15 +02:00
CLAUDE.md chore: add notes about fmt and statix 2026-04-20 10:06:26 +02:00
flake.lock chore: flake update 2026-05-04 08:44:12 +02:00
flake.nix nix fmt 2026-02-24 13:25:42 +01:00
README.md docs: update README with project structure and instructions 2025-03-20 09:43:18 +01:00

README.md

NixOS Configuration

A modular NixOS configuration setup for multiple systems.

Project Structure

  • modules/: Reusable NixOS/Darwin modules
    • common.nix: Common module imports and definitions
    • nixos/: NixOS-specific modules
      • home/: Home Manager integration for NixOS
      • nix/: Nix package manager configuration
      • nix-ld/: Dynamic linking support
      • network/: Network configuration modules
        • resolved/: DNS resolution configuration
      • security/: Security-related modules
        • ssh-host-keys/: SSH host key management
      • services/: Service configuration modules
        • base/: Basic system configuration
        • gui/: Graphical interface setup
        • homeprinter/: Home printer support
        • podman/: Container runtime
        • secureboot/: Secure boot configuration
      • sgx/: Intel SGX support
        • aesmd_dcap/: SGX AESMD DCAP service
        • pccs/: SGX Provisioning Certificate Caching Service
      • system/: System configuration modules
        • auto-upgrade/: Automatic system upgrades
        • limits/: System resource limits
        • zram/: ZRAM swap configuration
      • tools/: Common tools configuration
        • direnv/: Direnv integration
        • git/: Git configuration
      • user/: User account configuration
      • virtualization/: Virtualization support
    • home/: Home Manager modules
      • cli-apps/: Command-line applications
      • gui/: GUI application configuration
      • tools/: User tools configuration
      • user/: User preferences
    • darwin/: Darwin-specific modules
      • home/, nix/, security/, etc.
  • systems/: Individual system configurations
    • x86_64-linux/: Linux systems on x86_64
    • aarch64-linux/: Linux systems on ARM
    • x86_64-darwin/: macOS systems on x86_64
    • aarch64-darwin/: macOS systems on ARM
  • homes/: Home Manager configurations for each user/system
  • lib/: Helper functions and utilities
  • overlays/: Nixpkgs overlays
  • packages/: Custom packages

Using the Configurations

Install a system via nixos-anywhere

$ nix run github:numtide/nixos-anywhere -- \
  --flake 'git+https://git.hoyer.xyz/harald/nixcfg'.#hostname \
  root@hostname --no-reboot --tty -i $HOME/.ssh/id_ed25519
... enter disk password
$ ssh -t root@hostname systemd-cryptenroll /dev/luksdev --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=1,15

Update NixOS system

$ nixos-rebuild --use-remote-sudo -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg boot

Update macOS system

$ darwin-rebuild -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg switch

Update home-manager configuration

$ nix --refresh run 'git+https://git.hoyer.xyz/harald/nixcfg' -- \
  switch -b backup --flake 'git+https://git.hoyer.xyz/harald/nixcfg'