harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
my nix configs
792 commits 4 branches 0 tags 17 MiB
Find a file
Harald Hoyer 4dc3cffba6 refactor(opencode): allow @test inside #[cfg(test)] mod blocks, drop file gate 
The previous design routed Rust unit tests to NOT_TESTABLE: Rust
unit-only because @test was forbidden from touching src/, which
forced @make to write both the production code and the inline
#[cfg(test)] mod tests in one dispatch — losing TDD's RED→GREEN
separation. But Rust module tests inside #[cfg(test)] mod tests
{ ... } are the canonical unit-testing idiom, not an edge case.

@test's File Constraint now allows modifying src/**/*.rs, but
strictly inside #[cfg(test)] mod <name> { ... } blocks. Every line
outside such a block stays read-only — adding pub, importing crates,
declaring siblings, or any other production change is forbidden.
Integration tests at tests/**/*.rs continue to work as before.

The Phase 6 post-step file gate (git status snapshot + comm -23
diff against test-pattern globs) is removed. With @test legitimately
writing inside src/, a path-based gate proves nothing — production
edits and cfg(test) edits live in the same files. The boundary is
enforced by the prompt rule and Phase 8 reviewer scrutiny.

Phase 5 test-file guidance updated to distinguish module vs
integration tests for Rust, with stub-first TDD applying to both
when symbols don't yet exist. The "Rust integration TDD: stub-first"
section is renamed to "Rust stub-first TDD" and now covers module
tests too. NOT_TESTABLE's "Rust unit-only" reason is replaced with
"Missing testability seam" for cases where the production code
needs a small change before tests can be authored.
2026-05-08 10:20:16 +02:00
.secrets feat(amd): add opencode web server at opencode.amd.hoyer.world 2026-05-03 15:55:15 +02:00
config refactor(opencode): allow @test inside #[cfg(test)] mod blocks, drop file gate 2026-05-08 10:20:16 +02:00
homes refactor(home): extract shared wezterm module 2026-04-27 09:47:49 +02:00
lib chore: statix fix 2026-04-20 10:09:24 +02:00
modules fix: add ssh key 2026-05-05 14:20:00 +02:00
overlays fix(halo): remove -DGGML_HIP_ROCWMMA_FATTN=ON 2026-05-06 13:08:45 +02:00
packages feat(packages): expose geekbench_6 as flake package 2026-04-27 15:46:35 +02:00
systems feat(halo): add different llama servers 2026-05-07 14:54:48 +02:00
.gitattributes remove required from .gitattributes 2024-11-29 15:45:57 +01:00
.gitignore chore: update .gitignore to include .direnv 2025-03-20 09:56:10 +01:00
.sops.yaml feat(amd): add opencode web server at opencode.amd.hoyer.world 2026-05-03 15:55:15 +02:00
CLAUDE.md chore: add notes about fmt and statix 2026-04-20 10:06:26 +02:00
flake.lock chore: flake update 2026-05-04 08:44:12 +02:00
flake.nix nix fmt 2026-02-24 13:25:42 +01:00
README.md docs: update README with project structure and instructions 2025-03-20 09:43:18 +01:00

README.md

NixOS Configuration

A modular NixOS configuration setup for multiple systems.

Project Structure

  • modules/: Reusable NixOS/Darwin modules
    • common.nix: Common module imports and definitions
    • nixos/: NixOS-specific modules
      • home/: Home Manager integration for NixOS
      • nix/: Nix package manager configuration
      • nix-ld/: Dynamic linking support
      • network/: Network configuration modules
        • resolved/: DNS resolution configuration
      • security/: Security-related modules
        • ssh-host-keys/: SSH host key management
      • services/: Service configuration modules
        • base/: Basic system configuration
        • gui/: Graphical interface setup
        • homeprinter/: Home printer support
        • podman/: Container runtime
        • secureboot/: Secure boot configuration
      • sgx/: Intel SGX support
        • aesmd_dcap/: SGX AESMD DCAP service
        • pccs/: SGX Provisioning Certificate Caching Service
      • system/: System configuration modules
        • auto-upgrade/: Automatic system upgrades
        • limits/: System resource limits
        • zram/: ZRAM swap configuration
      • tools/: Common tools configuration
        • direnv/: Direnv integration
        • git/: Git configuration
      • user/: User account configuration
      • virtualization/: Virtualization support
    • home/: Home Manager modules
      • cli-apps/: Command-line applications
      • gui/: GUI application configuration
      • tools/: User tools configuration
      • user/: User preferences
    • darwin/: Darwin-specific modules
      • home/, nix/, security/, etc.
  • systems/: Individual system configurations
    • x86_64-linux/: Linux systems on x86_64
    • aarch64-linux/: Linux systems on ARM
    • x86_64-darwin/: macOS systems on x86_64
    • aarch64-darwin/: macOS systems on ARM
  • homes/: Home Manager configurations for each user/system
  • lib/: Helper functions and utilities
  • overlays/: Nixpkgs overlays
  • packages/: Custom packages

Using the Configurations

Install a system via nixos-anywhere

$ nix run github:numtide/nixos-anywhere -- \
  --flake 'git+https://git.hoyer.xyz/harald/nixcfg'.#hostname \
  root@hostname --no-reboot --tty -i $HOME/.ssh/id_ed25519
... enter disk password
$ ssh -t root@hostname systemd-cryptenroll /dev/luksdev --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=1,15

Update NixOS system

$ nixos-rebuild --use-remote-sudo -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg boot

Update macOS system

$ darwin-rebuild -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg switch

Update home-manager configuration

$ nix --refresh run 'git+https://git.hoyer.xyz/harald/nixcfg' -- \
  switch -b backup --flake 'git+https://git.hoyer.xyz/harald/nixcfg'