harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
my nix configs
781 commits 4 branches 0 tags 17 MiB
Find a file
Harald Hoyer 832306c817 fix(opencode): harden workflow against multi-task spec dumps 
A workflow run on a Rust/Bevy task produced a single @make dispatch
covering six tasks (~2 hours of work), with the orchestrator drafting
the full replacement code, including a self-contradicting "actually
that's wrong, let me correct…" revision pass and a `nix develop
--command bash -c "cargo check"` invocation that @make's sandbox
denies. None of the failure modes were caught before dispatch.

Phase 5 gains three new subsections:
- Split Heuristic — explicit rules for when a task must be split
  (>2 concerns, >50 lines / 2 files, structural+runtime+wiring mix);
  prescribes the foundations / implementation / wiring split.
- Code Context Anti-patterns — the field is for seam-revealing
  snippets, not finished answers; max ~5-line snippets, no full
  replacement bodies.
- Finalized-Text Rule — task specs must be single-author finalized
  text, no "actually, that's wrong" revision passes, no two-version
  code blocks, no unresolved questions.

Phase 6 promotes the Rust unit-only NOT_TESTABLE case out of the
decision table into a dedicated routing subsection. The orchestrator
must pass test *specifications* (one-line behavior descriptions,
target functions, assertion types) to @make — never test code — and
run the suite once after @make to capture RED→GREEN evidence.

Phase 7 gains a mandatory Pre-Dispatch Validation table that rejects
specs containing `bash -c` / `sh -c` (any nesting), `nix develop -c
bash`, `cd <path> &&`, oversized Code Context blocks, contradictory
revisions, or duplicated test bodies. Repeated trips signal a Phase
5 split problem and route back to splitting.
2026-05-06 20:25:40 +02:00
.secrets feat(amd): add opencode web server at opencode.amd.hoyer.world 2026-05-03 15:55:15 +02:00
config fix(opencode): harden workflow against multi-task spec dumps 2026-05-06 20:25:40 +02:00
homes refactor(home): extract shared wezterm module 2026-04-27 09:47:49 +02:00
lib chore: statix fix 2026-04-20 10:09:24 +02:00
modules fix: add ssh key 2026-05-05 14:20:00 +02:00
overlays fix(halo): remove -DGGML_HIP_ROCWMMA_FATTN=ON 2026-05-06 13:08:45 +02:00
packages feat(packages): expose geekbench_6 as flake package 2026-04-27 15:46:35 +02:00
systems fix(halo): fix systemd description for llama 2026-05-06 14:03:28 +02:00
.gitattributes remove required from .gitattributes 2024-11-29 15:45:57 +01:00
.gitignore chore: update .gitignore to include .direnv 2025-03-20 09:56:10 +01:00
.sops.yaml feat(amd): add opencode web server at opencode.amd.hoyer.world 2026-05-03 15:55:15 +02:00
CLAUDE.md chore: add notes about fmt and statix 2026-04-20 10:06:26 +02:00
flake.lock chore: flake update 2026-05-04 08:44:12 +02:00
flake.nix nix fmt 2026-02-24 13:25:42 +01:00
README.md docs: update README with project structure and instructions 2025-03-20 09:43:18 +01:00

README.md

NixOS Configuration

A modular NixOS configuration setup for multiple systems.

Project Structure

  • modules/: Reusable NixOS/Darwin modules
    • common.nix: Common module imports and definitions
    • nixos/: NixOS-specific modules
      • home/: Home Manager integration for NixOS
      • nix/: Nix package manager configuration
      • nix-ld/: Dynamic linking support
      • network/: Network configuration modules
        • resolved/: DNS resolution configuration
      • security/: Security-related modules
        • ssh-host-keys/: SSH host key management
      • services/: Service configuration modules
        • base/: Basic system configuration
        • gui/: Graphical interface setup
        • homeprinter/: Home printer support
        • podman/: Container runtime
        • secureboot/: Secure boot configuration
      • sgx/: Intel SGX support
        • aesmd_dcap/: SGX AESMD DCAP service
        • pccs/: SGX Provisioning Certificate Caching Service
      • system/: System configuration modules
        • auto-upgrade/: Automatic system upgrades
        • limits/: System resource limits
        • zram/: ZRAM swap configuration
      • tools/: Common tools configuration
        • direnv/: Direnv integration
        • git/: Git configuration
      • user/: User account configuration
      • virtualization/: Virtualization support
    • home/: Home Manager modules
      • cli-apps/: Command-line applications
      • gui/: GUI application configuration
      • tools/: User tools configuration
      • user/: User preferences
    • darwin/: Darwin-specific modules
      • home/, nix/, security/, etc.
  • systems/: Individual system configurations
    • x86_64-linux/: Linux systems on x86_64
    • aarch64-linux/: Linux systems on ARM
    • x86_64-darwin/: macOS systems on x86_64
    • aarch64-darwin/: macOS systems on ARM
  • homes/: Home Manager configurations for each user/system
  • lib/: Helper functions and utilities
  • overlays/: Nixpkgs overlays
  • packages/: Custom packages

Using the Configurations

Install a system via nixos-anywhere

$ nix run github:numtide/nixos-anywhere -- \
  --flake 'git+https://git.hoyer.xyz/harald/nixcfg'.#hostname \
  root@hostname --no-reboot --tty -i $HOME/.ssh/id_ed25519
... enter disk password
$ ssh -t root@hostname systemd-cryptenroll /dev/luksdev --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=1,15

Update NixOS system

$ nixos-rebuild --use-remote-sudo -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg boot

Update macOS system

$ darwin-rebuild -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg switch

Update home-manager configuration

$ nix --refresh run 'git+https://git.hoyer.xyz/harald/nixcfg' -- \
  switch -b backup --flake 'git+https://git.hoyer.xyz/harald/nixcfg'