my nix configs

Find a file

Harald Hoyer 91ba5bd272 fix(opencode): close two false-green test loopholes and the orchestrator-as-implementer escape hatch A workflow run on a Bevy weaving feature exposed two compounding failures: 1. @test wrote 8 structural-only Rust tests that never invoked weave_enemies or trigger_weaving. Every test passed against the stub-first @make pre-pass because none of them called the stubbed symbols, so todo!() never fired. The body-pass committed code that "passed" the suite and silently broke trigger_weaving in special stages. 2. @check found the trigger_weaving regression at Phase 8 (final review) and the orchestrator decided to "fix them directly" rather than dispatching @make — taking the license offered by the existing review-loop wording. Test-quality fixes: - Phase 3 Test Design now requires each behavior to be expressed as an action + observable outcome. Structural facts ("enum has 3 variants", "struct has these fields") are explicitly disqualified. - Phase 6 stub-first flow gains a mandatory Panic-coverage check: after @test returns, the orchestrator re-runs the test command and rejects the output unless every test panics on todo!() (i.e. every test exercises at least one stubbed symbol). Any passing test is structural-only and routes back to @test. - Phase 6 decision table gets a "Stub-first run: tests pass with zero todo!() panics" row covering the same case. - @test's Test Philosophy gains an explicit Do-NOT-write list of structural-only patterns (variant_count, type ascriptions, Box::new(my_fn), struct-literal-only flows, all-pass-on-stubs) plus a positive rule: every test must call a function and assert on observable outcome, or return NOT_TESTABLE rather than pad the suite. Orchestrator boundary fix: - Phase 8 review loop replaces "fix them directly (no need to re-dispatch @make for small fixes)" with the principle "the orchestrator does not write production code; @make does". BLOCK, behavioral, correctness, and test-quality findings round-trip through @make. Only AST-preserving cosmetic edits (typos in comments, trailing newlines) may be applied directly. Compiler- detected issues (unused imports, dead code) go through @make.		2026-05-08 10:20:16 +02:00
.secrets	feat(amd): add opencode web server at opencode.amd.hoyer.world	2026-05-03 15:55:15 +02:00
config	fix(opencode): close two false-green test loopholes and the orchestrator-as-implementer escape hatch	2026-05-08 10:20:16 +02:00
homes	refactor(home): extract shared wezterm module	2026-04-27 09:47:49 +02:00
lib	chore: statix fix	2026-04-20 10:09:24 +02:00
modules	fix: add ssh key	2026-05-05 14:20:00 +02:00
overlays	fix(halo): remove -DGGML_HIP_ROCWMMA_FATTN=ON	2026-05-06 13:08:45 +02:00
packages	feat(packages): expose geekbench_6 as flake package	2026-04-27 15:46:35 +02:00
systems	feat(halo): add different llama servers	2026-05-07 14:54:48 +02:00
.gitattributes	remove required from .gitattributes	2024-11-29 15:45:57 +01:00
.gitignore	chore: update .gitignore to include .direnv	2025-03-20 09:56:10 +01:00
.sops.yaml	feat(amd): add opencode web server at opencode.amd.hoyer.world	2026-05-03 15:55:15 +02:00
CLAUDE.md	chore: add notes about `fmt` and `statix`	2026-04-20 10:06:26 +02:00
flake.lock	chore: flake update	2026-05-04 08:44:12 +02:00
flake.nix	nix fmt	2026-02-24 13:25:42 +01:00
README.md	docs: update README with project structure and instructions	2025-03-20 09:43:18 +01:00

README.md

NixOS Configuration

A modular NixOS configuration setup for multiple systems.

Project Structure

modules/: Reusable NixOS/Darwin modules
- common.nix: Common module imports and definitions
- nixos/: NixOS-specific modules
  - home/: Home Manager integration for NixOS
  - nix/: Nix package manager configuration
  - nix-ld/: Dynamic linking support
  - network/: Network configuration modules
    - resolved/: DNS resolution configuration
  - security/: Security-related modules
    - ssh-host-keys/: SSH host key management
  - services/: Service configuration modules
    - base/: Basic system configuration
    - gui/: Graphical interface setup
    - homeprinter/: Home printer support
    - podman/: Container runtime
    - secureboot/: Secure boot configuration
  - sgx/: Intel SGX support
    - aesmd_dcap/: SGX AESMD DCAP service
    - pccs/: SGX Provisioning Certificate Caching Service
  - system/: System configuration modules
    - auto-upgrade/: Automatic system upgrades
    - limits/: System resource limits
    - zram/: ZRAM swap configuration
  - tools/: Common tools configuration
    - direnv/: Direnv integration
    - git/: Git configuration
  - user/: User account configuration
  - virtualization/: Virtualization support
- home/: Home Manager modules
  - cli-apps/: Command-line applications
  - gui/: GUI application configuration
  - tools/: User tools configuration
  - user/: User preferences
- darwin/: Darwin-specific modules
  - home/, nix/, security/, etc.
systems/: Individual system configurations
- x86_64-linux/: Linux systems on x86_64
- aarch64-linux/: Linux systems on ARM
- x86_64-darwin/: macOS systems on x86_64
- aarch64-darwin/: macOS systems on ARM
homes/: Home Manager configurations for each user/system
lib/: Helper functions and utilities
overlays/: Nixpkgs overlays
packages/: Custom packages

Using the Configurations

Install a system via nixos-anywhere

$ nix run github:numtide/nixos-anywhere -- \
  --flake 'git+https://git.hoyer.xyz/harald/nixcfg'.#hostname \
  root@hostname --no-reboot --tty -i $HOME/.ssh/id_ed25519
... enter disk password
$ ssh -t root@hostname systemd-cryptenroll /dev/luksdev --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=1,15

Update NixOS system

$ nixos-rebuild --use-remote-sudo -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg boot

Update macOS system

$ darwin-rebuild -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg switch

Update home-manager configuration

$ nix --refresh run 'git+https://git.hoyer.xyz/harald/nixcfg' -- \
  switch -b backup --flake 'git+https://git.hoyer.xyz/harald/nixcfg'