harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
my nix configs
803 commits 4 branches 0 tags 17 MiB
Find a file
Harald Hoyer a3e0de6d04 feat(opencode): hide TODO paths from orchestrator (ADR-22) 
In recent runs the orchestrator skipped @pm and edited TODO/ files
itself, despite the workflow.md anti-pattern warning. Root cause: the
workflow doc literally taught the orchestrator the path layout
(`./TODO/<ID>.md`), making self-help a discoverable shortcut.

Fix: remove the recipe. The orchestrator now never constructs or reads
any per-issue TODO path. All TODO operations go through @pm dispatches;
@pm returns the absolute file path of every issue it touches, and the
orchestrator captures and reuses those paths downstream.

- Phase 1 loses the TODO-existence and depends-on checks (former steps
  3 and 9 of the recent edit) — Phase 1 is now git/worktree-only.
- Phase 2 expands @pm's existing dispatch into a `Validate run
  prerequisites` operation that returns either {ok: true,
  issue_file_path, issue: {...}} or {ok: false, error_code, message}
  with error_code in {tracker_missing, issue_not_found,
  dependency_unmet, dependency_missing}. depends-on enforcement moves
  here.
- Phase 7 split_needed exit, Phase 9 TODO Update, Phase 9 Commit TODO
  Changes, and Failure Handler all reference @pm-returned paths or use
  `git add ./TODO/` blanketly (safe because Phase 1 verified clean tree
  and only @pm writes there during a run).
- pm.md gains a path-return rule: every read returns issue_file_path,
  every write returns the modified paths. Run-Prerequisite Output
  format documented with all four error codes.
- ADR-22 captures the rationale; routing matrix updates Phase 1/2 rows;
  pipeline diagram labels updated.

The fix is discoverability-only — no permission deny on TODO/, per
explicit user direction. The schema lives in agents/pm.md, which the
orchestrator does not load.

Refs: config/opencode/workflow-design.md ADR-22
2026-05-08 13:45:51 +02:00
.secrets feat(amd): add opencode web server at opencode.amd.hoyer.world 2026-05-03 15:55:15 +02:00
config feat(opencode): hide TODO paths from orchestrator (ADR-22) 2026-05-08 13:45:51 +02:00
homes refactor(home): extract shared wezterm module 2026-04-27 09:47:49 +02:00
lib chore: statix fix 2026-04-20 10:09:24 +02:00
modules fix: add ssh key 2026-05-05 14:20:00 +02:00
overlays fix(halo): remove -DGGML_HIP_ROCWMMA_FATTN=ON 2026-05-06 13:08:45 +02:00
packages feat(packages): expose geekbench_6 as flake package 2026-04-27 15:46:35 +02:00
systems feat(halo): add different llama servers 2026-05-07 14:54:48 +02:00
.gitattributes remove required from .gitattributes 2024-11-29 15:45:57 +01:00
.gitignore chore: update .gitignore to include .direnv 2025-03-20 09:56:10 +01:00
.sops.yaml feat(amd): add opencode web server at opencode.amd.hoyer.world 2026-05-03 15:55:15 +02:00
CLAUDE.md chore: add notes about fmt and statix 2026-04-20 10:06:26 +02:00
flake.lock chore: flake update 2026-05-04 08:44:12 +02:00
flake.nix nix fmt 2026-02-24 13:25:42 +01:00
README.md docs: update README with project structure and instructions 2025-03-20 09:43:18 +01:00

README.md

NixOS Configuration

A modular NixOS configuration setup for multiple systems.

Project Structure

  • modules/: Reusable NixOS/Darwin modules
    • common.nix: Common module imports and definitions
    • nixos/: NixOS-specific modules
      • home/: Home Manager integration for NixOS
      • nix/: Nix package manager configuration
      • nix-ld/: Dynamic linking support
      • network/: Network configuration modules
        • resolved/: DNS resolution configuration
      • security/: Security-related modules
        • ssh-host-keys/: SSH host key management
      • services/: Service configuration modules
        • base/: Basic system configuration
        • gui/: Graphical interface setup
        • homeprinter/: Home printer support
        • podman/: Container runtime
        • secureboot/: Secure boot configuration
      • sgx/: Intel SGX support
        • aesmd_dcap/: SGX AESMD DCAP service
        • pccs/: SGX Provisioning Certificate Caching Service
      • system/: System configuration modules
        • auto-upgrade/: Automatic system upgrades
        • limits/: System resource limits
        • zram/: ZRAM swap configuration
      • tools/: Common tools configuration
        • direnv/: Direnv integration
        • git/: Git configuration
      • user/: User account configuration
      • virtualization/: Virtualization support
    • home/: Home Manager modules
      • cli-apps/: Command-line applications
      • gui/: GUI application configuration
      • tools/: User tools configuration
      • user/: User preferences
    • darwin/: Darwin-specific modules
      • home/, nix/, security/, etc.
  • systems/: Individual system configurations
    • x86_64-linux/: Linux systems on x86_64
    • aarch64-linux/: Linux systems on ARM
    • x86_64-darwin/: macOS systems on x86_64
    • aarch64-darwin/: macOS systems on ARM
  • homes/: Home Manager configurations for each user/system
  • lib/: Helper functions and utilities
  • overlays/: Nixpkgs overlays
  • packages/: Custom packages

Using the Configurations

Install a system via nixos-anywhere

$ nix run github:numtide/nixos-anywhere -- \
  --flake 'git+https://git.hoyer.xyz/harald/nixcfg'.#hostname \
  root@hostname --no-reboot --tty -i $HOME/.ssh/id_ed25519
... enter disk password
$ ssh -t root@hostname systemd-cryptenroll /dev/luksdev --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=1,15

Update NixOS system

$ nixos-rebuild --use-remote-sudo -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg boot

Update macOS system

$ darwin-rebuild -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg switch

Update home-manager configuration

$ nix --refresh run 'git+https://git.hoyer.xyz/harald/nixcfg' -- \
  switch -b backup --flake 'git+https://git.hoyer.xyz/harald/nixcfg'