harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
my nix configs
797 commits 4 branches 0 tags 17 MiB
Find a file
Harald Hoyer aac4d44a49 feat(opencode): file unresolved bugs/blockers as TODO sub-issues in Phase 9 
A workflow run wrapped up with "Unresolved: Score not resetting on game
restart (pre-existing bug, out of scope)" — a real bug discovered while
implementing GAL-39. Buried in summary.md, which is per-run, untracked,
overwritten on the next run, and read by nobody (the user has walked
away by design).

Adds a File Follow-ups subsection to Phase 9, after the TODO Update.
Tracked-worthy items are routed through @pm as sub-issues of the
current issue (parent: $ISSUE_ID), so they auto-show in the parent's
Sub-issues list and don't need a README.md category at unattended
runtime. Three categories file an issue:

- Pre-existing bugs found out of scope → label `bug`
- Unresolved review-loop blockers (Phase 4 or 8 cycle exhaustion)
  → label `followup`
- @test NOT_TESTABLE "future seam" notes → label `tech-debt`

Things explicitly NOT filed: @simplify advisories the orchestrator
chose not to act on (records, not missing work), cosmetic nits,
duplicates of existing issues. Those live in the run summary's new
"Advisory notes (not filed)" section.

Renames "Commit TODO Changes" subsection so the worked issue update
plus any filed follow-ups commit together as one atomic chore(todo)
commit. The Run Summary's old "Unresolved items" bullet is replaced
with two sharper bullets: "Filed follow-ups" (lists IDs of created
sub-issues) and "Advisory notes (not filed)".
2026-05-08 10:20:16 +02:00
.secrets feat(amd): add opencode web server at opencode.amd.hoyer.world 2026-05-03 15:55:15 +02:00
config feat(opencode): file unresolved bugs/blockers as TODO sub-issues in Phase 9 2026-05-08 10:20:16 +02:00
homes refactor(home): extract shared wezterm module 2026-04-27 09:47:49 +02:00
lib chore: statix fix 2026-04-20 10:09:24 +02:00
modules fix: add ssh key 2026-05-05 14:20:00 +02:00
overlays fix(halo): remove -DGGML_HIP_ROCWMMA_FATTN=ON 2026-05-06 13:08:45 +02:00
packages feat(packages): expose geekbench_6 as flake package 2026-04-27 15:46:35 +02:00
systems feat(halo): add different llama servers 2026-05-07 14:54:48 +02:00
.gitattributes remove required from .gitattributes 2024-11-29 15:45:57 +01:00
.gitignore chore: update .gitignore to include .direnv 2025-03-20 09:56:10 +01:00
.sops.yaml feat(amd): add opencode web server at opencode.amd.hoyer.world 2026-05-03 15:55:15 +02:00
CLAUDE.md chore: add notes about fmt and statix 2026-04-20 10:06:26 +02:00
flake.lock chore: flake update 2026-05-04 08:44:12 +02:00
flake.nix nix fmt 2026-02-24 13:25:42 +01:00
README.md docs: update README with project structure and instructions 2025-03-20 09:43:18 +01:00

README.md

NixOS Configuration

A modular NixOS configuration setup for multiple systems.

Project Structure

  • modules/: Reusable NixOS/Darwin modules
    • common.nix: Common module imports and definitions
    • nixos/: NixOS-specific modules
      • home/: Home Manager integration for NixOS
      • nix/: Nix package manager configuration
      • nix-ld/: Dynamic linking support
      • network/: Network configuration modules
        • resolved/: DNS resolution configuration
      • security/: Security-related modules
        • ssh-host-keys/: SSH host key management
      • services/: Service configuration modules
        • base/: Basic system configuration
        • gui/: Graphical interface setup
        • homeprinter/: Home printer support
        • podman/: Container runtime
        • secureboot/: Secure boot configuration
      • sgx/: Intel SGX support
        • aesmd_dcap/: SGX AESMD DCAP service
        • pccs/: SGX Provisioning Certificate Caching Service
      • system/: System configuration modules
        • auto-upgrade/: Automatic system upgrades
        • limits/: System resource limits
        • zram/: ZRAM swap configuration
      • tools/: Common tools configuration
        • direnv/: Direnv integration
        • git/: Git configuration
      • user/: User account configuration
      • virtualization/: Virtualization support
    • home/: Home Manager modules
      • cli-apps/: Command-line applications
      • gui/: GUI application configuration
      • tools/: User tools configuration
      • user/: User preferences
    • darwin/: Darwin-specific modules
      • home/, nix/, security/, etc.
  • systems/: Individual system configurations
    • x86_64-linux/: Linux systems on x86_64
    • aarch64-linux/: Linux systems on ARM
    • x86_64-darwin/: macOS systems on x86_64
    • aarch64-darwin/: macOS systems on ARM
  • homes/: Home Manager configurations for each user/system
  • lib/: Helper functions and utilities
  • overlays/: Nixpkgs overlays
  • packages/: Custom packages

Using the Configurations

Install a system via nixos-anywhere

$ nix run github:numtide/nixos-anywhere -- \
  --flake 'git+https://git.hoyer.xyz/harald/nixcfg'.#hostname \
  root@hostname --no-reboot --tty -i $HOME/.ssh/id_ed25519
... enter disk password
$ ssh -t root@hostname systemd-cryptenroll /dev/luksdev --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=1,15

Update NixOS system

$ nixos-rebuild --use-remote-sudo -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg boot

Update macOS system

$ darwin-rebuild -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg switch

Update home-manager configuration

$ nix --refresh run 'git+https://git.hoyer.xyz/harald/nixcfg' -- \
  switch -b backup --flake 'git+https://git.hoyer.xyz/harald/nixcfg'