diff --git a/.vscode/extensions.json b/.vscode/extensions.json index 741afdd..1eb4248 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -1,5 +1,5 @@ { - "recommendations": [ - "davidanson.vscode-markdownlint" - ] -} \ No newline at end of file + "recommendations": [ + "davidanson.vscode-markdownlint" + ] +} diff --git a/.vscode/mcp.json b/.vscode/mcp.json index 9e26dfe..0967ef4 100644 --- a/.vscode/mcp.json +++ b/.vscode/mcp.json @@ -1 +1 @@ -{} \ No newline at end of file +{} diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..478673d --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,105 @@ +> Note: This document was AI-generated and reviewed by a maintainer. + +# AGENTS Guide for nix-dotfiles + +This file is the quick-start map for coding agents working in this repository. +Use this first, then follow the linked source files for full detail. + +## Purpose and Scope + +- Repository type: flake-based NixOS + Home Manager dotfiles/infrastructure. +- Primary goals: safe system/user config edits, reproducible builds, and clean secrets handling. +- Default assumption: preserve existing module patterns and avoid broad refactors unless requested. + +## Source of Truth + +Read these files before substantial changes: + +- `.github/copilot-instructions.md`: Full repository guide for structure, workflows, dynamic system generation, module patterns, and SOPS handling. +- `.github/instructions/ai-doc-attribution.instructions.md`: Markdown rule for top-of-document attribution when docs are fully AI-generated. +- `flake.nix`: Flake inputs/outputs entrypoint; system generation begins here. +- `lib/systems.nix`: Core dynamic config assembly (`genSystems`, `constructSystem`, and wrapper generators). +- `systems//default.nix`: Per-host parameters (users, home, sops, server role, extra modules). +- `systems//configuration.nix`: Main host config. +- `modules/*.nix`: Global modules automatically imported into all systems. +- `users//home.nix` and `users//default.nix`: Home Manager and user account configuration. +- `hydra/jobs.nix` and `hydra/jobsets.nix`: CI/build orchestration details. + +## Repo Mental Model + +- `systems/` contains host-specific configs. +- `modules/` contains global modules applied across hosts. +- `users/` contains user and home-manager configs. +- `lib/systems.nix` auto-discovers hosts and composes final configs. +- SOPS secrets are colocated with hosts/users via `secrets.yaml` files. + +## Dynamic Configuration Rules + +- Hosts are auto-discovered from subdirectories in `systems/`. +- Each host's `default.nix` feeds `constructSystem` parameters. +- Effective module merge order matters. High-level order is: 1) base external + modules, 2) host essentials (`hardware.nix`, `configuration.nix`), 3) + host-specific modules from `systems//default.nix`, 4) global + `modules/*.nix`, 5) optional SOPS and Home Manager/user layers. +- Global modules load after host config, so explicit overrides may require `lib.mkForce` depending on target option. + +## Editing Conventions + +- Keep changes minimal and scoped to the requested behavior. +- Preserve existing Nix style and option naming patterns. +- Prefer module options + `lib.mkIf` toggles over hard-coded behavior. +- Use `lib.mkDefault` for soft defaults and `lib.mkForce` only when necessary. +- Do not commit plaintext secrets. +- Update docs when behavior/workflow changes. + +## Validation and Workflow + +Typical local sequence: + +1. Make targeted edits. +2. Evaluate and build with `nix flake check` and `nix build .#`. +3. Optionally deploy/apply with `nh os switch` or `nh home switch`. +4. For secrets-related changes, edit with `sops .../secrets.yaml` and validate expected `config.sops.secrets` evaluation paths. + +## Secrets and Safety + +- Secrets live in `systems//secrets.yaml` and `users//secrets.yaml`. +- Use SOPS for create/edit/rekey operations. +- During merge conflicts in encrypted files, prefer repository SOPS merge tooling (`utils/sops-mergetool.sh`, `utils/sops-mergetool-new.sh`). + +## Agent and Tool Routing + +When a specialized agent is available, route work by intent: + +- `Explore`: Fast read-only repository exploration and Q&A. +- `dependency-auditor`: Flake/module dependency security and CVE-oriented audits. +- `security-researcher`: Read-only server security configuration audits. +- `server-architect`: Server integration/review planning for `palatine-hill` style infra changes. + +Use Nix lookup tooling for package/options discovery; prefer `unstable` channel when channel selection is available. + +## Where To Look Next (By Task) + +- Add a new host: see `.github/copilot-instructions.md` sections on "Adding a New NixOS System", plus `systems//default.nix`, `hardware.nix`, and `configuration.nix`. +- Add/modify a global capability: see `modules/*.nix` and the `.github/copilot-instructions.md` section "Adding a Global Module to modules/". +- Change user/home-manager behavior: see `users//home.nix` and `users//default.nix`. +- Modify build/release automation: see `hydra/jobs.nix` and `hydra/jobsets.nix`. +- Work with secrets: see `.sops.yaml`, `systems/*/secrets.yaml`, `users/*/secrets.yaml`, and the `.github/copilot-instructions.md` section "Secrets Management". +- Validate module composition/debug evaluation: see `lib/systems.nix` and `nix eval .#nixosConfigurations....`. + +## Documentation Attribution Rule + +For Markdown docs (`**/*.md`): + +- If a document is fully AI-generated, include explicit attribution near the top. +- Accepted label includes "AI-generated documentation" wording. +- Do not imply fully human authorship for fully AI-authored content. + +## Quick Command Reference + +- `nh os build` +- `nh os switch` +- `nh home switch` +- `nix build .#` +- `nix flake check` +- `nix eval .#nixosConfigurations..config.` diff --git a/flake.nix b/flake.nix index d01f8d1..ef00814 100644 --- a/flake.nix +++ b/flake.nix @@ -164,19 +164,23 @@ lib = self; } ); + packageSetup = import ./pkgs/default.nix { inherit nixpkgs; }; + inherit (packageSetup) localPackagesOverlay; inherit (lib.adev.systems) genSystems getImages; inherit (self) outputs; # for hydra in rec { inherit lib; # for allowing use of custom functions in nix repl + overlays.default = localPackagesOverlay; + hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; }; formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt); nixosConfigurations = genSystems inputs outputs src (src + "/systems"); homeConfigurations = { "alice" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = import nixpkgs { system = "x86_64-linux"; }; + pkgs = packageSetup.mkPkgs "x86_64-linux"; modules = [ inputs.stylix.homeModules.stylix inputs.sops-nix.homeManagerModules.sops @@ -203,9 +207,7 @@ qcow = getImages nixosConfigurations "qcow"; }; - packages.x86_64-linux.lego-latest = - nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/lego-latest/default.nix - { }; + packages = forEachSystem packageSetup.mkPackages; checks = import ./checks.nix { inherit inputs forEachSystem formatter; }; devShells = import ./shell.nix { inherit inputs forEachSystem checks; }; diff --git a/lib/systems.nix b/lib/systems.nix index 8c24735..d93a81b 100644 --- a/lib/systems.nix +++ b/lib/systems.nix @@ -172,6 +172,7 @@ rec { modules = [ inputs.nixos-modules.nixosModule inputs.nix-index-database.nixosModules.nix-index + { nixpkgs.overlays = [ outputs.overlays.default ]; } (genHostName hostname) (configPath + "/hardware.nix") (configPath + "/configuration.nix") diff --git a/pkgs/bitwarden-rofi/default.nix b/pkgs/bitwarden-rofi/default.nix index 50c49bc..bae8f39 100644 --- a/pkgs/bitwarden-rofi/default.nix +++ b/pkgs/bitwarden-rofi/default.nix @@ -19,6 +19,7 @@ libnotify, }: let + maintainers = import ../maintainers.nix; bins = [ jq bitwarden-cli @@ -64,6 +65,7 @@ stdenv.mkDerivation { description = "Wrapper for Bitwarden and Rofi"; homepage = "https://github.com/mattydebie/bitwarden-rofi"; license = licenses.gpl3; + maintainers = [ maintainers.alice ]; platforms = platforms.linux; }; diff --git a/pkgs/claurst/default.nix b/pkgs/claurst/default.nix new file mode 100644 index 0000000..48440c0 --- /dev/null +++ b/pkgs/claurst/default.nix @@ -0,0 +1,52 @@ +{ + lib, + fetchFromGitHub, + rustPlatform, + pkg-config, + openssl, + alsa-lib, + dbus, + libxkbcommon, + libxcb, +}: + +let + maintainers = import ../maintainers.nix; +in +rustPlatform.buildRustPackage rec { + pname = "claurst"; + version = "0.0.9"; + + src = fetchFromGitHub { + owner = "Kuberwastaken"; + repo = "claurst"; + rev = "v${version}"; + hash = "sha256-bTQHtZGZxhEAki0JxSC8smAC3w+otm8ubHvZ9MvwDaE="; + }; + + cargoRoot = "src-rust"; + cargoHash = "sha256-6+B43spqmUZ983YMl5UBH5647DcUOS2ngw5ChMIPFFo="; + buildAndTestSubdir = "src-rust"; + doCheck = false; + + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = [ + openssl + alsa-lib + dbus + libxkbcommon + libxcb + ]; + + meta = with lib; { + description = "Terminal coding agent written in Rust"; + homepage = "https://github.com/Kuberwastaken/claurst"; + license = licenses.gpl3Only; + mainProgram = "claurst"; + maintainers = [ maintainers.alice ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..b320264 --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,33 @@ +{ nixpkgs }: +let + localPackagesOverlay = final: _prev: { + lego-latest = final.callPackage ./lego-latest/default.nix { }; + claurst = final.callPackage ./claurst/default.nix { }; + }; + + mkPkgs = + system: + import nixpkgs { + inherit system; + overlays = [ localPackagesOverlay ]; + }; + + mkPackages = + system: + let + pkgs = mkPkgs system; + in + { + inherit (pkgs) + lego-latest + claurst + ; + }; +in +{ + inherit + localPackagesOverlay + mkPkgs + mkPackages + ; +} diff --git a/pkgs/maintainers.nix b/pkgs/maintainers.nix new file mode 100644 index 0000000..338f026 --- /dev/null +++ b/pkgs/maintainers.nix @@ -0,0 +1,8 @@ +{ + alice = { + name = "Alice Huston"; + email = "aliceghuston@gmail.com"; + github = "ahuston-0"; + githubId = 43225907; + }; +} diff --git a/users/alice/home.nix b/users/alice/home.nix index db607d5..a07b8cf 100644 --- a/users/alice/home.nix +++ b/users/alice/home.nix @@ -90,6 +90,7 @@ gocryptfs awscli2 + claurst ]; };