From ab3d5473f203f118973c0d6459e7d86109f1de4c Mon Sep 17 00:00:00 2001 From: Eli Ribble Date: Fri, 8 May 2026 18:13:42 +0000 Subject: [PATCH 01/10] Remove timecard-bot as a direct dependency of base flake we'll pass it through inputs instead --- flake.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index bece9ac..f2e7369 100644 --- a/flake.nix +++ b/flake.nix @@ -36,7 +36,7 @@ timecard-bot.url = "github:Gleipnir-Technology/timecard-bot?rev=8c81b6683f97aa2712323836e629adf102be58ac"; }; - outputs = inputs@{ self, disko, home-manager, nixpkgs, nixvim, sops-nix, timecard-bot, ...}: + outputs = inputs@{ self, disko, home-manager, nixpkgs, nixvim, sops-nix, ...}: let configFiles = pkgs.stdenv.mkDerivation { installPhase = '' @@ -55,19 +55,19 @@ roles = [ ./roles/corp.nix ]; - inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system timecard-bot; + inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system; }; "nocix-amd-legacy-quadcore" = import ./system.nix { configuration = ./host/nocix/amd-legacy-quadcore; roles = [ ./roles/nidus-sync.nix ]; - inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system timecard-bot; + inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system; }; "nocix-amd-legacy-quadcore-292465" = import ./system.nix { configuration = ./host/nocix/amd-legacy-quadcore-292465; roles = [ ]; - inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system timecard-bot; + inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system; }; "nocix-amd-legacy-sexcore" = import ./system.nix { configuration = ./host/nocix/amd-legacy-sexcore; @@ -76,7 +76,7 @@ ./roles/nidus-sync.nix ./roles/sovr.nix ]; - inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system timecard-bot; + inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system; }; }; }; From 0ee91ff317adb9c329a082478eae815b731a8240 Mon Sep 17 00:00:00 2001 From: Eli Ribble Date: Fri, 8 May 2026 18:14:07 +0000 Subject: [PATCH 02/10] Preconfigure pgadmin database and user The initialScript doesn't work, really, because it only runs on database creation, but it does document what I need. --- modules/system/pgadmin.nix | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/modules/system/pgadmin.nix b/modules/system/pgadmin.nix index af4cf16..dfa6568 100644 --- a/modules/system/pgadmin.nix +++ b/modules/system/pgadmin.nix @@ -2,6 +2,7 @@ with lib; let + dbUsername = "pgadmin"; cfg = config.myModules.pgadmin; group = "root"; port = 10100; @@ -28,8 +29,43 @@ in { services.pgadmin = { enable = true; initialEmail = "eli@gleipnir.technology"; - initialPasswordFile = "/var/run/secrets/pgadmin.yaml"; + initialPasswordFile = config.sops.secrets."pgadmin-initial-password-file".path; port = port; + settings = { + # Pre-configure the database server + Servers = { + "1" = { + Name = "Local nidus-sync"; + Group = "Servers"; + Host = "/run/postgresql"; # unix socket directory + Port = 5432; + MaintenanceDB = "postgres"; + Username = dbUsername; + SSLMode = "prefer"; + }; + }; + }; + }; + services.postgresql = { + ensureUsers = [{ + # Read only user for pgadmin + ensureClauses.login = true; + name = dbUsername; + }]; + initialScript = pkgs.writeText "postgresql-init.sql" '' + -- Grant connection to database + GRANT CONNECT ON DATABASE "nidus-sync" TO ${dbUsername}; + + -- Connect to the database and grant schema usage + \c nidus-sync + GRANT USAGE ON SCHEMA public TO ${dbUsername}; + + -- Grant SELECT on all existing tables + GRANT SELECT ON ALL TABLES IN SCHEMA public TO ${dbUsername}; + + -- GRANT SELECT on all future tables + ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO ${dbUsername}; + ''; }; sops.secrets."pgadmin-initial-password-file" = { format = "yaml"; From 083e3e79b796fb421750743528abfcf6def85933 Mon Sep 17 00:00:00 2001 From: Eli Ribble Date: Fri, 8 May 2026 18:56:50 +0000 Subject: [PATCH 03/10] Add initial forgejo configuration --- modules/system/default.nix | 1 + modules/system/forgejo.nix | 52 ++++++++++++++++++++++++++++++++++++++ roles/corp.nix | 1 + 3 files changed, 54 insertions(+) create mode 100644 modules/system/forgejo.nix diff --git a/modules/system/default.nix b/modules/system/default.nix index 8658c7b..bad9e7e 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -14,6 +14,7 @@ ./element-web.nix #./fieldseeker-sync.nix ./fish.nix + ./forgejo.nix ./label-studio.nix ./librechat.nix ./minio.nix diff --git a/modules/system/forgejo.nix b/modules/system/forgejo.nix new file mode 100644 index 0000000..a7d3809 --- /dev/null +++ b/modules/system/forgejo.nix @@ -0,0 +1,52 @@ +{ config, lib, pkgs, ... }: +with lib; + +let + cfg = config.services.forgejo; + srv = cfg.settings.server; +{ + options.myModules.forgejo.enable = mkEnableOption "custom forgejo configuration"; + + config = mkIf config.myModules.forgejo.enable { + services.forgejo = { + database.type = "postgres"; + enable = true; + # Enable support for Git Large File Storage + lfs.enable = true; + settings = { + # Add support for actions, based on act: https://github.com/nektos/act + actions = { + ENABLED = false; + DEFAULT_ACTIONS_URL = "github"; + }; + # Sending emails is completely optional + # You can send a test email from the web UI at: + # Profile Picture > Site Administration > Configuration > Mailer Configuration + #mailer = { + #ENABLED = false; + #SMTP_ADDR = "mail.example.com"; + #FROM = "noreply@${srv.DOMAIN}"; + #USER = "noreply@${srv.DOMAIN}"; + #}; + server = { + DOMAIN = "source.gleipnir.technology"; + # You need to specify this to remove the port from URLs in the web UI. + HTTP_ADDR = "/var/run/forgejo/socket"; + PROTOCOL = "http+unix"; + ROOT_URL = "https://${srv.DOMAIN}/"; + }; + # You can temporarily allow registration to create an admin user. + service.DISABLE_REGISTRATION = true; + # Enable ssh user for 'git push' + ssh = { + PORT = 22; + }; + }; + stateDir = "/mnt/bigdisk/forgejo"; + #mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path; + }; + systemd.tmpfiles.rules = [ + "d /var/run/forgejo 0750 forgejo forgejo - -" + ]; + }; +} diff --git a/roles/corp.nix b/roles/corp.nix index f365a8f..1bcfdda 100644 --- a/roles/corp.nix +++ b/roles/corp.nix @@ -4,6 +4,7 @@ caddy.enable = true; cloudreve.enable = true; collabora.enable = true; + forgejo.enable = true; glitchtip.enable = true; element-web.enable = true; label-studio.enable = true; From bd9b9109d2d41a90875b7ddb4e6c0d024ff5d170 Mon Sep 17 00:00:00 2001 From: Eli Ribble Date: Fri, 8 May 2026 19:58:33 +0000 Subject: [PATCH 04/10] Initial work on establishing consistent AGENTS context --- configs/users/eliribble/pi/AGENTS.md | 11 +++++++++++ flake.nix | 2 +- modules/home/default.nix | 2 ++ modules/home/pi.nix | 22 ++++++++++++++++++++++ users/eliribble.nix | 1 + 5 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 configs/users/eliribble/pi/AGENTS.md create mode 100644 modules/home/pi.nix diff --git a/configs/users/eliribble/pi/AGENTS.md b/configs/users/eliribble/pi/AGENTS.md new file mode 100644 index 0000000..ec4c80b --- /dev/null +++ b/configs/users/eliribble/pi/AGENTS.md @@ -0,0 +1,11 @@ +# For agents + +We're working together on building something. We're experts. We don't need to sugar-coat things. Prefer terseness over flowery language. Prefer facts over encouragement. Explain when asked, correct when wrong, but err on the side of trusting the other people to push for clarification. + +## Environment + +Everything happens on NixOS where we live. We are a NixOS-only shop. If you're thinking in terms of generic Linux, that's fine, it mostly applies, but if you're thinking in Debian, Fedora, or even Arch, you might as well translate. We're using flakes in NixOS, and the new-style nix command. + +## Mood + +Occasional sardonic points and passive-aggressive ribbing is worth bonus points. diff --git a/flake.nix b/flake.nix index f2e7369..7fd7bda 100644 --- a/flake.nix +++ b/flake.nix @@ -66,7 +66,7 @@ }; "nocix-amd-legacy-quadcore-292465" = import ./system.nix { configuration = ./host/nocix/amd-legacy-quadcore-292465; - roles = [ ]; + roles = [ ./roles/llm.nix ]; inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system; }; "nocix-amd-legacy-sexcore" = import ./system.nix { diff --git a/modules/home/default.nix b/modules/home/default.nix index a9c09f1..8f6fa7a 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -3,5 +3,7 @@ ./base.nix ./fish.nix ./git.nix + ./nixvim.nix + ./pi.nix ]; } diff --git a/modules/home/pi.nix b/modules/home/pi.nix new file mode 100644 index 0000000..914434d --- /dev/null +++ b/modules/home/pi.nix @@ -0,0 +1,22 @@ +{ config, configFiles, lib, pkgs, ... }: + +with lib; + +{ + options.myModules.home.pi = { + enable = mkEnableOption "custom pi agent configuration"; + }; + + config = mkIf config.myModules.home.pi.enable ( + let + # Use user-specific config if it exists + configPath = (configFiles + "/users/${config.myModules.home.user}/pi"); + in { + # Use the correct Home Manager option + home.file.".pi" = { + source = configPath; + recursive = true; + }; + } + ); +} diff --git a/users/eliribble.nix b/users/eliribble.nix index f76a727..b170bb4 100644 --- a/users/eliribble.nix +++ b/users/eliribble.nix @@ -9,6 +9,7 @@ with lib; myModules.home = { fish.enable = true; git.enable = true; + pi.enable = true; user = "eliribble"; }; From 98c8a60b10264fbb600131ad857a1ce070d2afef Mon Sep 17 00:00:00 2001 From: Eli Ribble Date: Fri, 8 May 2026 20:52:30 +0000 Subject: [PATCH 05/10] Set quadcore-292465's big disk by id instead of temp label --- host/nocix/amd-legacy-quadcore-292465/disk-config.nix | 4 +--- nixos-anywhere/nocix/disk-config.nix | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/host/nocix/amd-legacy-quadcore-292465/disk-config.nix b/host/nocix/amd-legacy-quadcore-292465/disk-config.nix index 1bfa8b4..0f75110 100644 --- a/host/nocix/amd-legacy-quadcore-292465/disk-config.nix +++ b/host/nocix/amd-legacy-quadcore-292465/disk-config.nix @@ -35,9 +35,8 @@ }; }; }; - /* data = { - device = "/dev/sdb"; + device = "ata-Hitachi_HUA722020ALA331_B9HMU2WF"; type = "disk"; content = { type = "gpt"; @@ -56,7 +55,6 @@ }; }; }; - */ }; lvm_vg = { pool = { diff --git a/nixos-anywhere/nocix/disk-config.nix b/nixos-anywhere/nocix/disk-config.nix index 1bfa8b4..0f75110 100644 --- a/nixos-anywhere/nocix/disk-config.nix +++ b/nixos-anywhere/nocix/disk-config.nix @@ -35,9 +35,8 @@ }; }; }; - /* data = { - device = "/dev/sdb"; + device = "ata-Hitachi_HUA722020ALA331_B9HMU2WF"; type = "disk"; content = { type = "gpt"; @@ -56,7 +55,6 @@ }; }; }; - */ }; lvm_vg = { pool = { From a2ca482b0b005b6f5a2a3f215b9b401045c58f1a Mon Sep 17 00:00:00 2001 From: Eli Ribble Date: Fri, 8 May 2026 20:53:16 +0000 Subject: [PATCH 06/10] Fix forgejo recipe, add caddy reverse proxy --- modules/system/forgejo.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/system/forgejo.nix b/modules/system/forgejo.nix index a7d3809..04858fe 100644 --- a/modules/system/forgejo.nix +++ b/modules/system/forgejo.nix @@ -4,10 +4,13 @@ with lib; let cfg = config.services.forgejo; srv = cfg.settings.server; -{ +in { options.myModules.forgejo.enable = mkEnableOption "custom forgejo configuration"; config = mkIf config.myModules.forgejo.enable { + services.caddy.virtualHosts."source.gleipnir.technology".extraConfig = '' + reverse_proxy unix//var/run/forgejo/socket + ''; services.forgejo = { database.type = "postgres"; enable = true; From 997584dcd769fa537d50ff32405f5950bc15dadc Mon Sep 17 00:00:00 2001 From: Eli Ribble Date: Fri, 8 May 2026 20:53:34 +0000 Subject: [PATCH 07/10] Move permissions setup for pgadmin to one-off service --- modules/system/pgadmin.nix | 57 +++++++++++++++++++++++++++++--------- 1 file changed, 44 insertions(+), 13 deletions(-) diff --git a/modules/system/pgadmin.nix b/modules/system/pgadmin.nix index dfa6568..95abf08 100644 --- a/modules/system/pgadmin.nix +++ b/modules/system/pgadmin.nix @@ -2,6 +2,7 @@ with lib; let + databaseName = "nidus-sync"; dbUsername = "pgadmin"; cfg = config.myModules.pgadmin; group = "root"; @@ -35,7 +36,7 @@ in { # Pre-configure the database server Servers = { "1" = { - Name = "Local nidus-sync"; + Name = "Local ${databaseName}"; Group = "Servers"; Host = "/run/postgresql"; # unix socket directory Port = 5432; @@ -52,20 +53,50 @@ in { ensureClauses.login = true; name = dbUsername; }]; - initialScript = pkgs.writeText "postgresql-init.sql" '' + }; + systemd.services.pgadmin-setup-permissions = { + description = "Setup read-only permissions for pgadmin user"; + after = [ "postgresql.service" ]; + requires = [ "postgresql.service" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "oneshot"; + User = "postgres"; + RemainAfterExit = true; + }; + + script = '' + ${config.services.postgresql.package}/bin/psql -d ${databaseName} << 'EOF' -- Grant connection to database - GRANT CONNECT ON DATABASE "nidus-sync" TO ${dbUsername}; - - -- Connect to the database and grant schema usage - \c nidus-sync - GRANT USAGE ON SCHEMA public TO ${dbUsername}; - - -- Grant SELECT on all existing tables - GRANT SELECT ON ALL TABLES IN SCHEMA public TO ${dbUsername}; - - -- GRANT SELECT on all future tables - ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO ${dbUsername}; + GRANT CONNECT ON DATABASE ${databaseName} TO pgadmin; + + -- Dynamically grant permissions on all non-system schemas + DO $$ + DECLARE + schema_name text; + BEGIN + FOR schema_name IN + SELECT nspname + FROM pg_namespace + WHERE nspname NOT IN ('pg_catalog', 'information_schema', 'pg_toast') + AND nspname NOT LIKE 'pg_temp%' + AND nspname NOT LIKE 'pg_toast_temp%' + LOOP + EXECUTE format('GRANT USAGE ON SCHEMA %I TO pgadmin', schema_name); + EXECUTE format('GRANT SELECT ON ALL TABLES IN SCHEMA %I TO pgadmin', schema_name); + EXECUTE format('GRANT SELECT ON ALL SEQUENCES IN SCHEMA %I TO pgadmin', schema_name); + EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT SELECT ON TABLES TO pgadmin', schema_name); + END LOOP; + END $$; + EOF ''; + + # This ensures the service runs again when you deploy changes + restartTriggers = [ + config.services.postgresql.package + "${databaseName}" + ]; }; sops.secrets."pgadmin-initial-password-file" = { format = "yaml"; From 851f6d96558269b6c9c78d2578cb4b7977dced85 Mon Sep 17 00:00:00 2001 From: Eli Ribble Date: Fri, 8 May 2026 20:53:52 +0000 Subject: [PATCH 08/10] Make timecardbot read from inputs So we don't have to plumb it through all the system args --- modules/system/timecardbot.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/timecardbot.nix b/modules/system/timecardbot.nix index aa01617..dd73f4c 100644 --- a/modules/system/timecardbot.nix +++ b/modules/system/timecardbot.nix @@ -1,7 +1,7 @@ -{ config, lib, pkgs, timecard-bot, ... }: +{ config, inputs, lib, pkgs, ... }: with lib; let - timecard-bot-pkg = timecard-bot.packages.x86_64-linux.default; + timecard-bot-pkg = inputs.timecard-bot.packages.x86_64-linux.default; in { options.myModules.timecardbot.enable = mkEnableOption "custom timecardbot configuration"; From ee93e18a6b011329e9b9df799fd1b2183ed782cb Mon Sep 17 00:00:00 2001 From: Eli Ribble Date: Fri, 8 May 2026 23:25:58 +0000 Subject: [PATCH 09/10] Add some stuff to make pi agent happier --- home/eliribble/config/tmux/tmux.conf | 4 ++++ modules/system/pi.nix | 11 +++++++++++ 2 files changed, 15 insertions(+) diff --git a/home/eliribble/config/tmux/tmux.conf b/home/eliribble/config/tmux/tmux.conf index 678d927..59626ce 100644 --- a/home/eliribble/config/tmux/tmux.conf +++ b/home/eliribble/config/tmux/tmux.conf @@ -20,3 +20,7 @@ set-window-option -g bell-action other set -g window-status-style bg=yellow set -g window-status-current-style bg=red,fg=white +# Set up modifier keys so that Shift+Enter and Ctrl+Enter are distinguishable +# based on https://github.com/earendil-works/pi/blob/main/packages/coding-agent/docs/tmux.md +set -g extended-keys on +set -g extended-keys-format csi-u diff --git a/modules/system/pi.nix b/modules/system/pi.nix index 33b0419..7052ac4 100644 --- a/modules/system/pi.nix +++ b/modules/system/pi.nix @@ -16,6 +16,7 @@ in { config = mkIf config.myModules.pi.enable { environment.systemPackages = with inputs.llm-agents.packages.${pkgs.stdenv.hostPlatform.system}; [ + pkgs.nodejs_24 pi ]; sops.secrets."pi-env" = { @@ -27,4 +28,14 @@ in { sopsFile = ../../secrets/pi.env; }; }; + /* notes on other stuff I did + + I'm installing pi-semaphore and pi-tmux with: + + ```shell + pi install git:github.com/offline-ant/pi-semaphore + pi install git:github.com/offline-ant/pi-tmux + ``` + */ + } From 72c876ee69ab90263b07c8b2bd33a3b0af363d8a Mon Sep 17 00:00:00 2001 From: Eli Ribble Date: Sat, 9 May 2026 00:17:11 +0000 Subject: [PATCH 10/10] Add nix-unstable for LLM within our main flake This is a pretty big refactor of the way systems work, but it avoids bifurcating further. At this commit point I actually used nixos-anywhere on the staging server and it came out okay, which is encouraging. --- flake.lock | 201 +++++- flake.nix | 80 +-- .../disk-config.nix | 2 +- llm/flake.lock | 672 ------------------ llm/flake.nix | 48 -- nixos-anywhere/nocix/disk-config.nix | 2 +- system.nix | 55 +- 7 files changed, 263 insertions(+), 797 deletions(-) delete mode 100644 llm/flake.lock delete mode 100644 llm/flake.nix diff --git a/flake.lock b/flake.lock index 95a2aaf..cb46215 100644 --- a/flake.lock +++ b/flake.lock @@ -63,6 +63,65 @@ "type": "github" } }, + "blueprint": { + "inputs": { + "nixpkgs": [ + "llm-agents", + "nixpkgs" + ], + "systems": [ + "llm-agents", + "systems" + ] + }, + "locked": { + "lastModified": 1776249299, + "narHash": "sha256-Dt9t1TGRmJFc0xVYhttNBD6QsAgHOHCArqGa0AyjrJY=", + "owner": "numtide", + "repo": "blueprint", + "rev": "56131e8628f173d24a27f6d27c0215eff57e40dd", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "blueprint", + "type": "github" + } + }, + "bun2nix": { + "inputs": { + "flake-parts": [ + "llm-agents", + "flake-parts" + ], + "nixpkgs": [ + "llm-agents", + "nixpkgs" + ], + "systems": [ + "llm-agents", + "systems" + ], + "treefmt-nix": [ + "llm-agents", + "treefmt-nix" + ] + }, + "locked": { + "lastModified": 1777369708, + "narHash": "sha256-1xW7cRZNsFNPQD+cE0fwnLVStnDth0HSoASEIFeT7uI=", + "owner": "nix-community", + "repo": "bun2nix", + "rev": "e659e1cc4b8e1b21d0aa85f1c481f9db61ecfa98", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "staging-2.1.0", + "repo": "bun2nix", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -138,6 +197,27 @@ } }, "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "llm-agents", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1777988971, + "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -199,7 +279,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1731533236, @@ -217,7 +297,7 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1731533236, @@ -235,7 +315,7 @@ }, "flake-utils_5": { "inputs": { - "systems": "systems_5" + "systems": "systems_6" }, "locked": { "lastModified": 1731533236, @@ -300,6 +380,29 @@ "type": "github" } }, + "llm-agents": { + "inputs": { + "blueprint": "blueprint", + "bun2nix": "bun2nix", + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_2", + "systems": "systems_3", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1778276681, + "narHash": "sha256-8rXO94K3Ic6GnV7Ln2tjoeXFR7dCLsNKlPI7iFuPEfs=", + "owner": "numtide", + "repo": "llm-agents.nix", + "rev": "14a8ef979265f7795800842ea178cfef844ede47", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "llm-agents.nix", + "type": "github" + } + }, "napalm": { "inputs": { "flake-utils": [ @@ -329,7 +432,7 @@ "nidus-sync": { "inputs": { "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "proj": "proj" }, "locked": { @@ -393,7 +496,39 @@ "type": "github" } }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1777954456, + "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { + "locked": { + "lastModified": 1778124196, + "narHash": "sha256-pYEytCNic/czazbV9r3tbQ6BZzqRBg/41x2dIC5ymOo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "68a8af93ff4297686cb68880845e61e5e2e41d92", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1772465433, "narHash": "sha256-ywy9troNEfpgh0Ee+zaV1UTgU8kYBVKtvPSxh6clYGU=", @@ -409,7 +544,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1772542754, "narHash": "sha256-WGV2hy+VIeQsYXpsLjdr4GvHv5eECMISX1zKLTedhdg=", @@ -425,7 +560,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1776734388, "narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=", @@ -441,7 +576,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1775888245, "narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=", @@ -457,7 +592,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1758763312, "narHash": "sha256-puBMviZhYlqOdUUgEmMVJpXqC/ToEqSvkyZ30qQ09xM=", @@ -473,12 +608,12 @@ }, "nixvim": { "inputs": { - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "nixpkgs": [ "nixpkgs" ], "nuschtosSearch": "nuschtosSearch", - "systems": "systems_6" + "systems": "systems_7" }, "locked": { "lastModified": 1769049374, @@ -521,7 +656,7 @@ "proj": { "inputs": { "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1772585816, @@ -614,9 +749,11 @@ "disko": "disko", "fieldseeker-sync": "fieldseeker-sync", "home-manager": "home-manager", + "llm-agents": "llm-agents", "nidus-sync": "nidus-sync", "nixos-facter-modules": "nixos-facter-modules", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", + "nixpkgs-unstable": "nixpkgs-unstable", "nixvim": "nixvim", "sops-nix": "sops-nix", "timecard-bot": "timecard-bot" @@ -624,7 +761,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1776771786, @@ -730,9 +867,24 @@ "type": "github" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "timecard-bot": { "inputs": { - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "pyproject-nix": "pyproject-nix_2" }, "locked": { @@ -750,6 +902,27 @@ "type": "github" } }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "llm-agents", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1775636079, + "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "uv2nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 7fd7bda..bc91ff6 100644 --- a/flake.nix +++ b/flake.nix @@ -20,6 +20,7 @@ url = "github:nix-community/home-manager/release-25.11"; inputs.nixpkgs.follows = "nixpkgs"; }; + llm-agents.url = "github:numtide/llm-agents.nix"; nidus-sync = { type = "github"; owner = "Gleipnir-Technology"; @@ -28,6 +29,7 @@ }; nixos-facter-modules.url = "github:numtide/nixos-facter-modules"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; + nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixvim = { url = "github:nix-community/nixvim/nixos-25.11"; inputs.nixpkgs.follows = "nixpkgs"; @@ -36,48 +38,44 @@ timecard-bot.url = "github:Gleipnir-Technology/timecard-bot?rev=8c81b6683f97aa2712323836e629adf102be58ac"; }; - outputs = inputs@{ self, disko, home-manager, nixpkgs, nixvim, sops-nix, ...}: - let - configFiles = pkgs.stdenv.mkDerivation { - installPhase = '' - mkdir -p $out - cp -r * $out/ - ''; - name = "config-files"; - src = ./configs; + outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, ... }: { + nixosConfigurations = { + "nocix-amd-legacy-octacore" = import ./system.nix { + inherit inputs; + configuration = ./host/nocix/amd-legacy-octacore; + nixpkgs = nixpkgs; + roles = [ + ./roles/corp.nix + ]; + system = "x86_64-linux"; }; - pkgs = nixpkgs.legacyPackages.${system}; - system = "x86_64-linux"; - in { - nixosConfigurations = { - "nocix-amd-legacy-octacore" = import ./system.nix { - configuration = ./host/nocix/amd-legacy-octacore; - roles = [ - ./roles/corp.nix - ]; - inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system; - }; - "nocix-amd-legacy-quadcore" = import ./system.nix { - configuration = ./host/nocix/amd-legacy-quadcore; - roles = [ - ./roles/nidus-sync.nix - ]; - inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system; - }; - "nocix-amd-legacy-quadcore-292465" = import ./system.nix { - configuration = ./host/nocix/amd-legacy-quadcore-292465; - roles = [ ./roles/llm.nix ]; - inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system; - }; - "nocix-amd-legacy-sexcore" = import ./system.nix { - configuration = ./host/nocix/amd-legacy-sexcore; - roles = [ - ./roles/nidus-marketing.nix - ./roles/nidus-sync.nix - ./roles/sovr.nix - ]; - inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system; - }; + "nocix-amd-legacy-quadcore" = import ./system.nix { + inherit inputs; + configuration = ./host/nocix/amd-legacy-quadcore; + nixpkgs = nixpkgs; + roles = [ + ./roles/nidus-sync.nix + ]; + system = "x86_64-linux"; + }; + "nocix-amd-legacy-quadcore-292465" = import ./system.nix { + inherit inputs; + configuration = ./host/nocix/amd-legacy-quadcore-292465; + nixpkgs = nixpkgs-unstable; + roles = [ ./roles/llm.nix ]; + system = "x86_64-linux"; + }; + "nocix-amd-legacy-sexcore" = import ./system.nix { + inherit inputs; + configuration = ./host/nocix/amd-legacy-sexcore; + nixpkgs = nixpkgs; + roles = [ + ./roles/nidus-marketing.nix + ./roles/nidus-sync.nix + ./roles/sovr.nix + ]; + system = "x86_64-linux"; }; }; + }; } diff --git a/host/nocix/amd-legacy-quadcore-292465/disk-config.nix b/host/nocix/amd-legacy-quadcore-292465/disk-config.nix index 0f75110..a59ea6e 100644 --- a/host/nocix/amd-legacy-quadcore-292465/disk-config.nix +++ b/host/nocix/amd-legacy-quadcore-292465/disk-config.nix @@ -36,7 +36,7 @@ }; }; data = { - device = "ata-Hitachi_HUA722020ALA331_B9HMU2WF"; + device = "/dev/disk/by-id/ata-Hitachi_HUA722020ALA331_B9HMU2WF"; type = "disk"; content = { type = "gpt"; diff --git a/llm/flake.lock b/llm/flake.lock deleted file mode 100644 index 041cbaf..0000000 --- a/llm/flake.lock +++ /dev/null @@ -1,672 +0,0 @@ -{ - "nodes": { - "authentik-go": { - "flake": false, - "locked": { - "lastModified": 1771856219, - "narHash": "sha256-zTEmvxe+BpfWYvAl675PnhXCH4jV4GUTFb1MrQ1Eyno=", - "owner": "goauthentik", - "repo": "client-go", - "rev": "4c1444ee54d945fbcc5ae107b4f191ca0352023d", - "type": "github" - }, - "original": { - "owner": "goauthentik", - "repo": "client-go", - "type": "github" - } - }, - "authentik-nix": { - "inputs": { - "authentik-go": "authentik-go", - "authentik-src": "authentik-src", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "flake-utils": "flake-utils", - "napalm": "napalm", - "nixpkgs": [ - "nixpkgs" - ], - "pyproject-build-systems": "pyproject-build-systems", - "pyproject-nix": "pyproject-nix", - "systems": "systems", - "uv2nix": "uv2nix" - }, - "locked": { - "lastModified": 1776085803, - "narHash": "sha256-JvvWVbXJYSY8qOReMbAOD4lxcN2cjKV6lg/jLz8CEuY=", - "owner": "nix-community", - "repo": "authentik-nix", - "rev": "4370b561c8bafb59773ce3a518506bcf1161dbdb", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "authentik-nix", - "type": "github" - } - }, - "authentik-src": { - "flake": false, - "locked": { - "lastModified": 1775573258, - "narHash": "sha256-Xq7JGI/8ppIydIuWd9KRJKUrh7UpeniwvZ4NAtXbYJ4=", - "owner": "goauthentik", - "repo": "authentik", - "rev": "5249546862986202b901c2afd860992ec48c6ef6", - "type": "github" - }, - "original": { - "owner": "goauthentik", - "ref": "version/2026.2.2", - "repo": "authentik", - "type": "github" - } - }, - "blueprint": { - "inputs": { - "nixpkgs": [ - "llm-agents", - "nixpkgs" - ], - "systems": [ - "llm-agents", - "systems" - ] - }, - "locked": { - "lastModified": 1776249299, - "narHash": "sha256-Dt9t1TGRmJFc0xVYhttNBD6QsAgHOHCArqGa0AyjrJY=", - "owner": "numtide", - "repo": "blueprint", - "rev": "56131e8628f173d24a27f6d27c0215eff57e40dd", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "blueprint", - "type": "github" - } - }, - "bun2nix": { - "inputs": { - "flake-parts": [ - "llm-agents", - "flake-parts" - ], - "nixpkgs": [ - "llm-agents", - "nixpkgs" - ], - "systems": [ - "llm-agents", - "systems" - ], - "treefmt-nix": [ - "llm-agents", - "treefmt-nix" - ] - }, - "locked": { - "lastModified": 1777369708, - "narHash": "sha256-1xW7cRZNsFNPQD+cE0fwnLVStnDth0HSoASEIFeT7uI=", - "owner": "nix-community", - "repo": "bun2nix", - "rev": "e659e1cc4b8e1b21d0aa85f1c481f9db61ecfa98", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "staging-2.1.0", - "repo": "bun2nix", - "type": "github" - } - }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1777713215, - "narHash": "sha256-8GzXDOXckDWwST8TY5DbwYFjdvQLlP7K9CLSVx6iTTo=", - "owner": "nix-community", - "repo": "disko", - "rev": "63b4e7e6cf75307c1d26ac3762b886b5b0247267", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "llm-agents", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1777988971, - "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_3": { - "inputs": { - "nixpkgs-lib": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-utils": { - "inputs": { - "systems": [ - "authentik-nix", - "systems" - ] - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1777851538, - "narHash": "sha256-Gp8qwTEYNoy2yvmErVGlvLOQvrtEECCAKbonW7VJef8=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "cc09c0f9b7eaa95c2d9827338a5eb03d32505ca5", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-25.11", - "repo": "home-manager", - "type": "github" - } - }, - "ixx": { - "inputs": { - "flake-utils": [ - "nixvim", - "nuschtosSearch", - "flake-utils" - ], - "nixpkgs": [ - "nixvim", - "nuschtosSearch", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1754860581, - "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", - "owner": "NuschtOS", - "repo": "ixx", - "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", - "type": "github" - }, - "original": { - "owner": "NuschtOS", - "ref": "v0.1.1", - "repo": "ixx", - "type": "github" - } - }, - "llm-agents": { - "inputs": { - "blueprint": "blueprint", - "bun2nix": "bun2nix", - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs", - "systems": "systems_2", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1778219255, - "narHash": "sha256-fAJUly400K2SoP75LaZ7x1fhwau2BxI7XBY4UgFXm6A=", - "owner": "numtide", - "repo": "llm-agents.nix", - "rev": "8dc08cc44249bacfabaf4e25e223ec9d1e7d677b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "llm-agents.nix", - "type": "github" - } - }, - "napalm": { - "inputs": { - "flake-utils": [ - "authentik-nix", - "flake-utils" - ], - "nixpkgs": [ - "authentik-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1725806412, - "narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=", - "owner": "willibutz", - "repo": "napalm", - "rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5", - "type": "github" - }, - "original": { - "owner": "willibutz", - "ref": "avoid-foldl-stack-overflow", - "repo": "napalm", - "type": "github" - } - }, - "nixos-facter-modules": { - "locked": { - "lastModified": 1773858690, - "narHash": "sha256-oW0/lC0oRG5H5LaK6Rmh9L1wmkn9TbenM4bXwnIEDKA=", - "owner": "numtide", - "repo": "nixos-facter-modules", - "rev": "139dcef4dfc97009629c445806f197883351ab4a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "nixos-facter-modules", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1778124196, - "narHash": "sha256-pYEytCNic/czazbV9r3tbQ6BZzqRBg/41x2dIC5ymOo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "68a8af93ff4297686cb68880845e61e5e2e41d92", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1769909678, - "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "72716169fe93074c333e8d0173151350670b824c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1777954456, - "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1775888245, - "narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "13043924aaa7375ce482ebe2494338e058282925", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixvim": { - "inputs": { - "flake-parts": "flake-parts_3", - "nixpkgs": [ - "nixpkgs" - ], - "nuschtosSearch": "nuschtosSearch", - "systems": "systems_4" - }, - "locked": { - "lastModified": 1769049374, - "narHash": "sha256-h0Os2qqNyycDY1FyZgtbn28VF1ySP74/n0f+LDd8j+w=", - "owner": "nix-community", - "repo": "nixvim", - "rev": "b8f76bf5751835647538ef8784e4e6ee8deb8f95", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "nixos-25.11", - "repo": "nixvim", - "type": "github" - } - }, - "nuschtosSearch": { - "inputs": { - "flake-utils": "flake-utils_2", - "ixx": "ixx", - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1768249818, - "narHash": "sha256-ANfn5OqIxq3HONPIXZ6zuI5sLzX1sS+2qcf/Pa0kQEc=", - "owner": "NuschtOS", - "repo": "search", - "rev": "b6f77b88e9009bfde28e2130e218e5123dc66796", - "type": "github" - }, - "original": { - "owner": "NuschtOS", - "repo": "search", - "type": "github" - } - }, - "pyproject-build-systems": { - "inputs": { - "nixpkgs": [ - "authentik-nix", - "nixpkgs" - ], - "pyproject-nix": [ - "authentik-nix", - "pyproject-nix" - ], - "uv2nix": [ - "authentik-nix", - "uv2nix" - ] - }, - "locked": { - "lastModified": 1771423342, - "narHash": "sha256-7uXPiWB0YQ4HNaAqRvVndYL34FEp1ZTwVQHgZmyMtC8=", - "owner": "pyproject-nix", - "repo": "build-system-pkgs", - "rev": "04e9c186e01f0830dad3739088070e4c551191a4", - "type": "github" - }, - "original": { - "owner": "pyproject-nix", - "repo": "build-system-pkgs", - "type": "github" - } - }, - "pyproject-nix": { - "inputs": { - "nixpkgs": [ - "authentik-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1771518446, - "narHash": "sha256-nFJSfD89vWTu92KyuJWDoTQJuoDuddkJV3TlOl1cOic=", - "owner": "pyproject-nix", - "repo": "pyproject.nix", - "rev": "eb204c6b3335698dec6c7fc1da0ebc3c6df05937", - "type": "github" - }, - "original": { - "owner": "pyproject-nix", - "repo": "pyproject.nix", - "type": "github" - } - }, - "root": { - "inputs": { - "authentik-nix": "authentik-nix", - "disko": "disko", - "home-manager": "home-manager", - "llm-agents": "llm-agents", - "nixos-facter-modules": "nixos-facter-modules", - "nixpkgs": "nixpkgs_2", - "nixvim": "nixvim", - "sops-nix": "sops-nix" - } - }, - "sops-nix": { - "inputs": { - "nixpkgs": "nixpkgs_3" - }, - "locked": { - "lastModified": 1777944972, - "narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=", - "owner": "Mic92", - "repo": "sops-nix", - "rev": "c591bf665727040c6cc5cb409079acb22dcce33c", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "sops-nix", - "type": "github" - } - }, - "systems": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "llm-agents", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1775636079, - "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "uv2nix": { - "inputs": { - "nixpkgs": [ - "authentik-nix", - "nixpkgs" - ], - "pyproject-nix": [ - "authentik-nix", - "pyproject-nix" - ] - }, - "locked": { - "lastModified": 1772187362, - "narHash": "sha256-gCojeIlQ/rfWMe3adif3akyHsT95wiMkLURpxTeqmPc=", - "owner": "pyproject-nix", - "repo": "uv2nix", - "rev": "abe65de114300de41614002fe9dce2152ac2ac23", - "type": "github" - }, - "original": { - "owner": "pyproject-nix", - "repo": "uv2nix", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/llm/flake.nix b/llm/flake.nix deleted file mode 100644 index 8b7f86a..0000000 --- a/llm/flake.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - description = "Multi-host NixOS configuration"; - - inputs = { - authentik-nix = { - inputs.nixpkgs.follows = "nixpkgs"; - url = "github:nix-community/authentik-nix"; - }; - disko = { - inputs.nixpkgs.follows = "nixpkgs"; - url = "github:nix-community/disko"; - }; - home-manager = { - url = "github:nix-community/home-manager/release-25.11"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - llm-agents.url = "github:numtide/llm-agents.nix"; - nixos-facter-modules.url = "github:numtide/nixos-facter-modules"; - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixvim = { - url = "github:nix-community/nixvim/nixos-25.11"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - sops-nix.url = "github:Mic92/sops-nix"; - }; - - outputs = inputs@{ self, disko, home-manager, nixpkgs, nixvim, sops-nix, ...}: - let - configFiles = pkgs.stdenv.mkDerivation { - installPhase = '' - mkdir -p $out - cp -r * $out/ - ''; - name = "config-files"; - src = ../configs; - }; - pkgs = nixpkgs.legacyPackages.${system}; - system = "x86_64-linux"; - in { - nixosConfigurations = { - "nocix-amd-legacy-quadcore-292465" = import ../system.nix { - configuration = ../host/nocix/amd-legacy-quadcore-292465; - roles = [../roles/llm.nix ]; - inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system; - }; - }; - }; -} diff --git a/nixos-anywhere/nocix/disk-config.nix b/nixos-anywhere/nocix/disk-config.nix index 0f75110..a59ea6e 100644 --- a/nixos-anywhere/nocix/disk-config.nix +++ b/nixos-anywhere/nocix/disk-config.nix @@ -36,7 +36,7 @@ }; }; data = { - device = "ata-Hitachi_HUA722020ALA331_B9HMU2WF"; + device = "/dev/disk/by-id/ata-Hitachi_HUA722020ALA331_B9HMU2WF"; type = "disk"; content = { type = "gpt"; diff --git a/system.nix b/system.nix index aeffb6c..1513fef 100644 --- a/system.nix +++ b/system.nix @@ -1,44 +1,59 @@ -{ configFiles, configuration, disko, home-manager, inputs, nixpkgs, nixvim, roles, sops-nix, system }: -let +{ configuration, inputs, nixpkgs, roles ? [], system}: +let allowed-unfree-packages = [ "corefonts" "google-chrome" "mongodb" ]; -in nixpkgs.lib.nixosSystem { + + configFiles = nixpkgs.legacyPackages.${system}.stdenv.mkDerivation { + name = "config-files"; + src = ./configs; + installPhase = '' + mkdir -p $out + cp -r * $out/ + ''; + }; + + pkgs = import nixpkgs { + inherit system; + config = { + allowUnfreePredicate = pkg: + builtins.elem (nixpkgs.lib.getName pkg) allowed-unfree-packages; + }; + }; +in +nixpkgs.lib.nixosSystem { + inherit system pkgs; + + specialArgs = { + inherit inputs configFiles; + }; + modules = [ + configuration inputs.authentik-nix.nixosModules.default - disko.nixosModules.disko - home-manager.nixosModules.home-manager + inputs.disko.nixosModules.disko + inputs.home-manager.nixosModules.home-manager { home-manager.extraSpecialArgs = { inherit configFiles inputs; }; home-manager.sharedModules = [ - nixvim.homeModules.nixvim + inputs.nixvim.homeModules.nixvim ./modules/home/nixvim.nix ]; home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; } - configuration - ./modules - sops-nix.nixosModules.sops { + inputs.sops-nix.nixosModules.sops + { sops = { age.generateKey = true; - age.keyFile = "/var/libs/sops-nix/key.txt"; + age.keyFile = "/var/lib/sops-nix/key.txt"; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; defaultSopsFile = ./secrets/secrets.yaml; }; } + ./modules ./users ] ++ roles; - pkgs = import nixpkgs { - config = { - allowUnfreePredicate = pkg: builtins.elem (nixpkgs.lib.getName pkg) allowed-unfree-packages; - }; - system = "${system}"; - }; - specialArgs = { - inherit configFiles inputs; - }; - system = "${system}"; }