Gleipnir/nixos-systems
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Gleipnir:98d075bf2f6e6871cad6e827fbb5247bba8de8b3
Branches Tags
Gleipnir:main
..
compare: Gleipnir:72c876ee69ab90263b07c8b2bd33a3b0af363d8a
Branches Tags
Gleipnir:main

10 commits
98d075bf2f ... 72c876ee69

Author SHA1 Message Date
Eli Ribble
72c876ee69
Add nix-unstable for LLM within our main flake 
This is a pretty big refactor of the way systems work, but it avoids
bifurcating further. At this commit point I actually used nixos-anywhere
on the staging server and it came out okay, which is encouraging.
 2026-05-09 00:17:11 +00:00
Eli Ribble
ee93e18a6b
Add some stuff to make pi agent happier 2026-05-08 23:25:58 +00:00
Eli Ribble
851f6d9655
Make timecardbot read from inputs 
So we don't have to plumb it through all the system args
 2026-05-08 20:53:52 +00:00
Eli Ribble
997584dcd7
Move permissions setup for pgadmin to one-off service 2026-05-08 20:53:34 +00:00
Eli Ribble
a2ca482b0b
Fix forgejo recipe, add caddy reverse proxy 2026-05-08 20:53:16 +00:00
Eli Ribble
98c8a60b10
Set quadcore-292465's big disk by id instead of temp label 2026-05-08 20:52:30 +00:00
Eli Ribble
bd9b9109d2
Initial work on establishing consistent AGENTS context 2026-05-08 19:58:33 +00:00
Eli Ribble
083e3e79b7
Add initial forgejo configuration 2026-05-08 18:56:50 +00:00
Eli Ribble
0ee91ff317
Preconfigure pgadmin database and user 
The initialScript doesn't work, really, because it only runs on database
creation, but it does document what I need.
 2026-05-08 18:14:07 +00:00
Eli Ribble
ab3d5473f2
Remove timecard-bot as a direct dependency of base flake 
we'll pass it through inputs instead
 2026-05-08 18:13:42 +00:00
18 changed files with 441 additions and 804 deletions
Download patch file Download diff file Expand all files Collapse all files

11
configs/users/eliribble/pi/AGENTS.md Normal file
View file

@ -0,0 +1,11 @@
# For agents
We're working together on building something. We're experts. We don't need to sugar-coat things. Prefer terseness over flowery language. Prefer facts over encouragement. Explain when asked, correct when wrong, but err on the side of trusting the other people to push for clarification.
## Environment
Everything happens on NixOS where we live. We are a NixOS-only shop. If you're thinking in terms of generic Linux, that's fine, it mostly applies, but if you're thinking in Debian, Fedora, or even Arch, you might as well translate. We're using flakes in NixOS, and the new-style nix command.
## Mood
Occasional sardonic points and passive-aggressive ribbing is worth bonus points.

201
flake.lock generated
View file

@ -63,6 +63,65 @@
"type": "github"
}
},
"blueprint": {
"inputs": {
"nixpkgs": [
"llm-agents",
"nixpkgs"
],
"systems": [
"llm-agents",
"systems"
]
},
"locked": {
"lastModified": 1776249299,
"narHash": "sha256-Dt9t1TGRmJFc0xVYhttNBD6QsAgHOHCArqGa0AyjrJY=",
"owner": "numtide",
"repo": "blueprint",
"rev": "56131e8628f173d24a27f6d27c0215eff57e40dd",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "blueprint",
"type": "github"
}
},
"bun2nix": {
"inputs": {
"flake-parts": [
"llm-agents",
"flake-parts"
],
"nixpkgs": [
"llm-agents",
"nixpkgs"
],
"systems": [
"llm-agents",
"systems"
],
"treefmt-nix": [
"llm-agents",
"treefmt-nix"
]
},
"locked": {
"lastModified": 1777369708,
"narHash": "sha256-1xW7cRZNsFNPQD+cE0fwnLVStnDth0HSoASEIFeT7uI=",
"owner": "nix-community",
"repo": "bun2nix",
"rev": "e659e1cc4b8e1b21d0aa85f1c481f9db61ecfa98",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "staging-2.1.0",
"repo": "bun2nix",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@ -138,6 +197,27 @@
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"llm-agents",
"nixpkgs"
]
},
"locked": {
"lastModified": 1777988971,
"narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
@ -199,7 +279,7 @@
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
@ -217,7 +297,7 @@
},
"flake-utils_4": {
"inputs": {
"systems": "systems_4"
"systems": "systems_5"
},
"locked": {
"lastModified": 1731533236,
@ -235,7 +315,7 @@
},
"flake-utils_5": {
"inputs": {
"systems": "systems_5"
"systems": "systems_6"
},
"locked": {
"lastModified": 1731533236,
@ -300,6 +380,29 @@
"type": "github"
}
},
"llm-agents": {
"inputs": {
"blueprint": "blueprint",
"bun2nix": "bun2nix",
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_2",
"systems": "systems_3",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1778276681,
"narHash": "sha256-8rXO94K3Ic6GnV7Ln2tjoeXFR7dCLsNKlPI7iFuPEfs=",
"owner": "numtide",
"repo": "llm-agents.nix",
"rev": "14a8ef979265f7795800842ea178cfef844ede47",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "llm-agents.nix",
"type": "github"
}
},
"napalm": {
"inputs": {
"flake-utils": [
@ -329,7 +432,7 @@
"nidus-sync": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_3",
"proj": "proj"
},
"locked": {
@ -393,7 +496,39 @@
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1778124196,
"narHash": "sha256-pYEytCNic/czazbV9r3tbQ6BZzqRBg/41x2dIC5ymOo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "68a8af93ff4297686cb68880845e61e5e2e41d92",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1772465433,
"narHash": "sha256-ywy9troNEfpgh0Ee+zaV1UTgU8kYBVKtvPSxh6clYGU=",
@ -409,7 +544,7 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1772542754,
"narHash": "sha256-WGV2hy+VIeQsYXpsLjdr4GvHv5eECMISX1zKLTedhdg=",
@ -425,7 +560,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1776734388,
"narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=",
@ -441,7 +576,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1775888245,
"narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=",
@ -457,7 +592,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1758763312,
"narHash": "sha256-puBMviZhYlqOdUUgEmMVJpXqC/ToEqSvkyZ30qQ09xM=",
@ -473,12 +608,12 @@
},
"nixvim": {
"inputs": {
"flake-parts": "flake-parts_2",
"flake-parts": "flake-parts_3",
"nixpkgs": [
"nixpkgs"
],
"nuschtosSearch": "nuschtosSearch",
"systems": "systems_6"
"systems": "systems_7"
},
"locked": {
"lastModified": 1769049374,
@ -521,7 +656,7 @@
"proj": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1772585816,
@ -614,9 +749,11 @@
"disko": "disko",
"fieldseeker-sync": "fieldseeker-sync",
"home-manager": "home-manager",
"llm-agents": "llm-agents",
"nidus-sync": "nidus-sync",
"nixos-facter-modules": "nixos-facter-modules",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim",
"sops-nix": "sops-nix",
"timecard-bot": "timecard-bot"
@ -624,7 +761,7 @@
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1776771786,
@ -730,9 +867,24 @@
"type": "github"
}
},
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"timecard-bot": {
"inputs": {
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_7",
"pyproject-nix": "pyproject-nix_2"
},
"locked": {
@ -750,6 +902,27 @@
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"llm-agents",
"nixpkgs"
]
},
"locked": {
"lastModified": 1775636079,
"narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"uv2nix": {
"inputs": {
"nixpkgs": [

80
flake.nix
View file

@ -20,6 +20,7 @@
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
llm-agents.url = "github:numtide/llm-agents.nix";
nidus-sync = {
type = "github";
owner = "Gleipnir-Technology";
@ -28,6 +29,7 @@
};
nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixvim = {
url = "github:nix-community/nixvim/nixos-25.11";
inputs.nixpkgs.follows = "nixpkgs";
@ -36,48 +38,44 @@
timecard-bot.url = "github:Gleipnir-Technology/timecard-bot?rev=8c81b6683f97aa2712323836e629adf102be58ac";
};
outputs = inputs@{ self, disko, home-manager, nixpkgs, nixvim, sops-nix, timecard-bot, ...}:
let
configFiles = pkgs.stdenv.mkDerivation {
installPhase = ''
mkdir -p $out
cp -r * $out/
'';
name = "config-files";
src = ./configs;
outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, ... }: {
nixosConfigurations = {
"nocix-amd-legacy-octacore" = import ./system.nix {
inherit inputs;
configuration = ./host/nocix/amd-legacy-octacore;
nixpkgs = nixpkgs;
roles = [
./roles/corp.nix
];
system = "x86_64-linux";
};
pkgs = nixpkgs.legacyPackages.${system};
system = "x86_64-linux";
in {
nixosConfigurations = {
"nocix-amd-legacy-octacore" = import ./system.nix {
configuration = ./host/nocix/amd-legacy-octacore;
roles = [
./roles/corp.nix
];
inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system timecard-bot;
};
"nocix-amd-legacy-quadcore" = import ./system.nix {
configuration = ./host/nocix/amd-legacy-quadcore;
roles = [
./roles/nidus-sync.nix
];
inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system timecard-bot;
};
"nocix-amd-legacy-quadcore-292465" = import ./system.nix {
configuration = ./host/nocix/amd-legacy-quadcore-292465;
roles = [ ];
inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system timecard-bot;
};
"nocix-amd-legacy-sexcore" = import ./system.nix {
configuration = ./host/nocix/amd-legacy-sexcore;
roles = [
./roles/nidus-marketing.nix
./roles/nidus-sync.nix
./roles/sovr.nix
];
inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system timecard-bot;
};
"nocix-amd-legacy-quadcore" = import ./system.nix {
inherit inputs;
configuration = ./host/nocix/amd-legacy-quadcore;
nixpkgs = nixpkgs;
roles = [
./roles/nidus-sync.nix
];
system = "x86_64-linux";
};
"nocix-amd-legacy-quadcore-292465" = import ./system.nix {
inherit inputs;
configuration = ./host/nocix/amd-legacy-quadcore-292465;
nixpkgs = nixpkgs-unstable;
roles = [ ./roles/llm.nix ];
system = "x86_64-linux";
};
"nocix-amd-legacy-sexcore" = import ./system.nix {
inherit inputs;
configuration = ./host/nocix/amd-legacy-sexcore;
nixpkgs = nixpkgs;
roles = [
./roles/nidus-marketing.nix
./roles/nidus-sync.nix
./roles/sovr.nix
];
system = "x86_64-linux";
};
};
};
}

4
home/eliribble/config/tmux/tmux.conf
View file

@ -20,3 +20,7 @@ set-window-option -g bell-action other
set -g window-status-style bg=yellow
set -g window-status-current-style bg=red,fg=white
# Set up modifier keys so that Shift+Enter and Ctrl+Enter are distinguishable
# based on https://github.com/earendil-works/pi/blob/main/packages/coding-agent/docs/tmux.md
set -g extended-keys on
set -g extended-keys-format csi-u

4
host/nocix/amd-legacy-quadcore-292465/disk-config.nix
View file

@ -35,9 +35,8 @@
};
};
};
/*
data = {
device = "/dev/sdb";
device = "/dev/disk/by-id/ata-Hitachi_HUA722020ALA331_B9HMU2WF";
type = "disk";
content = {
type = "gpt";
@ -56,7 +55,6 @@
};
};
};
*/
};
lvm_vg = {
pool = {

672
llm/flake.lock generated
View file

@ -1,672 +0,0 @@
{
"nodes": {
"authentik-go": {
"flake": false,
"locked": {
"lastModified": 1771856219,
"narHash": "sha256-zTEmvxe+BpfWYvAl675PnhXCH4jV4GUTFb1MrQ1Eyno=",
"owner": "goauthentik",
"repo": "client-go",
"rev": "4c1444ee54d945fbcc5ae107b4f191ca0352023d",
"type": "github"
},
"original": {
"owner": "goauthentik",
"repo": "client-go",
"type": "github"
}
},
"authentik-nix": {
"inputs": {
"authentik-go": "authentik-go",
"authentik-src": "authentik-src",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"napalm": "napalm",
"nixpkgs": [
"nixpkgs"
],
"pyproject-build-systems": "pyproject-build-systems",
"pyproject-nix": "pyproject-nix",
"systems": "systems",
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1776085803,
"narHash": "sha256-JvvWVbXJYSY8qOReMbAOD4lxcN2cjKV6lg/jLz8CEuY=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "4370b561c8bafb59773ce3a518506bcf1161dbdb",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "authentik-nix",
"type": "github"
}
},
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1775573258,
"narHash": "sha256-Xq7JGI/8ppIydIuWd9KRJKUrh7UpeniwvZ4NAtXbYJ4=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "5249546862986202b901c2afd860992ec48c6ef6",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2026.2.2",
"repo": "authentik",
"type": "github"
}
},
"blueprint": {
"inputs": {
"nixpkgs": [
"llm-agents",
"nixpkgs"
],
"systems": [
"llm-agents",
"systems"
]
},
"locked": {
"lastModified": 1776249299,
"narHash": "sha256-Dt9t1TGRmJFc0xVYhttNBD6QsAgHOHCArqGa0AyjrJY=",
"owner": "numtide",
"repo": "blueprint",
"rev": "56131e8628f173d24a27f6d27c0215eff57e40dd",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "blueprint",
"type": "github"
}
},
"bun2nix": {
"inputs": {
"flake-parts": [
"llm-agents",
"flake-parts"
],
"nixpkgs": [
"llm-agents",
"nixpkgs"
],
"systems": [
"llm-agents",
"systems"
],
"treefmt-nix": [
"llm-agents",
"treefmt-nix"
]
},
"locked": {
"lastModified": 1777369708,
"narHash": "sha256-1xW7cRZNsFNPQD+cE0fwnLVStnDth0HSoASEIFeT7uI=",
"owner": "nix-community",
"repo": "bun2nix",
"rev": "e659e1cc4b8e1b21d0aa85f1c481f9db61ecfa98",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "staging-2.1.0",
"repo": "bun2nix",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1777713215,
"narHash": "sha256-8GzXDOXckDWwST8TY5DbwYFjdvQLlP7K9CLSVx6iTTo=",
"owner": "nix-community",
"repo": "disko",
"rev": "63b4e7e6cf75307c1d26ac3762b886b5b0247267",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1769996383,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"llm-agents",
"nixpkgs"
]
},
"locked": {
"lastModified": 1777988971,
"narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1768135262,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": [
"authentik-nix",
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1777851538,
"narHash": "sha256-Gp8qwTEYNoy2yvmErVGlvLOQvrtEECCAKbonW7VJef8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "cc09c0f9b7eaa95c2d9827338a5eb03d32505ca5",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
},
"ixx": {
"inputs": {
"flake-utils": [
"nixvim",
"nuschtosSearch",
"flake-utils"
],
"nixpkgs": [
"nixvim",
"nuschtosSearch",
"nixpkgs"
]
},
"locked": {
"lastModified": 1754860581,
"narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.1.1",
"repo": "ixx",
"type": "github"
}
},
"llm-agents": {
"inputs": {
"blueprint": "blueprint",
"bun2nix": "bun2nix",
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs",
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1778219255,
"narHash": "sha256-fAJUly400K2SoP75LaZ7x1fhwau2BxI7XBY4UgFXm6A=",
"owner": "numtide",
"repo": "llm-agents.nix",
"rev": "8dc08cc44249bacfabaf4e25e223ec9d1e7d677b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "llm-agents.nix",
"type": "github"
}
},
"napalm": {
"inputs": {
"flake-utils": [
"authentik-nix",
"flake-utils"
],
"nixpkgs": [
"authentik-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1725806412,
"narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=",
"owner": "willibutz",
"repo": "napalm",
"rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5",
"type": "github"
},
"original": {
"owner": "willibutz",
"ref": "avoid-foldl-stack-overflow",
"repo": "napalm",
"type": "github"
}
},
"nixos-facter-modules": {
"locked": {
"lastModified": 1773858690,
"narHash": "sha256-oW0/lC0oRG5H5LaK6Rmh9L1wmkn9TbenM4bXwnIEDKA=",
"owner": "numtide",
"repo": "nixos-facter-modules",
"rev": "139dcef4dfc97009629c445806f197883351ab4a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nixos-facter-modules",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1778124196,
"narHash": "sha256-pYEytCNic/czazbV9r3tbQ6BZzqRBg/41x2dIC5ymOo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "68a8af93ff4297686cb68880845e61e5e2e41d92",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1769909678,
"narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "72716169fe93074c333e8d0173151350670b824c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1775888245,
"narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "13043924aaa7375ce482ebe2494338e058282925",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": {
"inputs": {
"flake-parts": "flake-parts_3",
"nixpkgs": [
"nixpkgs"
],
"nuschtosSearch": "nuschtosSearch",
"systems": "systems_4"
},
"locked": {
"lastModified": 1769049374,
"narHash": "sha256-h0Os2qqNyycDY1FyZgtbn28VF1ySP74/n0f+LDd8j+w=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "b8f76bf5751835647538ef8784e4e6ee8deb8f95",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "nixos-25.11",
"repo": "nixvim",
"type": "github"
}
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils_2",
"ixx": "ixx",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1768249818,
"narHash": "sha256-ANfn5OqIxq3HONPIXZ6zuI5sLzX1sS+2qcf/Pa0kQEc=",
"owner": "NuschtOS",
"repo": "search",
"rev": "b6f77b88e9009bfde28e2130e218e5123dc66796",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"repo": "search",
"type": "github"
}
},
"pyproject-build-systems": {
"inputs": {
"nixpkgs": [
"authentik-nix",
"nixpkgs"
],
"pyproject-nix": [
"authentik-nix",
"pyproject-nix"
],
"uv2nix": [
"authentik-nix",
"uv2nix"
]
},
"locked": {
"lastModified": 1771423342,
"narHash": "sha256-7uXPiWB0YQ4HNaAqRvVndYL34FEp1ZTwVQHgZmyMtC8=",
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"rev": "04e9c186e01f0830dad3739088070e4c551191a4",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"type": "github"
}
},
"pyproject-nix": {
"inputs": {
"nixpkgs": [
"authentik-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1771518446,
"narHash": "sha256-nFJSfD89vWTu92KyuJWDoTQJuoDuddkJV3TlOl1cOic=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "eb204c6b3335698dec6c7fc1da0ebc3c6df05937",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"type": "github"
}
},
"root": {
"inputs": {
"authentik-nix": "authentik-nix",
"disko": "disko",
"home-manager": "home-manager",
"llm-agents": "llm-agents",
"nixos-facter-modules": "nixos-facter-modules",
"nixpkgs": "nixpkgs_2",
"nixvim": "nixvim",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1777944972,
"narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"llm-agents",
"nixpkgs"
]
},
"locked": {
"lastModified": 1775636079,
"narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"uv2nix": {
"inputs": {
"nixpkgs": [
"authentik-nix",
"nixpkgs"
],
"pyproject-nix": [
"authentik-nix",
"pyproject-nix"
]
},
"locked": {
"lastModified": 1772187362,
"narHash": "sha256-gCojeIlQ/rfWMe3adif3akyHsT95wiMkLURpxTeqmPc=",
"owner": "pyproject-nix",
"repo": "uv2nix",
"rev": "abe65de114300de41614002fe9dce2152ac2ac23",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "uv2nix",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

48
llm/flake.nix
View file

@ -1,48 +0,0 @@
{
description = "Multi-host NixOS configuration";
inputs = {
authentik-nix = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:nix-community/authentik-nix";
};
disko = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:nix-community/disko";
};
home-manager = {
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
llm-agents.url = "github:numtide/llm-agents.nix";
nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixvim = {
url = "github:nix-community/nixvim/nixos-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix.url = "github:Mic92/sops-nix";
};
outputs = inputs@{ self, disko, home-manager, nixpkgs, nixvim, sops-nix, ...}:
let
configFiles = pkgs.stdenv.mkDerivation {
installPhase = ''
mkdir -p $out
cp -r * $out/
'';
name = "config-files";
src = ../configs;
};
pkgs = nixpkgs.legacyPackages.${system};
system = "x86_64-linux";
in {
nixosConfigurations = {
"nocix-amd-legacy-quadcore-292465" = import ../system.nix {
configuration = ../host/nocix/amd-legacy-quadcore-292465;
roles = [../roles/llm.nix ];
inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system;
};
};
};
}

2
modules/home/default.nix
View file

@ -3,5 +3,7 @@
./base.nix
./fish.nix
./git.nix
./nixvim.nix
./pi.nix
];
}

22
modules/home/pi.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, configFiles, lib, pkgs, ... }:
with lib;
{
options.myModules.home.pi = {
enable = mkEnableOption "custom pi agent configuration";
};
config = mkIf config.myModules.home.pi.enable (
let
# Use user-specific config if it exists
configPath = (configFiles + "/users/${config.myModules.home.user}/pi");
in {
# Use the correct Home Manager option
home.file.".pi" = {
source = configPath;
recursive = true;
};
}
);
}

1
modules/system/default.nix
View file

@ -14,6 +14,7 @@
./element-web.nix
#./fieldseeker-sync.nix
./fish.nix
./forgejo.nix
./label-studio.nix
./librechat.nix
./minio.nix

55
modules/system/forgejo.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.forgejo;
srv = cfg.settings.server;
in {
options.myModules.forgejo.enable = mkEnableOption "custom forgejo configuration";
config = mkIf config.myModules.forgejo.enable {
services.caddy.virtualHosts."source.gleipnir.technology".extraConfig = ''
reverse_proxy unix//var/run/forgejo/socket
'';
services.forgejo = {
database.type = "postgres";
enable = true;
# Enable support for Git Large File Storage
lfs.enable = true;
settings = {
# Add support for actions, based on act: https://github.com/nektos/act
actions = {
ENABLED = false;
DEFAULT_ACTIONS_URL = "github";
};
# Sending emails is completely optional
# You can send a test email from the web UI at:
# Profile Picture > Site Administration > Configuration > Mailer Configuration
#mailer = {
#ENABLED = false;
#SMTP_ADDR = "mail.example.com";
#FROM = "noreply@${srv.DOMAIN}";
#USER = "noreply@${srv.DOMAIN}";
#};
server = {
DOMAIN = "source.gleipnir.technology";
# You need to specify this to remove the port from URLs in the web UI.
HTTP_ADDR = "/var/run/forgejo/socket";
PROTOCOL = "http+unix";
ROOT_URL = "https://${srv.DOMAIN}/";
};
# You can temporarily allow registration to create an admin user.
service.DISABLE_REGISTRATION = true;
# Enable ssh user for 'git push'
ssh = {
PORT = 22;
};
};
stateDir = "/mnt/bigdisk/forgejo";
#mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
};
systemd.tmpfiles.rules = [
"d /var/run/forgejo 0750 forgejo forgejo - -"
];
};
}

69
modules/system/pgadmin.nix
View file

@ -2,6 +2,8 @@
with lib;
let
databaseName = "nidus-sync";
dbUsername = "pgadmin";
cfg = config.myModules.pgadmin;
group = "root";
port = 10100;
@ -28,8 +30,73 @@ in {
services.pgadmin = {
enable = true;
initialEmail = "eli@gleipnir.technology";
initialPasswordFile = "/var/run/secrets/pgadmin.yaml";
initialPasswordFile = config.sops.secrets."pgadmin-initial-password-file".path;
port = port;
settings = {
# Pre-configure the database server
Servers = {
"1" = {
Name = "Local ${databaseName}";
Group = "Servers";
Host = "/run/postgresql"; # unix socket directory
Port = 5432;
MaintenanceDB = "postgres";
Username = dbUsername;
SSLMode = "prefer";
};
};
};
};
services.postgresql = {
ensureUsers = [{
# Read only user for pgadmin
ensureClauses.login = true;
name = dbUsername;
}];
};
systemd.services.pgadmin-setup-permissions = {
description = "Setup read-only permissions for pgadmin user";
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
User = "postgres";
RemainAfterExit = true;
};
script = ''
${config.services.postgresql.package}/bin/psql -d ${databaseName} << 'EOF'
-- Grant connection to database
GRANT CONNECT ON DATABASE ${databaseName} TO pgadmin;
-- Dynamically grant permissions on all non-system schemas
DO $$
DECLARE
schema_name text;
BEGIN
FOR schema_name IN
SELECT nspname
FROM pg_namespace
WHERE nspname NOT IN ('pg_catalog', 'information_schema', 'pg_toast')
AND nspname NOT LIKE 'pg_temp%'
AND nspname NOT LIKE 'pg_toast_temp%'
LOOP
EXECUTE format('GRANT USAGE ON SCHEMA %I TO pgadmin', schema_name);
EXECUTE format('GRANT SELECT ON ALL TABLES IN SCHEMA %I TO pgadmin', schema_name);
EXECUTE format('GRANT SELECT ON ALL SEQUENCES IN SCHEMA %I TO pgadmin', schema_name);
EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT SELECT ON TABLES TO pgadmin', schema_name);
END LOOP;
END $$;
EOF
'';
# This ensures the service runs again when you deploy changes
restartTriggers = [
config.services.postgresql.package
"${databaseName}"
];
};
sops.secrets."pgadmin-initial-password-file" = {
format = "yaml";

11
modules/system/pi.nix
View file

@ -16,6 +16,7 @@ in {
config = mkIf config.myModules.pi.enable {
environment.systemPackages = with inputs.llm-agents.packages.${pkgs.stdenv.hostPlatform.system}; [
pkgs.nodejs_24
pi
];
sops.secrets."pi-env" = {
@ -27,4 +28,14 @@ in {
sopsFile = ../../secrets/pi.env;
};
};
/* notes on other stuff I did
I'm installing pi-semaphore and pi-tmux with:
```shell
pi install git:github.com/offline-ant/pi-semaphore
pi install git:github.com/offline-ant/pi-tmux
```
*/
}

4
modules/system/timecardbot.nix
View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, timecard-bot, ... }:
{ config, inputs, lib, pkgs, ... }:
with lib;
let
timecard-bot-pkg = timecard-bot.packages.x86_64-linux.default;
timecard-bot-pkg = inputs.timecard-bot.packages.x86_64-linux.default;
in
{
options.myModules.timecardbot.enable = mkEnableOption "custom timecardbot configuration";

4
nixos-anywhere/nocix/disk-config.nix
View file

@ -35,9 +35,8 @@
};
};
};
/*
data = {
device = "/dev/sdb";
device = "/dev/disk/by-id/ata-Hitachi_HUA722020ALA331_B9HMU2WF";
type = "disk";
content = {
type = "gpt";
@ -56,7 +55,6 @@
};
};
};
*/
};
lvm_vg = {
pool = {

1
roles/corp.nix
View file

@ -4,6 +4,7 @@
caddy.enable = true;
cloudreve.enable = true;
collabora.enable = true;
forgejo.enable = true;
glitchtip.enable = true;
element-web.enable = true;
label-studio.enable = true;

55
system.nix
View file

@ -1,44 +1,59 @@
{ configFiles, configuration, disko, home-manager, inputs, nixpkgs, nixvim, roles, sops-nix, system }:
let
{ configuration, inputs, nixpkgs, roles ? [], system}:
let
allowed-unfree-packages = [
"corefonts"
"google-chrome"
"mongodb"
];
in nixpkgs.lib.nixosSystem {
configFiles = nixpkgs.legacyPackages.${system}.stdenv.mkDerivation {
name = "config-files";
src = ./configs;
installPhase = ''
mkdir -p $out
cp -r * $out/
'';
};
pkgs = import nixpkgs {
inherit system;
config = {
allowUnfreePredicate = pkg:
builtins.elem (nixpkgs.lib.getName pkg) allowed-unfree-packages;
};
};
in
nixpkgs.lib.nixosSystem {
inherit system pkgs;
specialArgs = {
inherit inputs configFiles;
};
modules = [
configuration
inputs.authentik-nix.nixosModules.default
disko.nixosModules.disko
home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko
inputs.home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = { inherit configFiles inputs; };
home-manager.sharedModules = [
nixvim.homeModules.nixvim
inputs.nixvim.homeModules.nixvim
./modules/home/nixvim.nix
];
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
configuration
./modules
sops-nix.nixosModules.sops {
inputs.sops-nix.nixosModules.sops
{
sops = {
age.generateKey = true;
age.keyFile = "/var/libs/sops-nix/key.txt";
age.keyFile = "/var/lib/sops-nix/key.txt";
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = ./secrets/secrets.yaml;
};
}
./modules
./users
] ++ roles;
pkgs = import nixpkgs {
config = {
allowUnfreePredicate = pkg: builtins.elem (nixpkgs.lib.getName pkg) allowed-unfree-packages;
};
system = "${system}";
};
specialArgs = {
inherit configFiles inputs;
};
system = "${system}";
}

1
users/eliribble.nix
View file

@ -9,6 +9,7 @@ with lib;
myModules.home = {
fish.enable = true;
git.enable = true;
pi.enable = true;
user = "eliribble";
};