diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md new file mode 100644 index 0000000..a418d10 --- /dev/null +++ b/.github/copilot-instructions.md @@ -0,0 +1,43 @@ +# Copilot Instructions for EmergentMind's Nix-Config + +## Project Overview +- This is a modular, flake-based NixOS configuration system, designed for multi-host, multi-user, and reproducible setups. +- Major directories: + - `hosts/`: Per-host NixOS configs (e.g., `hosts/nixos/Bellerophon/`). + - `home/`: Per-user Home Manager configs. + - `modules/`: Reusable NixOS and Home Manager modules, auto-imported via `lib.custom.scanPaths`. + - `overlays/`, `pkgs/`: Custom packages and overlays. + - `nixos-installer/`: Standalone flake for bootstrapping new hosts, with its own README and workflows. + - `docs/`: Project documentation, including secrets management. + - `scripts/`: Helper scripts for bootstrap, rebuild, sops, etc. + +## Key Patterns & Conventions +- **Imports**: Use `lib.custom.relativeToRoot` and `lib.custom.scanPaths` for DRY, recursive module imports. +- **Host/Module Structure**: Each host and user has a directory with a `default.nix` as entrypoint. Common/optional configs are split for clarity. +- **Disk Layout**: Disk setup is handled by `disko` modules, with per-host overrides for device and swap. +- **Secrets**: Secrets are managed via a private `nix-secrets` repo and sops-nix. See `docs/secretsmgmt.md` and `nixos-installer/README.md` for details. +- **VSCode/Language Support**: Language-specific VSCode configs live in `home/panotaka/common/optional/coding/vscode/languages/` and are imported via the main VSCode module. + +## Developer Workflows +- **Build & Rebuild**: Use `just rebuild` (runs pre/post hooks, see `justfile`). For full checks: `just rebuild-full` or `just check`. +- **ISO Generation**: `just iso` builds a custom NixOS installer ISO. +- **Secrets**: Use `just rekey`, `just sops-add-creation-rules`, and related commands for sops/age key management. +- **Sync/Deploy**: Use `just sync` and `just build-host` for remote deployment. +- **Testing**: Tests live in `tests/` and use `bats`. + +## Integration Points +- **External**: Relies on `nix-secrets` (private), sops-nix, disko, stylix, nix4vscode, and nixos-hardware modules. +- **Cross-Component**: Host configs import common modules and optional features via mapped imports. Home Manager and NixOS modules are kept separate but coordinated. + +## Examples +- To add a new host: copy an existing host dir in `hosts/nixos/`, update disk and user settings, and add secrets as per `nixos-installer/README.md`. +- To add a new language to VSCode: add a `.nix` file to `vscode/languages/` and import it in the main VSCode module. +- To update secrets: run `just rekey` and follow the documented workflow. + +## References +- See `README.md`, `nixos-installer/README.md`, and `docs/secretsmgmt.md` for deep dives on architecture and workflows. +- For module patterns, see `modules/` and `hosts/common/core/`. + +--- + +If you are unsure about a workflow or pattern, check the referenced docs or ask for clarification in your PR. diff --git a/flake.lock b/flake.lock index 8320ba9..5aa96e8 100644 --- a/flake.lock +++ b/flake.lock @@ -108,11 +108,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1753960904, - "narHash": "sha256-TmE3Js0sfe6k+QHxfSjlHUvGsZA1ULTHhdS/QRub7CY=", + "lastModified": 1754418859, + "narHash": "sha256-6fnM9o5RIG3OtuBF0yhQMECtqzc5pXAc1uSkVaffy58=", "owner": "cachix", "repo": "devenv", - "rev": "820d57bd5494201af2205bf84b231cce1190471c", + "rev": "e13cd53579f6a0f441ac09230178dccb3008dd36", "type": "github" }, "original": { @@ -176,11 +176,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -336,11 +336,11 @@ }, "hardware": { "locked": { - "lastModified": 1753122741, - "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", + "lastModified": 1754316476, + "narHash": "sha256-Ry1gd1BQrNVJJfT11cpVP0FY8XFMx4DJV2IDp01CH9w=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", + "rev": "9368056b73efb46eb14fd4667b99e0f81b805f28", "type": "github" }, "original": { @@ -435,11 +435,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1753928075, - "narHash": "sha256-GiYailXbRD+Mb42lC6ExUIbut6D+bK1rKp6WPR7No3o=", + "lastModified": 1754446571, + "narHash": "sha256-f+Shs8gU0AhN3Q0N1dycqossDqUGQWVaR65ILFo9hNY=", "owner": "nix-community", "repo": "nix4vscode", - "rev": "2eb803b3f2ef728a509559c7512b961f546cd077", + "rev": "b6ee5ce110217325d059222e87e471577effbc3c", "type": "github" }, "original": { @@ -450,11 +450,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1753122741, - "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", + "lastModified": 1754316476, + "narHash": "sha256-Ry1gd1BQrNVJJfT11cpVP0FY8XFMx4DJV2IDp01CH9w=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", + "rev": "9368056b73efb46eb14fd4667b99e0f81b805f28", "type": "github" }, "original": { @@ -514,11 +514,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1753694789, - "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", + "lastModified": 1754214453, + "narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", + "rev": "5b09dc45f24cf32316283e62aec81ffee3c3e376", "type": "github" }, "original": { @@ -530,11 +530,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1753749649, - "narHash": "sha256-+jkEZxs7bfOKfBIk430K+tK9IvXlwzqQQnppC2ZKFj4=", + "lastModified": 1754292888, + "narHash": "sha256-1ziydHSiDuSnaiPzCQh1mRFBsM2d2yRX9I+5OPGEmIE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1f08a4df998e21f4e8be8fb6fbf61d11a1a5076a", + "rev": "ce01daebf8489ba97bd1609d185ea276efdeb121", "type": "github" }, "original": { @@ -579,11 +579,11 @@ ] }, "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "lastModified": 1754416808, + "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", "type": "github" }, "original": { @@ -631,11 +631,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1753921619, - "narHash": "sha256-XAXQZYm/Cyj2PYER+N6K0YlkZsBF5sPpYoylQLLE6d0=", + "lastModified": 1753979771, + "narHash": "sha256-MdMdQymbivEWWkC5HqeLYtP8FYu0SqiSpiRlyw9Fm3Y=", "owner": "danth", "repo": "stylix", - "rev": "3e500983c46d88ab36aa2f971bca13cba966a011", + "rev": "5b81b0c4fbab3517b39d63f493760d33287150ad", "type": "github" }, "original": { @@ -789,11 +789,11 @@ ] }, "locked": { - "lastModified": 1753933355, - "narHash": "sha256-4QxMcKS6oc+cG8efwwAin4M+YOokBak1dVS8u5P3b5M=", + "lastModified": 1754458246, + "narHash": "sha256-6fvYurXcdg+AC7IBoLEgRIU3GXMaAaVwnteKk9OKBBM=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "fa795a139a8c92b140bc21f11f61da1c97ad5b1d", + "rev": "f806c5bfd831b8f9333b31f45b85b711025ba3de", "type": "github" }, "original": { diff --git a/home/panotaka/common/optional/browsers/zen.nix b/home/panotaka/common/optional/browsers/zen.nix index 70b4abf..e79c57f 100644 --- a/home/panotaka/common/optional/browsers/zen.nix +++ b/home/panotaka/common/optional/browsers/zen.nix @@ -1,9 +1,13 @@ -{inputs, ...}: { +{ + inputs, + pkgs, + ... +}: { # home.nix imports = [ inputs.zen-browser.homeModules.beta - # or inputs.zen-browser.homeModules.twilight - # or inputs.zen-browser.homeModules.twilight-official + # inputs.zen-browser.homeModules.twilight + # inputs.zen-browser.homeModules.twilight-official ]; programs.zen-browser = { @@ -19,6 +23,13 @@ DontCheckDefaultBrowser = true; NoDefaultBookmarks = true; OfferToSaveLogins = false; + EnableTrackingProtection = { + Value = true; + Locked = true; + Cryptomining = true; + Fingerprinting = true; + }; }; + nativeMessagingHosts = [pkgs.firefoxpwa]; }; } diff --git a/home/panotaka/common/optional/coding/vscode/languages/godot.nix b/home/panotaka/common/optional/coding/vscode/languages/godot.nix new file mode 100644 index 0000000..2e1f882 --- /dev/null +++ b/home/panotaka/common/optional/coding/vscode/languages/godot.nix @@ -0,0 +1,16 @@ +{pkgs, ...}: { + programs.vscode = { + extensions = pkgs.nix4vscode.forVscode [ + # Godot language support + "geequlim.godot-tools" + ]; + userSettings = { + # Add Godot-specific settings here + }; + }; + + # Additional packages for Godot development + home.packages = with pkgs; [ + godot + ]; +} diff --git a/hosts/common/optional/kde.nix b/hosts/common/optional/kde.nix index 04be650..ee45274 100644 --- a/hosts/common/optional/kde.nix +++ b/hosts/common/optional/kde.nix @@ -1,5 +1,7 @@ -{ +{pkgs, ...}: { services.desktopManager.plasma6.enable = true; environment.sessionVariables.GTK_USE_PORTAL = "1"; environment.sessionVariables.NIXOS_OZONE_WL = "1"; + environment.sessionVariables.KWIN_DRM_PREFER_COLOR_DEPTH = "24"; + environment.systemPackages = with pkgs.kdePackages; [plasma-thunderbolt sddm-kcm]; } diff --git a/hosts/common/optional/thunderbolt.nix b/hosts/common/optional/thunderbolt.nix new file mode 100644 index 0000000..24418fa --- /dev/null +++ b/hosts/common/optional/thunderbolt.nix @@ -0,0 +1,8 @@ +{ + config, + lib, + pkgs, + ... +}: { + services.hardware.bolt.enable = true; +} diff --git a/hosts/nixos/Bellerophon/default.nix b/hosts/nixos/Bellerophon/default.nix index 2f6cc33..7d566bd 100644 --- a/hosts/nixos/Bellerophon/default.nix +++ b/hosts/nixos/Bellerophon/default.nix @@ -69,6 +69,7 @@ # The following are for example sake only and are not necessarily required. #"hosts/common/optional/services/openssh.nix" # allow remote SSH access "hosts/common/optional/services/bluetooth.nix" + "hosts/common/optional/thunderbolt.nix" "hosts/common/optional/services/ollama.nix" "hosts/common/optional/services/docker.nix" "hosts/common/optional/services/tailscale.nix" diff --git a/hosts/nixos/Bellerophon/hardware-configuration.nix b/hosts/nixos/Bellerophon/hardware-configuration.nix index 4653ed4..0577b12 100644 --- a/hosts/nixos/Bellerophon/hardware-configuration.nix +++ b/hosts/nixos/Bellerophon/hardware-configuration.nix @@ -14,7 +14,8 @@ boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "vmd" "nvme" "usbhid"]; boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; + boot.kernelModules = ["kvm-intel" "evdi"]; + boot.kernelParams = ["i915.enable_psr=0"]; boot.kernelPatches = [ /* { @@ -39,9 +40,9 @@ sof-firmware #rotation stuff - pkgs.gnome-monitor-config - pkgs.usbutils - pkgs.inotify-tools - pkgs.kdePackages.libkscreen + gnome-monitor-config + usbutils + inotify-tools + kdePackages.libkscreen ]; }