diff --git a/.clinerules b/.clinerules deleted file mode 100644 index d16acfb..0000000 --- a/.clinerules +++ /dev/null @@ -1,323 +0,0 @@ -# DEPRECATED - Use docs/agents.md instead - -This file is deprecated. All project-specific rules, guidelines, and documentation for AI agents have been moved to: -**`docs/agents.md`** - -The new file is more comprehensive and actively maintained. Please use it instead of this file for all AI agent operations. - ---- - -# NixOS Configuration Repository - AI Agent Guidelines - -This file contains project-specific rules and guidelines for AI agents working with this NixOS configuration repository. Follow these rules to ensure consistent, secure, and maintainable configurations. - -**Note:** The content below is deprecated. See `docs/agents.md` for the latest information. - -## Core Principles - -### 1. Declarative Configuration -- All system state must be defined in Nix expressions -- Never use imperative commands for permanent changes -- Every configuration change should be reproducible - -### 2. Modular Architecture -- Maintain separation between hardware, software, and user configurations -- Use existing modules before creating new ones -- Follow the established directory structure strictly - -### 3. Security First -- Never expose sensitive data (passwords, private keys, API tokens) -- Use proper user privilege separation -- Validate all external inputs and configurations - -## File Structure Rules - -### Module Placement -``` -desktop/ # Desktop environment configurations - ├── dev.nix # Development tools and languages - ├── gaming.nix # Games and gaming platforms - ├── media.nix # Audio/video software - └── *.nix # Other desktop applications - -systems/ # Hardware-specific configurations - ├── common.nix # Shared system settings - ├── framework.nix # Framework laptop - └── hostname.nix # Other hardware configs - -users/ # User configurations with Home Manager - ├── jsutter.nix # Primary user - └── username.nix # Additional users - -servers/ # Server-specific configurations - ├── common.nix # Base server settings - └── service.nix # Specific services -``` - -### File Naming Conventions -- Use lowercase with hyphens: `vpn-config.nix`, `development-tools.nix` -- System configurations must match hostname: `framework.nix`, `aurora.nix` -- User configurations must match username: `jsutter.nix`, `isutter.nix` - -## Nix/NixOS Specific Guidelines - -### Function Parameters -Always include these parameters in configuration modules: -```nix -{ config, pkgs, pkgs-unstable, lib, ... }: # For modules using unstable packages -{ config, pkgs, lib, ... }: # For stable-only modules -``` - -### Package Management Rules - -#### Stable vs Unstable Packages -```nix -# PREFERRED: Use stable packages by default -environment.systemPackages = with pkgs; [ - firefox - git - vim -]; - -# ACCEPTABLE: Use unstable when necessary -# Add comments explaining why unstable is needed -environment.systemPackages = with pkgs; [ - firefox - pkgs-unstable.windsurf # Latest features not in stable -]; -``` - -#### Package Selection Criteria -1. **Use stable unless**: Package doesn't exist OR needs newer version -2. **Document reasons**: Always comment why unstable is used -3. **Test thoroughly**: Unstable packages may have issues -4. **Review regularly**: Check if unstable packages can move to stable - -### Module Organization Patterns - -#### System Configuration Pattern -```nix -{ config, lib, pkgs, ... }: -{ - # Always include hostname first - networking.hostName = "system-name"; - - # Hardware configuration - fileSystems."/" = { ... }; - fileSystems."/boot" = { ... }; - - # System-specific settings - # Group related configurations together -} -``` - -#### User Configuration Pattern -```nix -{ config, pkgs, pkgs-unstable, home-manager, ... }: -{ - # System user definition - users.users.username = { - shell = pkgs.zsh; - isNormalUser = true; - description = "User Description"; - extraGroups = [ "networkmanager" "wheel" ]; # Only essential groups - }; - - # Home Manager configuration - home-manager.users.username = { - home.username = "username"; - home.homeDirectory = "/home/username"; - home.stateVersion = "25.05"; - - # User configurations - }; -} -``` - -## Security Rules - -### Sensitive Data Handling -- **NEVER** commit plaintext passwords -- **NEVER** commit private SSH keys -- **NEVER** commit API tokens or secrets -- **ALWAYS** use hashed passwords: `hashedPassword = "$6$..."` -- **CONSIDER** using sops-nix for advanced secret management - -### User Privilege Management -```nix -# GOOD: Minimal necessary groups -extraGroups = [ "networkmanager" "wheel" "audio" ]; - -# BAD: Over-privileged users -extraGroups = [ "networkmanager" "wheel" "audio" "video" "input" "disk" "lp" "scanner" ]; -``` - -### SSH Key Management -```nix -# GOOD: Use authorizedKeys for SSH access -openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBNVUh+RrcOSMRV6qysnsdPs5AyK8dSm4QhhnwgpikyI user@domain" -]; - -# FORBIDDEN: Never include private keys -``` - -## Configuration Best Practices - -### Code Style -- Use 2-space indentation -- Align attribute lists consistently -- Add comments for non-obvious configurations -- Group related configurations together - -### Module Dependencies -- Avoid circular dependencies between modules -- Use proper imports for shared utilities -- Document module dependencies in comments - -### Resource Management -```nix -# GOOD: Enable services only when needed -services.openssh.enable = true; -services.printing.enable = false; - -# GOOD: Configure sensible defaults -boot.kernelPackages = pkgs.linuxPackages_latest; - -# GOOD: Enable garbage collection -nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 7d"; -}; -``` - -## Testing and Validation - -### Pre-commit Testing -ALWAYS run these commands before submitting changes: - -```bash -# 1. Syntax check -nix flake check - -# 2. Dry run for affected systems -sudo nixos-rebuild dry-run --flake .#framework -sudo nixos-rebuild dry-run --flake .#aurora -sudo nixos-rebuild dry-run --flake .#labrizor - -# 3. Check flake outputs -nix flake show -``` - -### Build Verification -- Test on at least one system before merging -- Verify all services start correctly -- Check for package conflicts -- Validate hardware-specific configurations - -### Rollback Planning -- Always know how to rollback changes -- Keep previous generation available -- Document critical system dependencies - -## Common Workflows - -### Adding New Packages -1. **Determine appropriate module** (desktop/, systems/, users/) -2. **Check if package exists** in stable channel -3. **Use unstable only if necessary** with documentation -4. **Test with dry-run** before applying -5. **Update relevant documentation** - -### Creating New Modules -1. **Follow existing patterns** in similar modules -2. **Include proper function parameters** -3. **Add descriptive comments** -4. **Test module independently** -5. **Update flake.nix** if needed - -### System Modifications -1. **Identify correct system file** in `systems/` -2. **Backup current configuration** -3. **Make minimal, focused changes** -4. **Test thoroughly on target system** -5. **Document hardware-specific requirements** - -## Forbidden Patterns - -### NEVER DO THESE: -- **Hardcode paths**: Use Nix store paths or derivations -- **Ignore errors**: All configuration errors must be resolved -- **Skip testing**: Always validate changes before applying -- **Mix concerns**: Don't put desktop configs in system files -- **Use mutable state**: Avoid commands that modify /etc directly - -### INSTEAD DO THESE: -- **Use proper Nix expressions** for all configurations -- **Handle errors explicitly** with appropriate error messages -- **Test before deploying** with dry-run and build tests -- **Maintain separation** between hardware, software, users -- **Use declarative approach** for all system changes - -## Documentation Requirements - -### Code Comments -- Explain non-obvious configurations -- Document reasons for unstable package usage -- Note hardware-specific requirements -- Reference external dependencies - -### Commit Messages -- Use clear, descriptive commit messages -- Reference affected systems/modules -- Explain reasoning for significant changes -- Include testing steps when applicable -- **Update docs/agents.md changelog** when making structural or procedural changes - -## Emergency Procedures - -### System Recovery -If a system fails to boot after changes: -1. Boot from installation media -2. Mount root filesystem: `mount /dev/disk/by-partlabel/primary /mnt` -3. Roll back: `sudo nixos-rebuild switch --rollback` -4. Identify and fix configuration issues -5. Test before rebooting - -### Configuration Rollback -```bash -# List available generations -sudo nix-env --list-generations --profile /nix/var/nix/profiles/system - -# Rollback to previous working generation -sudo nixos-rebuild switch --profile-name generation-123 - -# Or use rollback shortcut -sudo nixos-rebuild switch --rollback -``` - -## Agent-Specific Rules - -### Before Making Changes -1. **Read existing documentation** in docs/ -2. **Understand current configuration** patterns -3. **Identify impact scope** of proposed changes -4. **Plan testing strategy** for affected systems - -### During Development -1. **Follow established patterns** exactly -2. **Add appropriate comments** explaining changes -3. **Test incrementally** with dry-run checks -4. **Document new patterns** if introducing changes - -### After Changes -1. **Run complete test suite** -2. **Update `docs/agents.md`** if repository structure or procedures changed -3. **Update relevant documentation** -4. **Verify all systems** build successfully -5. **Commit with clear message** describing changes - ---- - -These rules ensure consistent, secure, and maintainable NixOS configurations. Follow them strictly, and ask for clarification when unsure about any requirement. diff --git a/.gitignore b/.gitignore index 577b0a0..8f9931d 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,4 @@ hardware-configuration.nix +result +*.swp +*~ diff --git a/desktop/3dprinting.nix b/desktop/3dprinting.nix index 6e1c312..1483d16 100644 --- a/desktop/3dprinting.nix +++ b/desktop/3dprinting.nix @@ -3,7 +3,6 @@ { environment.systemPackages = with pkgs; [ -# cura freecad super-slicer openscad diff --git a/desktop/daw.nix b/desktop/daw.nix index 041ae8d..a6bf3f9 100644 --- a/desktop/daw.nix +++ b/desktop/daw.nix @@ -29,6 +29,4 @@ vital # free version if you want ]; - # Optional: low-latency kernel (for extreme cases) - # boot.kernelPackages = pkgs.linuxPackages_lowlatency; } diff --git a/desktop/gaming.nix b/desktop/gaming.nix index c9e03ae..b24bea3 100644 --- a/desktop/gaming.nix +++ b/desktop/gaming.nix @@ -4,8 +4,6 @@ environment.systemPackages = with pkgs; [ discord # Gaming communication -# parsec-bin -# bottles ]; # Steam diff --git a/desktop/gnome.nix b/desktop/gnome.nix deleted file mode 100644 index 6f10ad0..0000000 --- a/desktop/gnome.nix +++ /dev/null @@ -1,114 +0,0 @@ - { config, pkgs, home-manager, ... }: - - { - services.xserver.enable = true; - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.displayManager.gdm.wayland = false; - services.xserver = { - layout = "us"; - xkbVariant = ""; - }; - # Exclude gnome garbage - environment.gnome.excludePackages = (with pkgs; [ - gnome-photos - gnome-tour - ]) ++ (with pkgs.gnome; [ - gnome-weather - cheese # webcam tool - gnome-music - gedit # text editor - epiphany # web browser - geary # email reader - evince # document viewer - gnome-characters - totem # video player - tali # poker game - iagno # go game - hitori # sudoku game - atomix # puzzle game - ] - ); -home-manager.users.jsutter = { - gtk = { - enable = true; - iconTheme = { - name = "Papirus-Dark"; - package = pkgs.papirus-icon-theme; - }; - theme = { - name = "palenight"; - package = pkgs.palenight-theme; - }; - cursorTheme = { - name = "Numix-Cursor"; - package = pkgs.numix-cursor-theme; - }; - gtk3.extraConfig = { - Settings = '' - gtk-application-prefer-dark-theme=1 - ''; - }; - gtk4.extraConfig = { - Settings = '' - gtk-application-prefer-dark-theme=1 - ''; - }; - }; - dconf.settings = { - "org/gnome/mutter" = { - experimental-features = [ "scale-monitor-framebuffer" ]; - }; - "org/gnome/shell" = { - favorite-apps = [ - "org.gnome.Console.desktop" - "firefox.desktop" - "slack.desktop" - "codium.desktop" - "com.nextcloud.desktopclient.nextcloud.desktop" - "Zoom.desktop" - "steam.desktop" - "vmware-view.desktop" - ]; - }; - "org/gnome/desktop/interface" = { - color-scheme = "prefer-dark"; - enable-hot-corners = false; - }; - "org/gnome/desktop/wm/preferences" = { - workspace-names = [ "Main" ]; - }; - "org/gnome/desktop/background" = { - picture-uri = "https://git.sym.bio/jsutter/backgrounds/-/raw/main/2.jpg"; - picture-uri-dark = "https://git.sym.bio/jsutter/backgrounds/-/raw/main/3.jpg"; - }; - "org/gnome/desktop/screensaver" = { - picture-uri = "https://git.sym.bio/jsutter/backgrounds/-/raw/main/4.jpg"; - primary-color = "#3465a4"; - secondary-color = "#000000"; - }; - "org/gnome/shell" = { - disable-user-extensions = false; - enabled-extensions = [ # "gnome-extensions list" to get a list. - "user-theme@gnome-shell-extensions.gcampax.github.com" - "trayIconsReloaded@selfmade.pl" - "dash-to-panel@jderose9.github.com" - ]; - }; - }; - home.packages = with pkgs; [ - gnomeExtensions.user-themes - gnomeExtensions.tray-icons-reloaded - gnomeExtensions.dash-to-panel - gnomeExtensions.cpufreq - ]; - home.sessionVariables.GTK_THEME = "palenight"; - }; - # GNUPG Stuff - services.pcscd.enable = true; - programs.gnupg.agent = { - enable = true; - pinentryFlavor = "gnome3"; - enableSSHSupport = true; - }; -} \ No newline at end of file diff --git a/desktop/media.nix b/desktop/media.nix index 0633e39..a6993a9 100644 --- a/desktop/media.nix +++ b/desktop/media.nix @@ -4,7 +4,6 @@ environment.systemPackages = with pkgs; [ vlc # Media player deluge # BitTorrent client -# stremio ]; diff --git a/desktop/office.nix b/desktop/office.nix index 9b1be2c..fbbde59 100644 --- a/desktop/office.nix +++ b/desktop/office.nix @@ -8,8 +8,6 @@ pkgs-unstable.signal-desktop # Private messaging freerdp # xfreerdp CLI client remmina # GTK GUI RDP client -# gimp # Temporarily commented out to avoid build errors -# calibre ]; #for zoom diff --git a/desktop/virtualization.nix b/desktop/virtualization.nix index 0ae6ba3..1c846a4 100644 --- a/desktop/virtualization.nix +++ b/desktop/virtualization.nix @@ -63,5 +63,4 @@ systemd.services.network-debug = { virtualisation.libvirtd.allowedBridges = [ "br0" ]; - } diff --git a/docs/agents.md b/docs/agents.md index bb892ca..44a6476 100644 --- a/docs/agents.md +++ b/docs/agents.md @@ -56,8 +56,7 @@ nixos/ │ ├── jsutter.nix # Primary user configuration │ ├── isutter.nix # Secondary user configuration │ └── aksutter.nix # Secondary user configuration -├── flake.nix # Top-level flake definition -└── .clinerules # Project-specific rules for AI agents +└── flake.nix # Top-level flake definition ``` ## Core Principles @@ -114,7 +113,7 @@ Always include the appropriate parameters based on what the module needs: device = "/dev/disk/by-partlabel/ESP"; fsType = "vfat"; }; - + # System-specific settings # Group related configurations together } @@ -138,7 +137,7 @@ Always include the appropriate parameters based on what the module needs: home.username = "username"; home.homeDirectory = "/home/username"; home.stateVersion = "25.05"; - + # User configurations }; } @@ -691,7 +690,12 @@ This section tracks changes to the repository structure and when this document w | Date | Change | Updated Sections | |------|--------|------------------| -| 2026-02 - Created | Created `agents.md` with comprehensive guide and deprecated `.clinerules` | All sections | +| 2026-02 - Created | Created `agents.md` with comprehensive guide | All sections | +| 2026-02 - Removed | Removed .clinerules file, consolidated into agents.md | Maintenance section | +| 2026-02 - Cleanup | Removed unused gnome.nix module, common-headless.nix; removed allowBroken setting | System structure | +| 2026-02 - Cleanup | Removed commented packages across multiple files; fixed trailing whitespace | Code quality | +| 2026-02 - Cleanup | Removed .clinerules file; deleted gnome.nix (unused); common-headless.nix (duplicated) | File structure | +| 2026-02 - Improvement | Added result, *.swp, *~ to .gitignore | Maintenance | ### When to Update This Document @@ -740,8 +744,7 @@ When unsure about something: 1. Check this documentation first 2. Review existing similar configurations 3. Search NixOS manual and wiki -4. Consult the `.clinerules` file for additional guidelines -5. Test changes with dry-run before applying +4. Test changes with dry-run before applying --- diff --git a/systems/common-headless.nix b/systems/common-headless.nix deleted file mode 100644 index 97eb08b..0000000 --- a/systems/common-headless.nix +++ /dev/null @@ -1,153 +0,0 @@ -{ config, pkgs, ... }: - -{ - fileSystems."/" = - { device = "/dev/disk/by-partlabel/primary"; - fsType = "btrfs"; - }; - fileSystems."/boot" = - { device = "/dev/disk/by-partlabel/ESP"; - fsType = "vfat"; - }; - - # hardware - hardware.enableRedistributableFirmware = true; - services.fwupd.enable = true; - - # Network - networking = { - extraHosts = ""; - networkmanager = { - enable = true; - plugins = with pkgs; [ - networkmanager-openvpn - networkmanager-openconnect - ]; - }; - useDHCP = false; # Depreciated - }; - - # Bootloader - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Kernel - boot.kernelPackages = pkgs.linuxPackages_latest; - - # Nix - nix = { - # Automate garbage collection - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 7d"; - }; - package = pkgs.nixVersions.stable; - settings = { - auto-optimise-store = true; - trusted-users = [ "root" "jsutter" ]; - experimental-features = [ "nix-command" "flakes" ]; - }; - }; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # Set your time zone. - time.timeZone = "America/Los_Angeles"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - # Enable CUPS to print documents (disabled for headless) - # services.printing.enable = true; - - # Enable sound (disabled for headless) - # sound.enable = true; - # hardware.pulseaudio.enable = false; - # security.rtkit.enable = true; - # services.pipewire = { - # enable = true; - # alsa.enable = true; - # alsa.support32Bit = true; - # pulse.enable = true; - # }; - - # Define a user account. Don't forget to set a password with 'passwd'. - users.defaultUserShell = pkgs.zsh; - programs.zsh.enable = true; - - # System state version - system.stateVersion = "24.05"; - - # List packages installed in system profile - environment.systemPackages = with pkgs; [ - # Essential CLI tools for server management - vim - git - curl - wget - htop - iotop - nethogs - ncdu - tree - unzip - zip - jq - yq - tmux - screen - lsof - netcat - nmap - tcpdump - iftop - dnsutils - whois - rsync - pciutils - sysstat - powertop - gnupg - p7zip - openssl - gnumake - kopia - dig - python3 - pv - stress - s-tui - clinfo - fwupd - ]; - - # No GUI services for headless - # services.flatpak.enable = false; # Explicitly disabled - - # No fonts needed for headless - # fonts.packages = []; # No GUI fonts needed - - # Disable X server completely for headless - services.xserver.enable = false; - - # Disable documentation to save space - documentation.nixos.enable = false; - - # Network optimizations - systemd.network.wait-online.enable = false; - boot.initrd.systemd.network.wait-online.enable = false; -} diff --git a/systems/common.nix b/systems/common.nix index 045201c..73050e8 100644 --- a/systems/common.nix +++ b/systems/common.nix @@ -16,7 +16,7 @@ networkmanager-openconnect ]; }; - useDHCP = false; # Depreciated + useDHCP = false; # Deprecated }; # Bootloader @@ -47,7 +47,6 @@ nixpkgs.config.allowUnfree = true; nixpkgs.config.nvidia.acceptLicense = true; nixpkgs.config.nvidia.libsOnly = true; - nixpkgs.config.allowBroken = true; # Location & internationalisation time.timeZone = "America/Los_Angeles"; @@ -73,12 +72,10 @@ pulse.enable = true; }; services.openssh.enable = true; - # Temporarily disabled to avoid build cycle errors - # programs.java.enable = true; security.polkit.enable = true; programs.zsh.enable = true; security.sudo.wheelNeedsPassword = false; - + # System packages environment.systemPackages = with pkgs; [ fzf @@ -137,7 +134,7 @@ ]; services.xserver.excludePackages = [ pkgs.xterm ]; - documentation.nixos.enable = false; + documentation.nixos.enable = false; systemd.network.wait-online.enable = false; boot.initrd.systemd.network.wait-online.enable = false; diff --git a/systems/labrizor.nix b/systems/labrizor.nix index c709276..99b50b0 100644 --- a/systems/labrizor.nix +++ b/systems/labrizor.nix @@ -3,7 +3,7 @@ { networking.hostName = "labrizor"; - + fileSystems."/" = { device = "/dev/disk/by-partlabel/primary"; fsType = "btrfs"; @@ -23,14 +23,5 @@ services.xserver.videoDrivers = [ ]; -# hardware.graphics.extraPackages = with pkgs; [ -# rocm-opencl-icd -# rocm-opencl-runtime -# ]; -# networking.bridges = { -# "br0" = { -# interfaces = [ "eth0" ]; -# }; -# }; }