jsutter/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: Clean up repository code and structure

Browse source 
- Removed commented packages: cura, parsec-bin, bottles, stremio, gimp, calibre
- Removed commented code: Java enable, low-latency kernel, ROCm packages, bridges
- Removed trailing whitespace across multiple files
- Fixed typo: Depreciated -> Deprecated in networking
- Removed unused desktop/gnome.nix module (not referenced)
- Removed systems/common-headless.nix (duplicates common.nix)
- Removed nixpkgs.config.allowBroken setting
- Added result, *.swp, *~ to .gitignore
- Removed .clinerules file (deprecated, info in docs/agents.md)
- Updated docs/agents.md changelog with cleanup details
This commit is contained in:
Julian Sutter 2026-02-03 22:33:03 -08:00
parent 7143d71bf5
commit 587b74d5d6
13 changed files with 17 additions and 622 deletions
Download patch file Download diff file Expand all files Collapse all files

323
.clinerules
View file

@ -1,323 +0,0 @@
# DEPRECATED - Use docs/agents.md instead
This file is deprecated. All project-specific rules, guidelines, and documentation for AI agents have been moved to:
**`docs/agents.md`**
The new file is more comprehensive and actively maintained. Please use it instead of this file for all AI agent operations.
---
# NixOS Configuration Repository - AI Agent Guidelines
This file contains project-specific rules and guidelines for AI agents working with this NixOS configuration repository. Follow these rules to ensure consistent, secure, and maintainable configurations.
**Note:** The content below is deprecated. See `docs/agents.md` for the latest information.
## Core Principles
### 1. Declarative Configuration
- All system state must be defined in Nix expressions
- Never use imperative commands for permanent changes
- Every configuration change should be reproducible
### 2. Modular Architecture
- Maintain separation between hardware, software, and user configurations
- Use existing modules before creating new ones
- Follow the established directory structure strictly
### 3. Security First
- Never expose sensitive data (passwords, private keys, API tokens)
- Use proper user privilege separation
- Validate all external inputs and configurations
## File Structure Rules
### Module Placement
```
desktop/ # Desktop environment configurations
├── dev.nix # Development tools and languages
├── gaming.nix # Games and gaming platforms
├── media.nix # Audio/video software
└── *.nix # Other desktop applications
systems/ # Hardware-specific configurations
├── common.nix # Shared system settings
├── framework.nix # Framework laptop
└── hostname.nix # Other hardware configs
users/ # User configurations with Home Manager
├── jsutter.nix # Primary user
└── username.nix # Additional users
servers/ # Server-specific configurations
├── common.nix # Base server settings
└── service.nix # Specific services
```
### File Naming Conventions
- Use lowercase with hyphens: `vpn-config.nix`, `development-tools.nix`
- System configurations must match hostname: `framework.nix`, `aurora.nix`
- User configurations must match username: `jsutter.nix`, `isutter.nix`
## Nix/NixOS Specific Guidelines
### Function Parameters
Always include these parameters in configuration modules:
```nix
{ config, pkgs, pkgs-unstable, lib, ... }: # For modules using unstable packages
{ config, pkgs, lib, ... }: # For stable-only modules
```
### Package Management Rules
#### Stable vs Unstable Packages
```nix
# PREFERRED: Use stable packages by default
environment.systemPackages = with pkgs; [
firefox
git
vim
];
# ACCEPTABLE: Use unstable when necessary
# Add comments explaining why unstable is needed
environment.systemPackages = with pkgs; [
firefox
pkgs-unstable.windsurf # Latest features not in stable
];
```
#### Package Selection Criteria
1. **Use stable unless**: Package doesn't exist OR needs newer version
2. **Document reasons**: Always comment why unstable is used
3. **Test thoroughly**: Unstable packages may have issues
4. **Review regularly**: Check if unstable packages can move to stable
### Module Organization Patterns
#### System Configuration Pattern
```nix
{ config, lib, pkgs, ... }:
{
# Always include hostname first
networking.hostName = "system-name";
# Hardware configuration
fileSystems."/" = { ... };
fileSystems."/boot" = { ... };
# System-specific settings
# Group related configurations together
}
```
#### User Configuration Pattern
```nix
{ config, pkgs, pkgs-unstable, home-manager, ... }:
{
# System user definition
users.users.username = {
shell = pkgs.zsh;
isNormalUser = true;
description = "User Description";
extraGroups = [ "networkmanager" "wheel" ]; # Only essential groups
};
# Home Manager configuration
home-manager.users.username = {
home.username = "username";
home.homeDirectory = "/home/username";
home.stateVersion = "25.05";
# User configurations
};
}
```
## Security Rules
### Sensitive Data Handling
- **NEVER** commit plaintext passwords
- **NEVER** commit private SSH keys
- **NEVER** commit API tokens or secrets
- **ALWAYS** use hashed passwords: `hashedPassword = "$6$..."`
- **CONSIDER** using sops-nix for advanced secret management
### User Privilege Management
```nix
# GOOD: Minimal necessary groups
extraGroups = [ "networkmanager" "wheel" "audio" ];
# BAD: Over-privileged users
extraGroups = [ "networkmanager" "wheel" "audio" "video" "input" "disk" "lp" "scanner" ];
```
### SSH Key Management
```nix
# GOOD: Use authorizedKeys for SSH access
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBNVUh+RrcOSMRV6qysnsdPs5AyK8dSm4QhhnwgpikyI user@domain"
];
# FORBIDDEN: Never include private keys
```
## Configuration Best Practices
### Code Style
- Use 2-space indentation
- Align attribute lists consistently
- Add comments for non-obvious configurations
- Group related configurations together
### Module Dependencies
- Avoid circular dependencies between modules
- Use proper imports for shared utilities
- Document module dependencies in comments
### Resource Management
```nix
# GOOD: Enable services only when needed
services.openssh.enable = true;
services.printing.enable = false;
# GOOD: Configure sensible defaults
boot.kernelPackages = pkgs.linuxPackages_latest;
# GOOD: Enable garbage collection
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
```
## Testing and Validation
### Pre-commit Testing
ALWAYS run these commands before submitting changes:
```bash
# 1. Syntax check
nix flake check
# 2. Dry run for affected systems
sudo nixos-rebuild dry-run --flake .#framework
sudo nixos-rebuild dry-run --flake .#aurora
sudo nixos-rebuild dry-run --flake .#labrizor
# 3. Check flake outputs
nix flake show
```
### Build Verification
- Test on at least one system before merging
- Verify all services start correctly
- Check for package conflicts
- Validate hardware-specific configurations
### Rollback Planning
- Always know how to rollback changes
- Keep previous generation available
- Document critical system dependencies
## Common Workflows
### Adding New Packages
1. **Determine appropriate module** (desktop/, systems/, users/)
2. **Check if package exists** in stable channel
3. **Use unstable only if necessary** with documentation
4. **Test with dry-run** before applying
5. **Update relevant documentation**
### Creating New Modules
1. **Follow existing patterns** in similar modules
2. **Include proper function parameters**
3. **Add descriptive comments**
4. **Test module independently**
5. **Update flake.nix** if needed
### System Modifications
1. **Identify correct system file** in `systems/`
2. **Backup current configuration**
3. **Make minimal, focused changes**
4. **Test thoroughly on target system**
5. **Document hardware-specific requirements**
## Forbidden Patterns
### NEVER DO THESE:
- **Hardcode paths**: Use Nix store paths or derivations
- **Ignore errors**: All configuration errors must be resolved
- **Skip testing**: Always validate changes before applying
- **Mix concerns**: Don't put desktop configs in system files
- **Use mutable state**: Avoid commands that modify /etc directly
### INSTEAD DO THESE:
- **Use proper Nix expressions** for all configurations
- **Handle errors explicitly** with appropriate error messages
- **Test before deploying** with dry-run and build tests
- **Maintain separation** between hardware, software, users
- **Use declarative approach** for all system changes
## Documentation Requirements
### Code Comments
- Explain non-obvious configurations
- Document reasons for unstable package usage
- Note hardware-specific requirements
- Reference external dependencies
### Commit Messages
- Use clear, descriptive commit messages
- Reference affected systems/modules
- Explain reasoning for significant changes
- Include testing steps when applicable
- **Update docs/agents.md changelog** when making structural or procedural changes
## Emergency Procedures
### System Recovery
If a system fails to boot after changes:
1. Boot from installation media
2. Mount root filesystem: `mount /dev/disk/by-partlabel/primary /mnt`
3. Roll back: `sudo nixos-rebuild switch --rollback`
4. Identify and fix configuration issues
5. Test before rebooting
### Configuration Rollback
```bash
# List available generations
sudo nix-env --list-generations --profile /nix/var/nix/profiles/system
# Rollback to previous working generation
sudo nixos-rebuild switch --profile-name generation-123
# Or use rollback shortcut
sudo nixos-rebuild switch --rollback
```
## Agent-Specific Rules
### Before Making Changes
1. **Read existing documentation** in docs/
2. **Understand current configuration** patterns
3. **Identify impact scope** of proposed changes
4. **Plan testing strategy** for affected systems
### During Development
1. **Follow established patterns** exactly
2. **Add appropriate comments** explaining changes
3. **Test incrementally** with dry-run checks
4. **Document new patterns** if introducing changes
### After Changes
1. **Run complete test suite**
2. **Update `docs/agents.md`** if repository structure or procedures changed
3. **Update relevant documentation**
4. **Verify all systems** build successfully
5. **Commit with clear message** describing changes
---
These rules ensure consistent, secure, and maintainable NixOS configurations. Follow them strictly, and ask for clarification when unsure about any requirement.

3
.gitignore vendored
View file

@ -1 +1,4 @@
hardware-configuration.nix hardware-configuration.nix
result
*.swp
*~

1
desktop/3dprinting.nix
View file

@ -3,7 +3,6 @@
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# cura
freecad freecad
super-slicer super-slicer
openscad openscad

2
desktop/daw.nix
View file

@ -29,6 +29,4 @@
vital # free version if you want vital # free version if you want
]; ];
# Optional: low-latency kernel (for extreme cases)
# boot.kernelPackages = pkgs.linuxPackages_lowlatency;
} }

2
desktop/gaming.nix
View file

@ -4,8 +4,6 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
discord # Gaming communication discord # Gaming communication
# parsec-bin
# bottles
]; ];
# Steam # Steam

114
desktop/gnome.nix
View file

@ -1,114 +0,0 @@
{ config, pkgs, home-manager, ... }:
{
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
services.xserver.displayManager.gdm.wayland = false;
services.xserver = {
layout = "us";
xkbVariant = "";
};
# Exclude gnome garbage
environment.gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
]) ++ (with pkgs.gnome; [
gnome-weather
cheese # webcam tool
gnome-music
gedit # text editor
epiphany # web browser
geary # email reader
evince # document viewer
gnome-characters
totem # video player
tali # poker game
iagno # go game
hitori # sudoku game
atomix # puzzle game
]
);
home-manager.users.jsutter = {
gtk = {
enable = true;
iconTheme = {
name = "Papirus-Dark";
package = pkgs.papirus-icon-theme;
};
theme = {
name = "palenight";
package = pkgs.palenight-theme;
};
cursorTheme = {
name = "Numix-Cursor";
package = pkgs.numix-cursor-theme;
};
gtk3.extraConfig = {
Settings = ''
gtk-application-prefer-dark-theme=1
'';
};
gtk4.extraConfig = {
Settings = ''
gtk-application-prefer-dark-theme=1
'';
};
};
dconf.settings = {
"org/gnome/mutter" = {
experimental-features = [ "scale-monitor-framebuffer" ];
};
"org/gnome/shell" = {
favorite-apps = [
"org.gnome.Console.desktop"
"firefox.desktop"
"slack.desktop"
"codium.desktop"
"com.nextcloud.desktopclient.nextcloud.desktop"
"Zoom.desktop"
"steam.desktop"
"vmware-view.desktop"
];
};
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
enable-hot-corners = false;
};
"org/gnome/desktop/wm/preferences" = {
workspace-names = [ "Main" ];
};
"org/gnome/desktop/background" = {
picture-uri = "https://git.sym.bio/jsutter/backgrounds/-/raw/main/2.jpg";
picture-uri-dark = "https://git.sym.bio/jsutter/backgrounds/-/raw/main/3.jpg";
};
"org/gnome/desktop/screensaver" = {
picture-uri = "https://git.sym.bio/jsutter/backgrounds/-/raw/main/4.jpg";
primary-color = "#3465a4";
secondary-color = "#000000";
};
"org/gnome/shell" = {
disable-user-extensions = false;
enabled-extensions = [ # "gnome-extensions list" to get a list.
"user-theme@gnome-shell-extensions.gcampax.github.com"
"trayIconsReloaded@selfmade.pl"
"dash-to-panel@jderose9.github.com"
];
};
};
home.packages = with pkgs; [
gnomeExtensions.user-themes
gnomeExtensions.tray-icons-reloaded
gnomeExtensions.dash-to-panel
gnomeExtensions.cpufreq
];
home.sessionVariables.GTK_THEME = "palenight";
};
# GNUPG Stuff
services.pcscd.enable = true;
programs.gnupg.agent = {
enable = true;
pinentryFlavor = "gnome3";
enableSSHSupport = true;
};
}

1
desktop/media.nix
View file

@ -4,7 +4,6 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vlc # Media player vlc # Media player
deluge # BitTorrent client deluge # BitTorrent client
# stremio
]; ];

2
desktop/office.nix
View file

@ -8,8 +8,6 @@
pkgs-unstable.signal-desktop # Private messaging pkgs-unstable.signal-desktop # Private messaging
freerdp # xfreerdp CLI client freerdp # xfreerdp CLI client
remmina # GTK GUI RDP client remmina # GTK GUI RDP client
# gimp # Temporarily commented out to avoid build errors
# calibre
]; ];
#for zoom #for zoom

1
desktop/virtualization.nix
View file

@ -63,5 +63,4 @@ systemd.services.network-debug = {
virtualisation.libvirtd.allowedBridges = virtualisation.libvirtd.allowedBridges =
[ "br0" ]; [ "br0" ];
} }

17
docs/agents.md
View file

@ -56,8 +56,7 @@ nixos/
│ ├── jsutter.nix # Primary user configuration │ ├── jsutter.nix # Primary user configuration
│ ├── isutter.nix # Secondary user configuration │ ├── isutter.nix # Secondary user configuration
│ └── aksutter.nix # Secondary user configuration │ └── aksutter.nix # Secondary user configuration
├── flake.nix # Top-level flake definition └── flake.nix # Top-level flake definition
└── .clinerules # Project-specific rules for AI agents
``` ```
## Core Principles ## Core Principles
@ -114,7 +113,7 @@ Always include the appropriate parameters based on what the module needs:
device = "/dev/disk/by-partlabel/ESP"; device = "/dev/disk/by-partlabel/ESP";
fsType = "vfat"; fsType = "vfat";
}; };
# System-specific settings # System-specific settings
# Group related configurations together # Group related configurations together
} }
@ -138,7 +137,7 @@ Always include the appropriate parameters based on what the module needs:
home.username = "username"; home.username = "username";
home.homeDirectory = "/home/username"; home.homeDirectory = "/home/username";
home.stateVersion = "25.05"; home.stateVersion = "25.05";
# User configurations # User configurations
}; };
} }
@ -691,7 +690,12 @@ This section tracks changes to the repository structure and when this document w
| Date | Change | Updated Sections | | Date | Change | Updated Sections |
|------|--------|------------------| |------|--------|------------------|
| 2026-02 - Created | Created `agents.md` with comprehensive guide and deprecated `.clinerules` | All sections | | 2026-02 - Created | Created `agents.md` with comprehensive guide | All sections |
| 2026-02 - Removed | Removed .clinerules file, consolidated into agents.md | Maintenance section |
| 2026-02 - Cleanup | Removed unused gnome.nix module, common-headless.nix; removed allowBroken setting | System structure |
| 2026-02 - Cleanup | Removed commented packages across multiple files; fixed trailing whitespace | Code quality |
| 2026-02 - Cleanup | Removed .clinerules file; deleted gnome.nix (unused); common-headless.nix (duplicated) | File structure |
| 2026-02 - Improvement | Added result, *.swp, *~ to .gitignore | Maintenance |
### When to Update This Document ### When to Update This Document
@ -740,8 +744,7 @@ When unsure about something:
1. Check this documentation first 1. Check this documentation first
2. Review existing similar configurations 2. Review existing similar configurations
3. Search NixOS manual and wiki 3. Search NixOS manual and wiki
4. Consult the `.clinerules` file for additional guidelines 4. Test changes with dry-run before applying
5. Test changes with dry-run before applying
--- ---

153
systems/common-headless.nix
View file

@ -1,153 +0,0 @@
{ config, pkgs, ... }:
{
fileSystems."/" =
{ device = "/dev/disk/by-partlabel/primary";
fsType = "btrfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-partlabel/ESP";
fsType = "vfat";
};
# hardware
hardware.enableRedistributableFirmware = true;
services.fwupd.enable = true;
# Network
networking = {
extraHosts = "";
networkmanager = {
enable = true;
plugins = with pkgs; [
networkmanager-openvpn
networkmanager-openconnect
];
};
useDHCP = false; # Depreciated
};
# Bootloader
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Kernel
boot.kernelPackages = pkgs.linuxPackages_latest;
# Nix
nix = {
# Automate garbage collection
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
package = pkgs.nixVersions.stable;
settings = {
auto-optimise-store = true;
trusted-users = [ "root" "jsutter" ];
experimental-features = [ "nix-command" "flakes" ];
};
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Set your time zone.
time.timeZone = "America/Los_Angeles";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Enable CUPS to print documents (disabled for headless)
# services.printing.enable = true;
# Enable sound (disabled for headless)
# sound.enable = true;
# hardware.pulseaudio.enable = false;
# security.rtkit.enable = true;
# services.pipewire = {
# enable = true;
# alsa.enable = true;
# alsa.support32Bit = true;
# pulse.enable = true;
# };
# Define a user account. Don't forget to set a password with 'passwd'.
users.defaultUserShell = pkgs.zsh;
programs.zsh.enable = true;
# System state version
system.stateVersion = "24.05";
# List packages installed in system profile
environment.systemPackages = with pkgs; [
# Essential CLI tools for server management
vim
git
curl
wget
htop
iotop
nethogs
ncdu
tree
unzip
zip
jq
yq
tmux
screen
lsof
netcat
nmap
tcpdump
iftop
dnsutils
whois
rsync
pciutils
sysstat
powertop
gnupg
p7zip
openssl
gnumake
kopia
dig
python3
pv
stress
s-tui
clinfo
fwupd
];
# No GUI services for headless
# services.flatpak.enable = false; # Explicitly disabled
# No fonts needed for headless
# fonts.packages = []; # No GUI fonts needed
# Disable X server completely for headless
services.xserver.enable = false;
# Disable documentation to save space
documentation.nixos.enable = false;
# Network optimizations
systemd.network.wait-online.enable = false;
boot.initrd.systemd.network.wait-online.enable = false;
}

9
systems/common.nix
View file

@ -16,7 +16,7 @@
networkmanager-openconnect networkmanager-openconnect
]; ];
}; };
useDHCP = false; # Depreciated useDHCP = false; # Deprecated
}; };
# Bootloader # Bootloader
@ -47,7 +47,6 @@
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nixpkgs.config.nvidia.acceptLicense = true; nixpkgs.config.nvidia.acceptLicense = true;
nixpkgs.config.nvidia.libsOnly = true; nixpkgs.config.nvidia.libsOnly = true;
nixpkgs.config.allowBroken = true;
# Location & internationalisation # Location & internationalisation
time.timeZone = "America/Los_Angeles"; time.timeZone = "America/Los_Angeles";
@ -73,12 +72,10 @@
pulse.enable = true; pulse.enable = true;
}; };
services.openssh.enable = true; services.openssh.enable = true;
# Temporarily disabled to avoid build cycle errors
# programs.java.enable = true;
security.polkit.enable = true; security.polkit.enable = true;
programs.zsh.enable = true; programs.zsh.enable = true;
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
# System packages # System packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
fzf fzf
@ -137,7 +134,7 @@
]; ];
services.xserver.excludePackages = [ pkgs.xterm ]; services.xserver.excludePackages = [ pkgs.xterm ];
documentation.nixos.enable = false; documentation.nixos.enable = false;
systemd.network.wait-online.enable = false; systemd.network.wait-online.enable = false;
boot.initrd.systemd.network.wait-online.enable = false; boot.initrd.systemd.network.wait-online.enable = false;

11
systems/labrizor.nix
View file

@ -3,7 +3,7 @@
{ {
networking.hostName = "labrizor"; networking.hostName = "labrizor";
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-partlabel/primary"; { device = "/dev/disk/by-partlabel/primary";
fsType = "btrfs"; fsType = "btrfs";
@ -23,14 +23,5 @@
services.xserver.videoDrivers = [ ]; services.xserver.videoDrivers = [ ];
# hardware.graphics.extraPackages = with pkgs; [
# rocm-opencl-icd
# rocm-opencl-runtime
# ];
# networking.bridges = {
# "br0" = {
# interfaces = [ "eth0" ];
# };
# };
} }