system/desktop
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: system:2649174093a72c4e1632aa26f1888c51cfe6c5b1
Branches Tags
system:master
..
compare: system:73ff9ee8ee83f82ea10329bf4882c1b0b9691e01
Branches Tags
system:master

No commits in common. "2649174093a72c4e1632aa26f1888c51cfe6c5b1" and "73ff9ee8ee83f82ea10329bf4882c1b0b9691e01" have entirely different histories.
2649174093 ... 73ff9ee8ee

16 changed files with 1128 additions and 527 deletions
Download patch file Download diff file Expand all files Collapse all files

40
configuration.nix
View file

@ -51,20 +51,7 @@
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
jack.enable = true; # jack.enable = true;
wireplumber.extraConfig = {
"monitor.bluez.properties" = {
"bluez5.enable-sbc-xq" = true;
"bluez5.enable-msbc" = true;
"bluez5.enable-hw-volume" = true;
"bluez5.roles" = [
"hsp_hs"
"hsp_ag"
"hfp_hf"
"hfp_ag"
];
};
};
}; };
logind.settings.Login = { logind.settings.Login = {
HandlePowerKey = "ignore"; HandlePowerKey = "ignore";
@ -89,22 +76,9 @@
# }; # };
# }; # };
tailscale.enable = true; tailscale.enable = true;
openssh = {
enable = true;
ports = [ 22 ];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
AllowUsers = [
"user"
];
};
};
}; };
hardware = { hardware = {
enableAllFirmware = true;
graphics = { graphics = {
enable = true; enable = true;
enable32Bit = true; enable32Bit = true;
@ -114,8 +88,7 @@
powerOnBoot = true; powerOnBoot = true;
settings = { settings = {
General = { General = {
Experimental = true; Enable = "Source,Sink,Media,Socket";
# Enable = "Source,Sink,Media,Socket";
}; };
}; };
}; };
@ -166,12 +139,5 @@
}; };
}; };
}; };
services.openssh.enable = true;
systemd.tmpfiles.rules = [
"d /home/public 2775 root public - -"
"d /home/public/pictures 2775 root public - -"
"a+ /home/public - - - - d:g:public:rwX,d:m::rwX"
"a+ /home/public/pictures - - - - d:g:public:rwX,d:m::rwX"
];
} }

235
flake.lock generated
View file

@ -1,5 +1,26 @@
{ {
"nodes": { "nodes": {
"dgop": {
"inputs": {
"nixpkgs": [
"dms",
"nixpkgs"
]
},
"locked": {
"lastModified": 1765838956,
"narHash": "sha256-A3a2ZfvjirX8VIdIPI+nAyukWs6vx4vet3fU0mpr7lU=",
"owner": "AvengeMedia",
"repo": "dgop",
"rev": "0ff697a4e3418966caa714c838fc73f1ef6ba59b",
"type": "github"
},
"original": {
"owner": "AvengeMedia",
"repo": "dgop",
"type": "github"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -23,41 +44,47 @@
}, },
"dms": { "dms": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "dgop": "dgop",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"quickshell": "quickshell" "quickshell": "quickshell"
}, },
"locked": { "locked": {
"lastModified": 1777675128, "lastModified": 1766776522,
"narHash": "sha256-2zuDs9Lju99dg8MsSPf1frKPPgCRakDn+CEGX71cHJ0=", "narHash": "sha256-wS2fSepxdtOr4RErdEY91hkxOjsrs2nA2nm72eZMEEU=",
"owner": "AvengeMedia", "owner": "AvengeMedia",
"repo": "DankMaterialShell", "repo": "DankMaterialShell",
"rev": "c1cbd0994f5a3585dded85069f2c9103c54f5285", "rev": "987856a1de35c62dc0930b007b561545d6a832a8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "AvengeMedia", "owner": "AvengeMedia",
"repo": "DankMaterialShell", "repo": "DankMaterialShell",
"type": "github" "rev": "987856a1de35c62dc0930b007b561545d6a832a8",
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github" "type": "github"
} }
}, },
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"neovim-nightly-overlay",
"nixpkgs"
]
},
"locked": {
"lastModified": 1769996383,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nur", "nur",
@ -103,16 +130,17 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1777679572, "lastModified": 1770260404,
"narHash": "sha256-egYNbRrkn+6SwTHinhdb6WUfzzdC3nXfCRqS321VylY=", "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "9cb587ade2aa1b4a7257f0238d41072690b0ca4f", "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
"type": "github" "type": "github"
} }
}, },
@ -156,6 +184,63 @@
"type": "github" "type": "github"
} }
}, },
"microvm": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1770310890,
"narHash": "sha256-lyWAs4XKg3kLYaf4gm5qc5WJrDkYy3/qeV5G733fJww=",
"owner": "microvm-nix",
"repo": "microvm.nix",
"rev": "68c9f9c6ca91841f04f726a298c385411b7bfcd5",
"type": "github"
},
"original": {
"owner": "microvm-nix",
"repo": "microvm.nix",
"type": "github"
}
},
"neovim-nightly-overlay": {
"inputs": {
"flake-parts": "flake-parts",
"neovim-src": "neovim-src",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1771632300,
"narHash": "sha256-uP5SbbbN86+LZ8VubL01UKD6bez5DK9prqIqQOMy3Jw=",
"owner": "nix-community",
"repo": "neovim-nightly-overlay",
"rev": "0f601090d4d54b3da0d03e270cb6a5c68bf84dd3",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "neovim-nightly-overlay",
"type": "github"
}
},
"neovim-src": {
"flake": false,
"locked": {
"lastModified": 1771630915,
"narHash": "sha256-7RPG+RG/e0O79HjNT/ztC7K7j/xXazltq3TPk1mauqY=",
"owner": "neovim",
"repo": "neovim",
"rev": "d79a9dcd422133bc1e4b4ef94444962560d7a6d7",
"type": "github"
},
"original": {
"owner": "neovim",
"repo": "neovim",
"type": "github"
}
},
"niri-branch": { "niri-branch": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -164,11 +249,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1771283045, "lastModified": 1769284707,
"narHash": "sha256-AgD3KAkrQ4cs34kKZE8v/+FyFTc1Vq2sOJaPrWiCRio=", "narHash": "sha256-X60XGpLjNTgYyaC/gChHGpqQqLWGI+0n5BbWaybXKiE=",
"owner": "argosnothing", "owner": "argosnothing",
"repo": "niri", "repo": "niri",
"rev": "eab116015a5a4d8f027c915dbd7b0a90e1e9a5e1", "rev": "6dcaa349acf3b04ed1593022388b4f1cbef8893b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -187,11 +272,11 @@
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1774389340, "lastModified": 1765743947,
"narHash": "sha256-zPxNCLGMQ5gbziogsTl3COikFFco6Em6NDeHOy4fmUg=", "narHash": "sha256-kx8XFbzG59eLNImygoN9jRjgaxR7kvmjg64equccmK0=",
"owner": "argosnothing", "owner": "argosnothing",
"repo": "niri-scratchpad-rs", "repo": "niri-scratchpad-rs",
"rev": "7288342f08036bfc9abd58ab6a4bc692679dfcd3", "rev": "163420c14c9199d311627501eedee2a3b2507db2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -203,11 +288,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1776169885, "lastModified": 1766651565,
"narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=", "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9", "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -234,6 +319,22 @@
} }
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": {
"lastModified": 1771207753,
"narHash": "sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d1c15b7d5806069da59e819999d70e1cec0760bf",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1744536153, "lastModified": 1744536153,
"narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
@ -249,13 +350,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1777731324, "lastModified": 1771342064,
"narHash": "sha256-piLMdJYPP/9+/yiHxVMpqbAAoP8EnsqRO5921ilx0lk=", "narHash": "sha256-Aros+b3kQpzJAyxjDyhLUmnEfzQfyor2tiIoUTSgki0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "38e436af6ec1a3b1c9b666ceea098bf5ef05fc66", "rev": "3f03a5f1bede585f58c878c22cb12988bb0d1ed2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -264,13 +365,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1777578337, "lastModified": 1770562336,
"narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=", "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "15f4ee454b1dce334612fa6843b3e05cf546efab", "rev": "d6c71932130818840fc8fe9509cf50be8c64634f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -282,15 +383,15 @@
}, },
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_6"
}, },
"locked": { "locked": {
"lastModified": 1777729540, "lastModified": 1770758031,
"narHash": "sha256-tF5WMS4SSSmDvEZ7qgOosh8q0BVdz/ynb4Wnruc1rgY=", "narHash": "sha256-YEq6M9OOEOl7l2zr/YjOi2UnuQZZ02HvXebpWGpkEHM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "1091dd1d0f6589dc9a88d808052dda9b85835670", "rev": "6701aa01b90606ab75078c1910bb991b8e7a389b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -307,16 +408,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1776854048, "lastModified": 1766386896,
"narHash": "sha256-lLbV66V3RMNp1l8/UelmR4YzoJ5ONtgvEtiUMJATH/o=", "narHash": "sha256-1uql4y229Rh+/2da99OVNe6DfsjObukXkf60TYRCvhI=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "783c953987dc56ff0601abe6845ed96f1d00495a", "rev": "3918290c1bcd93ed81291844d9f1ed146672dbfc",
"revCount": 806, "revCount": 714,
"type": "git", "type": "git",
"url": "https://git.outfoxxed.me/quickshell/quickshell" "url": "https://git.outfoxxed.me/quickshell/quickshell"
}, },
"original": { "original": {
"rev": "783c953987dc56ff0601abe6845ed96f1d00495a", "rev": "3918290c1bcd93ed81291844d9f1ed146672dbfc",
"type": "git", "type": "git",
"url": "https://git.outfoxxed.me/quickshell/quickshell" "url": "https://git.outfoxxed.me/quickshell/quickshell"
} }
@ -327,9 +428,11 @@
"dms": "dms", "dms": "dms",
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"microvm": "microvm",
"neovim-nightly-overlay": "neovim-nightly-overlay",
"niri-branch": "niri-branch", "niri-branch": "niri-branch",
"niri-scratchpad": "niri-scratchpad", "niri-scratchpad": "niri-scratchpad",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_5",
"nur": "nur", "nur": "nur",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }
@ -357,14 +460,14 @@
}, },
"rust-overlay_2": { "rust-overlay_2": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1772075164, "lastModified": 1763952169,
"narHash": "sha256-93XcvAt+6p7aAq1ERlxD2T17zLGoYGo64KJYasGcpgc=", "narHash": "sha256-+PeDBD8P+NKauH+w7eO/QWCIp8Cx4mCfWnh9sJmy9CM=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "07601339b15fa6810541c0e7dc2f3664d92a7ad0", "rev": "ab726555a9a72e6dc80649809147823a813fa95b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -380,11 +483,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1777338324, "lastModified": 1770683991,
"narHash": "sha256-bc+ZZCmOTNq86/svGnw0tVpH7vJaLYvGLLKFYP08Q8E=", "narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "8eaee5c45428b28b8c47a83e4c09dccec5f279b5", "rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -393,6 +496,22 @@
"type": "github" "type": "github"
} }
}, },
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1759482047,
"narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=",
"ref": "refs/heads/main",
"rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9",
"revCount": 996,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},
"original": {
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,

32
flake.nix
View file

@ -7,18 +7,18 @@
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# microvm = { microvm = {
# url = "github:microvm-nix/microvm.nix/da28962a2ba84718895b7325f600686c3b4ee099"; url = "github:microvm-nix/microvm.nix";
# inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
# }; };
disko = { disko = {
url = "github:nix-community/disko/latest"; url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
# neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay"; neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay";
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager/0d782ee42c86b196acff08acfbf41bb7d13eed5b";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
@ -30,7 +30,7 @@
url = "github:argosnothing/niri-scratchpad-rs/hidden-workspaces"; url = "github:argosnothing/niri-scratchpad-rs/hidden-workspaces";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
dms.url = "github:AvengeMedia/DankMaterialShell"; dms.url = "github:AvengeMedia/DankMaterialShell/987856a1de35c62dc0930b007b561545d6a832a8";
}; };
outputs = outputs =
@ -49,7 +49,7 @@
config.allowUnfree = true; config.allowUnfree = true;
# overlays = [ inputs.neovim-nightly-overlay.overlays.default ]; # overlays = [ inputs.neovim-nightly-overlay.overlays.default ];
}; };
# microvm = inputs.microvm.nixosModules.host; microvm = inputs.microvm.nixosModules.host;
in in
{ {
nixosConfigurations."${hostname}" = nixpkgs.lib.nixosSystem { nixosConfigurations."${hostname}" = nixpkgs.lib.nixosSystem {
@ -59,7 +59,7 @@
nixpkgs nixpkgs
impermanence impermanence
home-manager home-manager
# microvm microvm
sops-nix sops-nix
; ;
hostname = hostname; hostname = hostname;
@ -74,8 +74,8 @@
./kernel ./kernel
./home ./home
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
# inputs.microvm.nixosModules.host inputs.microvm.nixosModules.host
# (import ./vms) (import ./vms)
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
@ -88,13 +88,15 @@
]; ];
nixpkgs.overlays = [ nixpkgs.overlays = [
(_: prev: { (_: prev: {
openldap = prev.openldap.overrideAttrs {
doCheck = !prev.stdenv.hostPlatform.isi686;
};
niri-scratchpad = inputs.niri-scratchpad.packages.${prev.system}.default; niri-scratchpad = inputs.niri-scratchpad.packages.${prev.system}.default;
vimPlugins = prev.vimPlugins.extend ( vimPlugins = prev.vimPlugins.extend (
f: p: { f: p: {
neotest = p.neotest.overrideAttrs {
src = prev.fetchzip {
url = "https://github.com/archie-judd/neotest/archive/c8dd7597bb4182c0547d188e1dd5f684a4f01852.zip";
sha256 = "sha256-E/Heh+mAxvN5RaWqv1UJuHSA90c0evMKFkDD1BrpV7g=";
};
};
neotest-pest = p.neotest-pest.overrideAttrs (_: { neotest-pest = p.neotest-pest.overrideAttrs (_: {
src = prev.fetchFromGitHub { src = prev.fetchFromGitHub {
owner = "jradtilbrook"; owner = "jradtilbrook";

193
home/agents.nix
View file

@ -1,193 +0,0 @@
{ pkgs, lib, ... }:
let
home-manager-config =
{
uid,
username,
}:
let
HOME = "/home/${username}";
in
{
${username} =
{ config, ... }:
{
imports = [
./nvim
./tmux.nix
];
home.username = username;
home.homeDirectory = "${HOME}";
home.stateVersion = "25.11";
home.enableNixpkgsReleaseCheck = false;
home.sessionVariables = {
DISPLAY = ":1";
};
programs = {
chromium.enable = true;
claude-code.enable = true;
opencode.enable = true;
ssh = {
enable = true;
enableDefaultConfig = false;
matchBlocks = {
"*" = {
serverAliveInterval = 60;
serverAliveCountMax = 3;
};
"github.com" = {
identityFile = "${HOME}/.ssh/id_ed25519";
};
};
};
delta = {
enable = true;
options = {
navigate = true;
line-numbers = true;
side-by-side = true;
};
enableGitIntegration = true;
};
git = {
enable = true;
lfs.enable = true;
signing = {
key = "${HOME}/.ssh/id_ed25519.pub";
signByDefault = true;
};
includes = [
{
condition = "gitdir:~/dealwise/";
contents = {
user = {
name = "felipematos";
email = "5471818+fnzr@users.noreply.github.com";
signingkey = "${HOME}/.ssh/id_ed25519.pub";
};
};
}
{
contents = {
user = {
name = "${username}";
email = "${username}@sandbox.dev";
signingkey = "${HOME}/.ssh/id_ed25519.pub";
};
};
}
];
settings = {
user = {
email = "${username}@sandbox.dev";
name = "${username}";
signingkey = "${HOME}/.ssh/id_ed25519.pub";
};
gpg.format = "ssh";
commit.gpgsign = true;
tag.gpgsign = true;
core = {
editor = "nvim";
whitespace = "fix,only-indent-error,trailing-space,space-before-tab";
quotepath = false;
};
diff = {
algorithm = "histogram";
renames = "copies";
tool = "nvim";
};
difftool = {
prompt = false;
nvim.cmd = "nvim -d $LOCAL $REMOTE";
};
merge = {
conflictstyle = "zdiff3";
tool = "nvim";
};
mergetool = {
prompt = false;
keepBackup = false;
nvim.cmd = "nvim -d $LOCAL $REMOTE $MERGED -c 'wincmd w' -c 'wincmd J'";
};
init = {
defaultBranch = "master";
};
push = {
autoSetupRemote = true;
default = "current";
};
pull = {
rebase = true;
};
fetch = {
prune = true;
};
help = {
autocorrect = "prompt";
};
};
};
fish = {
enable = true;
plugins = [
{
name = "puffer";
src = pkgs.fetchFromGitHub {
owner = "nickeb96";
repo = "puffer-fish";
rev = "83174b0";
sha256 = "sha256-Dhx5+XRxJvlhdnFyimNxFyFiASrGU4ZwyefsDwtKnSg=";
};
}
];
interactiveShellInit = ''
set fish_greeting
bind ctrl-space ""
'';
};
starship.enable = true;
};
custom.tmux.enable = true;
custom.neovim = {
enable = true;
colorscheme = "rose-pine-moon";
hostname = "amelia";
};
xdg.configFile."containers/containers.conf".text = ''
[engine]
compose_warning_logs=false
events_logger="file"
[containers]
log_driver="k8s-file"
'';
xdg.configFile."opencode/opencode.json".text = builtins.toJSON {
"$schema" = "https://opencode.ai/config.json";
# provider = {
# ollama = {
# model = "qwen3.6";
# base_url = "http://localhost:11434";
# };
# };
};
xdg.userDirs = {
enable = true;
setSessionVariables = false;
extraConfig = {
XDG_CACHE_HOME = "$HOME/.cache";
};
};
};
};
in
{
home-manager.users = lib.mkMerge [
(home-manager-config {
uid = 1002;
username = "agent";
})
];
}

0
home/files/lf/lfrc Normal file
View file

73
home/nvim/default.nix
View file

@ -29,8 +29,6 @@ in
viAlias = true; viAlias = true;
vimAlias = false; vimAlias = false;
vimdiffAlias = true; vimdiffAlias = true;
withPython3 = false;
withRuby = false;
plugins = with pkgs.vimPlugins; [ plugins = with pkgs.vimPlugins; [
{ {
plugin = auto-session; plugin = auto-session;
@ -88,7 +86,6 @@ in
blade = { "blade-formatter" }, blade = { "blade-formatter" },
go = { "gofmt" }, go = { "gofmt" },
wgsl = { "wgsl_fmt" }, wgsl = { "wgsl_fmt" },
odin = { "odinfmt" },
}, },
}) })
vim.api.nvim_create_autocmd("BufWritePre", { vim.api.nvim_create_autocmd("BufWritePre", {
@ -130,14 +127,7 @@ in
}, },
adapters = { adapters = {
require('neotest-pest'), require('neotest-pest'),
require('neotest-zig'), }
-- require('neotest-odin'),
},
watch = {
filter_path = function(path, root)
return true
end,
},
}) })
vim.keymap.set('n', '<localleader>pn', function() require('neotest').run.run() end, { desc = "test nearest" }) vim.keymap.set('n', '<localleader>pn', function() require('neotest').run.run() end, { desc = "test nearest" })
vim.keymap.set('n', '<localleader>pe', function() require('neotest').run.run(vim.fn.expand('%')) end, { desc = "test file" }) vim.keymap.set('n', '<localleader>pe', function() require('neotest').run.run(vim.fn.expand('%')) end, { desc = "test file" })
@ -148,10 +138,6 @@ in
type = "lua"; type = "lua";
} }
# { # {
# plugin = neotest-zig;
# type = "lua";
# }
# {
# plugin = nvim-autopairs; # plugin = nvim-autopairs;
# type = "lua"; # type = "lua";
# config = '' # config = ''
@ -163,43 +149,19 @@ in
type = "lua"; type = "lua";
config = '' config = ''
local dap = require("dap") local dap = require("dap")
dap.adapters = { dap.adapters.php = {
php = { type = 'executable',
type = "executable", command = '${pkgs.nodejs}/bin/node',
command = "${pkgs.nodejs}/bin/node", args = { '${pkgs.vscode-extensions.xdebug.php-debug}/share/vscode/extensions/xdebug.php-debug/out/phpDebug.js' },
args = { "${pkgs.vscode-extensions.xdebug.php-debug}/share/vscode/extensions/xdebug.php-debug/out/phpDebug.js" },
},
codelldb = {
type = "server",
port = "''${port}",
executable = {
command = '${pkgs.vscode-extensions.vadimcn.vscode-lldb}/share/vscode/extensions/vadimcn.vscode-lldb/adapter/codelldb',
args = { "--port", "''${port}" },
},
},
} }
dap.configurations = { dap.configurations.php = {
php = { {
{ type = 'php',
type = 'php', request = 'launch',
request = 'launch', name = 'listen for xdebug',
name = 'listen for xdebug', port = 9003,
port = 9003, }
}
},
zig = {
{
name = 'launch',
type = 'codelldb',
request = 'launch',
program = "''${workspaceFolder}/zig-out/bin/''${workspaceFolderBasename}",
cwd = "''${workspaceFolder}",
stopOnEntry = false,
args = {},
}
},
} }
''; '';
} }
@ -237,7 +199,7 @@ in
'fsharp', 'git_config', 'git_rebase', 'gitignore', 'glsl', 'go', 'gomod', 'graphql', 'fsharp', 'git_config', 'git_rebase', 'gitignore', 'glsl', 'go', 'gomod', 'graphql',
'haskell', 'hlsl', 'http', 'ini', 'javadoc', 'jq', 'jsdoc', 'json', 'json5', 'kitty', 'haskell', 'hlsl', 'http', 'ini', 'javadoc', 'jq', 'jsdoc', 'json', 'json5', 'kitty',
'latex', 'markdown', 'nginx', 'nix', 'php', 'php_only', 'phpdoc', 'regex', 'rust', 'sql', 'latex', 'markdown', 'nginx', 'nix', 'php', 'php_only', 'phpdoc', 'regex', 'rust', 'sql',
'ssh_config', 'tmux', 'vim', 'wgsl', 'yaml', 'zig', 'odin', 'ssh_config', 'tmux', 'vim', 'wgsl', 'yaml', 'zig', 'ols',
}, },
callback = function() callback = function()
vim.treesitter.start() vim.treesitter.start()
@ -284,11 +246,12 @@ in
config = '' config = ''
vim.o.autoread = true vim.o.autoread = true
-- Recommended/example keymaps. -- Recommended/example keymaps.
vim.keymap.set({ "n", "x" }, "<leader>h", function() require("opencode").ask("@this: ", { submit = true }) end, { desc = "Ask opencode" }) vim.keymap.set({ "n", "x" }, "<C-a>", function() require("opencode").ask("@this: ", { submit = true }) end, { desc = "Ask opencode" })
vim.keymap.set({ "n", "x" }, "<C-x>", function() require("opencode").select() end, { desc = "Execute opencode action" }) vim.keymap.set({ "n", "x" }, "<C-x>", function() require("opencode").select() end, { desc = "Execute opencode action" })
vim.keymap.set({ "n", "t" }, "<C-.>", function() require("opencode").toggle() end, { desc = "Toggle opencode" }) vim.keymap.set({ "n", "t" }, "<C-.>", function() require("opencode").toggle() end, { desc = "Toggle opencode" })
vim.keymap.set({ "n", "x" }, "go", function() return require("opencode").operator("@this ") end, { desc = "Add range to opencode", expr = true }) vim.keymap.set({ "n", "x" }, "go", function() return require("opencode").operator("@this ") end, { desc = "Add range to opencode", expr = true })
vim.keymap.set("n", "goo", function() return require("opencode").operator("@this ") .. "_" end, { desc = "Add line to opencode", expr = true })
vim.keymap.set("n", "<S-C-u>", function() require("opencode").command("session.half.page.up") end, { desc = "Scroll opencode up" }) vim.keymap.set("n", "<S-C-u>", function() require("opencode").command("session.half.page.up") end, { desc = "Scroll opencode up" })
vim.keymap.set("n", "<S-C-d>", function() require("opencode").command("session.half.page.down") end, { desc = "Scroll opencode down" }) vim.keymap.set("n", "<S-C-d>", function() require("opencode").command("session.half.page.down") end, { desc = "Scroll opencode down" })
@ -440,10 +403,12 @@ in
} }
vim-fugitive vim-fugitive
]; ];
initLua = '' extraConfig = ''
colorscheme ${cfg.colorscheme}
'';
extraLuaConfig = ''
${builtins.readFile ./settings.lua} ${builtins.readFile ./settings.lua}
${builtins.replaceStrings [ "@HOSTNAME@" ] [ cfg.hostname ] (builtins.readFile ./plugins.lua)} ${builtins.replaceStrings [ "@HOSTNAME@" ] [ cfg.hostname ] (builtins.readFile ./plugins.lua)}
vim.cmd.colorscheme("${cfg.colorscheme}")
require("custom") require("custom")
''; '';
}; };

19
home/nvim/plugins.lua
View file

@ -42,7 +42,6 @@ local servers = {
zls = { zls = {
enable_build_on_save = true, enable_build_on_save = true,
semantic_tokens = "partial", semantic_tokens = "partial",
global_cache_path = vim.fn.getcwd(0, 0) .. "/.cache/zls",
}, },
}, },
}, },
@ -53,11 +52,7 @@ local servers = {
html = { filetypes = { "html", "blade" } }, html = { filetypes = { "html", "blade" } },
htmx = { filetypes = { "html", "blade" } }, htmx = { filetypes = { "html", "blade" } },
gopls = {}, gopls = {},
ols = { ols = {},
enable_semantic_tokens = true,
enable_auto_import = true,
checker_args = "-vet",
},
wgsl_analyzer = {}, wgsl_analyzer = {},
} }
for server, config in pairs(servers) do for server, config in pairs(servers) do
@ -82,12 +77,12 @@ local leap = require("leap")
leap.opts.preview = function(ch0, ch1, ch2) leap.opts.preview = function(ch0, ch1, ch2)
return not (ch1:match("%s") or (ch0:match("%a") and ch1:match("%a") and ch2:match("%a"))) return not (ch1:match("%s") or (ch0:match("%a") and ch1:match("%a") and ch2:match("%a")))
end end
-- leap.opts.equivalence_classes = { leap.opts.equivalence_classes = {
-- " \t\r\n", " \t\r\n",
-- "([{", "([{",
-- ")]}", ")]}",
-- "'\"`", "'\"`",
-- } }
vim.api.nvim_set_hl(0, "LeapBackdrop", { link = "Comment" }) vim.api.nvim_set_hl(0, "LeapBackdrop", { link = "Comment" })
do do

3
home/nvim/settings.lua
View file

@ -107,6 +107,9 @@ vim.keymap.set({ "n", "t" }, "<C-H>", function()
end, { desc = "Go to previous tab" }) end, { desc = "Go to previous tab" })
vim.keymap.set({ "n", "t" }, "<C-Space>", "<C-w>p", { desc = "Go to previous pane" }) vim.keymap.set({ "n", "t" }, "<C-Space>", "<C-w>p", { desc = "Go to previous pane" })
vim.keymap.set("n", "<localleader>v", "<cmd>vsplit<cr>", { desc = "split (vertical line)" })
vim.keymap.set("n", "<leader>h", "<cmd>split<cr>", { desc = "split (horizontal line)" })
vim.keymap.set("n", "<localleader><localleader>", "<cmd>w<cr>", { desc = "save buffer" }) vim.keymap.set("n", "<localleader><localleader>", "<cmd>w<cr>", { desc = "save buffer" })
vim.diagnostic.config({ vim.diagnostic.config({

12
home/root.nix
View file

@ -2,9 +2,6 @@
{ {
home-manager.users.root = home-manager.users.root =
{ config, ... }: { config, ... }:
let
HOME = "/root";
in
{ {
imports = [ ./nvim ]; imports = [ ./nvim ];
home.username = "root"; home.username = "root";
@ -15,6 +12,13 @@
home.file."/.ssh/desktop.pub".text = home.file."/.ssh/desktop.pub".text =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILquARrJ3Vyh5z6aeVoiYrkLpgiMts+V/JzFEvs3Cnth root@icefox.sh"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILquARrJ3Vyh5z6aeVoiYrkLpgiMts+V/JzFEvs3Cnth root@icefox.sh";
xdg.userDirs = {
enable = false;
extraConfig = {
XDG_CACHE_HOME = "${config.home.homeDirectory}/.cache";
};
};
programs = { programs = {
ssh = { ssh = {
enable = true; enable = true;
@ -44,7 +48,7 @@
name = "root"; name = "root";
}; };
gpg.format = "ssh"; gpg.format = "ssh";
user.signingkey = "${HOME}/.ssh/desktop.pub"; user.signingkey = "${config.home.homeDirectory}/.ssh/desktop.pub";
commit.gpgsign = true; commit.gpgsign = true;
tag.gpgsign = true; tag.gpgsign = true;
core = { core = {

309
home/user.nix
View file

@ -7,17 +7,12 @@
lib, lib,
... ...
}: }:
let
HOME = "/home/user";
in
{ {
home.username = "user"; home.username = "user";
home.homeDirectory = HOME; home.homeDirectory = "/home/user";
home.stateVersion = "25.11"; home.stateVersion = "25.11";
home.sessionVariables = { home.sessionVariables = {
QMK_HOME = "${HOME}/var/qmk"; HOME = "/home/user";
GOMODCACHE = "${HOME}/.cache/go_mod";
GOPATH = "${HOME}/.local/share/go";
}; };
imports = [ imports = [
@ -26,15 +21,15 @@
]; ];
sops.defaultSopsFile = ../secrets/home.yaml; sops.defaultSopsFile = ../secrets/home.yaml;
sops.age.keyFile = "/.persist/${HOME}/.config/sops/age/keys.txt"; sops.age.keyFile = "/.persist/${config.home.homeDirectory}/.config/sops/age/keys.txt";
sops.secrets."user/ssh/desktop" = { sops.secrets."user/ssh/desktop" = {
path = "${HOME}/.ssh/desktop"; path = "${config.home.homeDirectory}/.ssh/desktop";
mode = "0600"; mode = "0600";
}; };
home.file."/.ssh/desktop.pub".text = home.file."/.ssh/desktop.pub".text =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILABd/iSJ4gn/ystDqNxLJTG0n0z5VIC9YXlmdUfOhHf desktop@icefox.sh"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILABd/iSJ4gn/ystDqNxLJTG0n0z5VIC9YXlmdUfOhHf desktop@icefox.sh";
sops.secrets."user/ssh/legacy_ed25519" = { sops.secrets."user/ssh/legacy_ed25519" = {
path = "${HOME}/.ssh/legacy_ed25519"; path = "${config.home.homeDirectory}/.ssh/legacy_ed25519";
mode = "0600"; mode = "0600";
}; };
home.file."/.ssh/legacy_ed25519.pub".text = home.file."/.ssh/legacy_ed25519.pub".text =
@ -56,21 +51,18 @@
# "Xft.rgba" = "rgb"; # "Xft.rgba" = "rgb";
# }; # };
systemd.user.services.waypipe-socket = { # systemd.user.services.xrdb-configure = {
Unit = { # Unit = {
Description = "start waypipe client"; # Description = "Load Xresources";
}; # };
Install = { # Intall = {
WantedBy = [ "graphical-session.target" ]; # WantedBy = [ "graphical-session.target" ];
}; # };
Service = { # Service = {
ExecStart = "${pkgs.waypipe}/bin/waypipe --socket /tmp/waypipe.sock client"; # ExecStart = "${pkgs.xrdb}/bin/xrdb -merge ${config.home.homeDirectory}/.Xresources";
ExecStartPost = "${pkgs.acl}/bin/setfacl -m u:agent:rw /tmp/waypipe.sock"; # Type = "oneshot";
RuntimeDirectory = "waypipe"; # };
Type = "simple"; # };
Restart = "on-failure";
};
};
sops.secrets."user/gpg/legacy_fnzr" = { }; sops.secrets."user/gpg/legacy_fnzr" = { };
home.activation.importGpgKey = config.lib.dag.entryAfter [ "writeBoundary" ] '' home.activation.importGpgKey = config.lib.dag.entryAfter [ "writeBoundary" ] ''
if [[ -f "${config.sops.secrets."user/gpg/legacy_fnzr".path}" ]]; then if [[ -f "${config.sops.secrets."user/gpg/legacy_fnzr".path}" ]]; then
@ -100,6 +92,225 @@
}; };
}; };
# xdg.configFile."opencode/opencode.json".text = builtins.toJSON {
# "$schema" = "https://opencode.ai/config.json";
# plugin = [ "opencode-antigravity-auth@latest" ];
# provider = {
# google = {
# models = {
# antigravity-gemini-3-pro = {
# name = "Gemini 3 Pro (Antigravity)";
# limit = {
# context = 1048576;
# output = 65535;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# variants = {
# low = {
# thinkingLevel = "low";
# };
# high = {
# thinkingLevel = "high";
# };
# };
# };
# antigravity-gemini-3-flash = {
# name = "Gemini 3 Flash (Antigravity)";
# limit = {
# context = 1048576;
# output = 65536;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# variants = {
# minimal = {
# thinkingLevel = "minimal";
# };
# low = {
# thinkingLevel = "low";
# };
# medium = {
# thinkingLevel = "medium";
# };
# high = {
# thinkingLevel = "high";
# };
# };
# };
# antigravity-claude-sonnet-4-5 = {
# name = "Claude Sonnet 4.5 (Antigravity)";
# limit = {
# context = 200000;
# output = 64000;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# };
# antigravity-claude-sonnet-4-5-thinking = {
# name = "Claude Sonnet 4.5 Thinking (Antigravity)";
# limit = {
# context = 200000;
# output = 64000;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# variants = {
# low = {
# thinkingConfig = {
# thinkingBudget = 8192;
# };
# };
# max = {
# thinkingConfig = {
# thinkingBudget = 32768;
# };
# };
# };
# };
# antigravity-claude-opus-4-5-thinking = {
# name = "Claude Opus 4.5 Thinking (Antigravity)";
# limit = {
# context = 200000;
# output = 64000;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# variants = {
# low = {
# thinkingConfig = {
# thinkingBudget = 8192;
# };
# };
# max = {
# thinkingConfig = {
# thinkingBudget = 32768;
# };
# };
# };
# };
# antigravity-claude-opus-4-6-thinking = {
# name = "Claude Opus 4.6 Thinking (Antigravity)";
# limit = {
# context = 200000;
# output = 64000;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# variants = {
# low = {
# thinkingConfig = {
# thinkingBudget = 8192;
# };
# };
# max = {
# thinkingConfig = {
# thinkingBudget = 32768;
# };
# };
# };
# };
# "gemini-2.5-flash" = {
# name = "Gemini 2.5 Flash (Gemini CLI)";
# limit = {
# context = 1048576;
# output = 65536;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# };
# "gemini-2.5-pro" = {
# name = "Gemini 2.5 Pro (Gemini CLI)";
# limit = {
# context = 1048576;
# output = 65536;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# };
# gemini-3-flash-preview = {
# name = "Gemini 3 Flash Preview (Gemini CLI)";
# limit = {
# context = 1048576;
# output = 65536;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# };
# gemini-3-pro-preview = {
# name = "Gemini 3 Pro Preview (Gemini CLI)";
# limit = {
# context = 1048576;
# output = 65535;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# };
# };
# };
# };
# };
xdg.desktopEntries = { xdg.desktopEntries = {
google-chrome = { google-chrome = {
name = "Google Chrome"; name = "Google Chrome";
@ -216,20 +427,19 @@
xdg.userDirs = { xdg.userDirs = {
enable = true; enable = true;
createDirectories = true; createDirectories = true;
setSessionVariables = true;
download = "${HOME}/downloads"; download = "${config.home.homeDirectory}/downloads";
documents = "${HOME}/documents"; documents = "${config.home.homeDirectory}/documents";
desktop = "${HOME}/desktop"; desktop = "${config.home.homeDirectory}/desktop";
pictures = "${HOME}/pictures"; pictures = "${config.home.homeDirectory}/pictures";
music = "${HOME}/music"; music = "${config.home.homeDirectory}/music";
videos = "${HOME}/videos"; videos = "${config.home.homeDirectory}/videos";
templates = "${HOME}"; templates = "${config.home.homeDirectory}";
publicShare = "${HOME}"; publicShare = "${config.home.homeDirectory}";
extraConfig = { extraConfig = {
SCREENSHOTS = "$HOME/pictures/screenshots"; SCREENSHOTS = "${config.home.homeDirectory}/pictures/screenshots";
XDG_CACHE_HOME = "$HOME/.cache"; XDG_CACHE_HOME = "${config.home.homeDirectory}/.cache";
}; };
}; };
@ -265,7 +475,7 @@
enable = true; enable = true;
lfs.enable = true; lfs.enable = true;
signing = { signing = {
key = "${HOME}/.ssh/desktop.pub"; key = "${config.home.homeDirectory}/.ssh/desktop.pub";
signByDefault = true; signByDefault = true;
}; };
includes = [ includes = [
@ -275,7 +485,6 @@
user = { user = {
name = "felipematos"; name = "felipematos";
email = "5471818+fnzr@users.noreply.github.com"; email = "5471818+fnzr@users.noreply.github.com";
signingkey = "${HOME}/.ssh/desktop.pub";
}; };
}; };
} }
@ -284,7 +493,7 @@
user = { user = {
email = "felipe@icefox.sh"; email = "felipe@icefox.sh";
name = "icefox"; name = "icefox";
signingkey = "${HOME}/.ssh/desktop.pub"; signingkey = "${config.home.homeDirectory}/.ssh/desktop.pub";
}; };
gpg.format = "ssh"; gpg.format = "ssh";
commit.gpgsign = true; commit.gpgsign = true;
@ -328,20 +537,12 @@
help = { help = {
autocorrect = "prompt"; autocorrect = "prompt";
}; };
safe = {
directory = [
"/home/agent/*"
];
};
}; };
}; };
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
xrdb xrdb
(writeShellScriptBin "agent" ''
machinectl shell agent@ ${waypipe}/bin/waypipe --socket /run/waypipe.sock server fish
'')
(writeShellApplication { (writeShellApplication {
name = "tmux-sessionizer"; name = "tmux-sessionizer";
runtimeInputs = [ runtimeInputs = [
@ -350,7 +551,20 @@
]; ];
text = builtins.readFile ./bin/tmux-sessionizer; text = builtins.readFile ./bin/tmux-sessionizer;
}) })
(writeShellScriptBin "opencode" ''
ssh -t user@192.168.77.2 "
cd $(pwd) 2>/dev/null || cd \$(mktemp -d)
opencode $*
"
'')
(writeShellScriptBin "claude" ''
ssh -t user@192.168.77.2 "
cd $(pwd) 2>/dev/null || cd \$(mktemp -d)
claude $*
"
'')
]; ];
custom.tmux.enable = true; custom.tmux.enable = true;
custom.neovim = { custom.neovim = {
enable = true; enable = true;
@ -410,7 +624,6 @@
programs.firefox = { programs.firefox = {
enable = true; enable = true;
package = pkgs.firefox; package = pkgs.firefox;
configPath = ".mozilla/firefox";
nativeMessagingHosts = [ nativeMessagingHosts = [
pkgs.browserpass pkgs.browserpass
pkgs.tridactyl-native pkgs.tridactyl-native

43
kernel/default.nix
View file

@ -3,22 +3,6 @@
pkgs, pkgs,
... ...
}: }:
let
nsExec = pkgs.writeShellScriptBin "ns-raw" ''
ns="$1"
shift
exec ${pkgs.iproute2}/bin/ip netns exec "$ns" \
${pkgs.util-linux}/bin/setpriv \
--reuid="$DOAS_USER" --regid="$DOAS_USER" \
--clear-groups \
--inh-caps=-all \
"$@"
'';
nsWrapper = pkgs.writeShellScriptBin "ns" ''
exec /run/wrappers/bin/doas ${nsExec}/bin/ns-raw "$@"
'';
in
{ {
imports = [ imports = [
./hardened.nix ./hardened.nix
@ -54,47 +38,24 @@ in
extraRules = [ extraRules = [
{ {
users = [ "user" ]; users = [ "user" ];
runAs = "root";
keepEnv = true; keepEnv = true;
persist = true; persist = true;
} }
{ {
users = [ "user" ]; users = [ "user" ];
runAs = "work"; runAs = "agent";
noPass = true; noPass = true;
keepEnv = false; keepEnv = false;
} }
{
users = [ "user" ];
runAs = "agent";
noPass = true;
keepEnv = true;
}
{
users = [
"user"
"agent"
"work"
];
runAs = "root";
noPass = true;
keepEnv = true;
cmd = "${nsExec}/bin/ns-raw";
}
]; ];
}; };
environment.systemPackages = [ nsWrapper ];
security.pam.services.su.requireWheel = true;
security.pam.services.newgrp.requireWheel = true;
boot = { boot = {
loader = { loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_zen;
kernelParams = [ kernelParams = [
"amd_iommu=on" "amd_iommu=on"
]; ];

2
networking.nix
View file

@ -33,8 +33,6 @@
# interfaces = [ inetInterface ]; # interfaces = [ inetInterface ];
# }; # };
firewall.allowedTCPPorts = [ firewall.allowedTCPPorts = [
5900
8080
9003 9003
10000 10000
10001 10001

39
packages.nix
View file

@ -2,10 +2,6 @@
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
bat bat
bc
(pkgs.writeShellScriptBin "bci" ''
echo "$@" | ${bc}/bin/bc -l
'')
black black
blade-formatter blade-formatter
cmake cmake
@ -19,7 +15,6 @@
clang-tools clang-tools
clevis clevis
cliphist cliphist
chromium
distrobox distrobox
dos2unix dos2unix
dnsutils dnsutils
@ -28,7 +23,6 @@
eza eza
fd fd
ffmpeg ffmpeg
file
fira-code-symbols fira-code-symbols
fish fish
fractal fractal
@ -52,10 +46,9 @@
poppler poppler
jetbrains.datagrip jetbrains.datagrip
jq jq
kitty
lazygit lazygit
(pkgs.writeShellScriptBin "lf" '' (pkgs.writeShellScriptBin "lf" ''
cd_file="/tmp/lf-lastdir" cd_file="/tmp/lf-lastdir-$$"
${pkgs.lf}/bin/lf "$@" ${pkgs.lf}/bin/lf "$@"
@ -88,13 +81,12 @@
php84Packages.composer php84Packages.composer
php84Packages.php-cs-fixer php84Packages.php-cs-fixer
phpactor phpactor
pistol
podman-compose podman-compose
podman-tui podman-tui
prettierd prettierd
playerctl playerctl
qemu_full
qmk qmk
quickemu
quickshell quickshell
resvg resvg
ripgrep ripgrep
@ -112,6 +104,7 @@
tmux tmux
thunderbird thunderbird
tor-browser tor-browser
ungoogled-chromium
unzip unzip
virt-manager virt-manager
virt-viewer virt-viewer
@ -153,7 +146,12 @@
virtualisation.podman = { virtualisation.podman = {
enable = true; enable = true;
dockerCompat = true; dockerCompat = true;
# rootless = {
# enable = true;
# setSocketVariable = true;
# };
defaultNetwork.settings.dns_enabled = true; defaultNetwork.settings.dns_enabled = true;
# storageDriver = "btrfs";
}; };
virtualisation.spiceUSBRedirection.enable = true; virtualisation.spiceUSBRedirection.enable = true;
@ -165,7 +163,7 @@
onBoot = "ignore"; onBoot = "ignore";
onShutdown = "shutdown"; onShutdown = "shutdown";
qemu = { qemu = {
package = pkgs.qemu; package = pkgs.qemu_full;
verbatimConfig = '' verbatimConfig = ''
cgroup_device_acl = [ cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero", "/dev/null", "/dev/full", "/dev/zero",
@ -230,15 +228,16 @@
}; };
}; };
services.ollama = { # services.ollama = {
enable = true; # enable = true;
package = pkgs.ollama-cuda; # package = pkgs.ollama-cuda;
home = "/data/ollama"; # home = "/data/ollama";
loadModels = [ # user = "ollama";
"qwen3.6" # group = "user";
"glm-5.1" # loadModels = [
]; # "llama3"
}; # ];
# };
# services.open-webui = { # services.open-webui = {
# enable = true; # enable = true;
# port = 11347; # port = 11347;

52
users.nix
View file

@ -7,7 +7,6 @@
imports = [ imports = [
./home/user.nix ./home/user.nix
./home/root.nix ./home/root.nix
./home/agents.nix
]; ];
sops.secrets."user/password" = { sops.secrets."user/password" = {
neededForUsers = true; neededForUsers = true;
@ -25,41 +24,17 @@
homeMode = "700"; homeMode = "700";
hashedPasswordFile = config.sops.secrets."root/password".path; hashedPasswordFile = config.sops.secrets."root/password".path;
}; };
# microvm = { microvm = {
# uid = 999; uid = 999;
# isSystemUser = true; isSystemUser = true;
# }; };
# work = { # agent = {
# uid = 1001; # uid = 1001;
# homeMode = "770"; # homeMode = "770";
# home = "/home/work";
# isNormalUser = true;
# shell = pkgs.fish;
# group = "work";
# extraGroups = [
# "public"
# ];
# linger = true;
# };
agent = {
uid = 1002;
homeMode = "770";
home = "/home/agent";
shell = pkgs.fish;
isNormalUser = true;
group = "agent";
extraGroups = [ "public" ];
linger = true;
};
# sandbox = {
# uid = 1003;
# homeMode = "770";
# home = "/home/sandbox";
# shell = pkgs.fish; # shell = pkgs.fish;
# isNormalUser = true; # isNormalUser = true;
# group = "sandbox"; # group = "agents";
# extraGroups = [ "public" ]; # extraGroups = [ "user" ];
# linger = true;
# }; # };
user = { user = {
uid = 1000; uid = 1000;
@ -72,23 +47,14 @@
"libvirt" "libvirt"
"systemd-journal" "systemd-journal"
"kvm" "kvm"
"public" "agents"
"agent"
"sandbox"
"audio"
"video"
"bluetooth"
# "work"
]; ];
hashedPasswordFile = config.sops.secrets."user/password".path; hashedPasswordFile = config.sops.secrets."user/password".path;
linger = true;
}; };
}; };
groups = { groups = {
user.gid = 1000; user.gid = 1000;
agent.gid = 1002; agents.gid = 777;
public.gid = 777;
# sandbox.gid = 1003;
}; };
}; };
} }

571
vms/default.nix Normal file
View file

@ -0,0 +1,571 @@
{
nixpkgs,
sops-nix,
impermanence,
home-manager,
...
}:
{
systemd.network.netdevs."20-microbr".netdevConfig = {
Kind = "bridge";
Name = "microbr";
};
systemd.network.networks."20-microbr" = {
matchConfig.Name = "microbr";
addresses = [ { Address = "192.168.77.1/24"; } ];
networkConfig = {
ConfigureWithoutCarrier = true;
};
};
systemd.network.networks."21-microvm-tap" = {
matchConfig.Name = "vm-*";
networkConfig.Bridge = "microbr";
};
networking.nat = {
enable = true;
internalInterfaces = [ "microbr" ];
externalInterface = "enp7e0";
};
networking.nftables = {
enable = true;
tables.nat = {
family = "ip";
content = ''
chain postrouting {
type nat hook postrouting priority srcnat;
iifname "microbr" masquerade
}
'';
};
};
microvm.vms = {
"dealwise" = {
pkgs = import nixpkgs {
system = "x86_64-linux";
config.allowUnfreePredicate =
pkg:
builtins.elem (nixpkgs.lib.getName pkg) [
"claude-code"
];
};
config =
let
hostname = "ai-sandbox";
mac = "02:00:00:00:00:06";
in
{
config,
pkgs,
...
}:
{
imports = [
impermanence.nixosModules.impermanence
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
];
sops = {
defaultSopsFile = ./secrets/secrets.yaml;
age.keyFile = "/.persist/root/.config/sops/age/keys.txt";
secrets = {
"wg0/private_key" = { };
};
};
boot.kernel.sysctl."kernel.unprivileged_userns_clone" = 1;
systemd.network = {
enable = true;
networks = {
"10-net" = {
matchConfig.MACAddress = mac;
linkConfig.RequiredForOnline = "routable";
addresses = [ { Address = "192.168.77.2/24"; } ];
routes = [
{
Gateway = "192.168.77.1";
Metric = 100;
}
{
Destination = "103.69.224.4/32";
Gateway = "192.168.77.1";
}
];
};
};
};
services.resolved.enable = false;
environment.etc."resolv.conf".text = ''
nameserver 10.2.0.1
'';
networking = {
hostName = hostname;
useNetworkd = true;
useDHCP = false;
firewall.enable = false;
wireguard.interfaces.wg0 = {
ips = [ "10.2.0.2/32" ];
listenPort = 45974;
privateKeyFile = config.sops.secrets."wg0/private_key".path;
metric = 10;
peers = [
{
publicKey = "D8Sqlj3TYwwnTkycV08HAlxcXXS3Ura4oamz8rB5ImM=";
endpoint = "103.69.224.4:51820";
allowedIPs = [
"0.0.0.0/0"
"::/0"
];
persistentKeepalive = 25;
}
];
};
};
users.mutableUsers = false;
users.users.root = {
password = "";
home = "/root";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILABd/iSJ4gn/ystDqNxLJTG0n0z5VIC9YXlmdUfOhHf desktop@icefox.sh"
];
};
users.users.user = {
linger = true;
home = "/home/user";
password = "";
group = "user";
isNormalUser = true;
uid = 1000;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILABd/iSJ4gn/ystDqNxLJTG0n0z5VIC9YXlmdUfOhHf desktop@icefox.sh"
];
};
users.groups.user.gid = 1000;
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.user = {
home.username = "user";
home.homeDirectory = "/home/user";
home.stateVersion = "25.11";
home.enableNixpkgsReleaseCheck = false;
xdg.configFile."containers/containers.conf".text = ''
[engine]
compose_warning_logs=false
events_logger="file"
[containers]
log_driver="k8s-file"
'';
xdg.configFile."opencode/opencode.json".text = builtins.toJSON {
"$schema" = "https://opencode.ai/config.json";
plugin = [ "opencode-antigravity-auth@latest" ];
provider = {
google = {
models = {
antigravity-gemini-3-pro = {
name = "Gemini 3 Pro (Antigravity)";
limit = {
context = 1048576;
output = 65535;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
variants = {
low = {
thinkingLevel = "low";
};
high = {
thinkingLevel = "high";
};
};
};
antigravity-gemini-3-flash = {
name = "Gemini 3 Flash (Antigravity)";
limit = {
context = 1048576;
output = 65536;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
variants = {
minimal = {
thinkingLevel = "minimal";
};
low = {
thinkingLevel = "low";
};
medium = {
thinkingLevel = "medium";
};
high = {
thinkingLevel = "high";
};
};
};
antigravity-claude-sonnet-4-5 = {
name = "Claude Sonnet 4.5 (Antigravity)";
limit = {
context = 200000;
output = 64000;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
};
antigravity-claude-sonnet-4-5-thinking = {
name = "Claude Sonnet 4.5 Thinking (Antigravity)";
limit = {
context = 200000;
output = 64000;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
variants = {
low = {
thinkingConfig = {
thinkingBudget = 8192;
};
};
max = {
thinkingConfig = {
thinkingBudget = 32768;
};
};
};
};
antigravity-claude-opus-4-5-thinking = {
name = "Claude Opus 4.5 Thinking (Antigravity)";
limit = {
context = 200000;
output = 64000;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
variants = {
low = {
thinkingConfig = {
thinkingBudget = 8192;
};
};
max = {
thinkingConfig = {
thinkingBudget = 32768;
};
};
};
};
antigravity-claude-opus-4-6-thinking = {
name = "Claude Opus 4.6 Thinking (Antigravity)";
limit = {
context = 200000;
output = 64000;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
variants = {
low = {
thinkingConfig = {
thinkingBudget = 8192;
};
};
max = {
thinkingConfig = {
thinkingBudget = 32768;
};
};
};
};
"gemini-2.5-flash" = {
name = "Gemini 2.5 Flash (Gemini CLI)";
limit = {
context = 1048576;
output = 65536;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
};
"gemini-2.5-pro" = {
name = "Gemini 2.5 Pro (Gemini CLI)";
limit = {
context = 1048576;
output = 65536;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
};
gemini-3-flash-preview = {
name = "Gemini 3 Flash Preview (Gemini CLI)";
limit = {
context = 1048576;
output = 65536;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
};
gemini-3-pro-preview = {
name = "Gemini 3 Pro Preview (Gemini CLI)";
limit = {
context = 1048576;
output = 65535;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
};
};
};
};
};
};
};
fileSystems = {
"/.persist".neededForBoot = true;
};
environment.systemPackages = with pkgs; [
coreutils
jq
git
fzf
claude-code
neovim
ripgrep
fd
podman-compose
opencode
php
php.packages.composer
pkgs.nodejs_24
pkgs.dotnet-sdk_9
pkgs.go_1_24
];
programs = {
fish.enable = true;
starship.enable = true;
ssh = {
knownHosts = {
"github.com".publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
};
};
};
systemd.tmpfiles.rules = [
"d /var/log/laravel 0755 1000 1000"
];
environment.persistence."/.persist" = {
enable = true;
hideMounts = true;
directories = [
"/var/lib/nixos"
];
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
users.root = {
files = [
".config/sops/age/keys.txt"
];
};
users.user = {
files = [
".claude.json"
".claude.json.backup"
];
directories = [
".claude"
".local/share/containers"
".local/share/opencode"
];
};
};
services = {
openssh = {
enable = true;
ports = [ 22 ];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "yes";
AllowUsers = [
"user"
"root"
];
};
};
getty = {
autologinUser = "root";
autologinOnce = true;
};
};
virtualisation = {
containers.enable = true;
podman = {
enable = true;
defaultNetwork.settings.dns_enabled = true;
dockerCompat = true;
};
};
environment.sessionVariables = {
EDITOR = "nvim";
};
microvm = {
hypervisor = "qemu";
vcpu = 4;
mem = 8192;
socket = "control.sock";
interfaces = [
{
id = "vm-${hostname}";
type = "tap";
mac = mac;
}
];
volumes = [
{
mountPoint = "/.persist";
image = "persist.img";
size = 1024 * 128;
}
{
mountPoint = "/nix/.rw-store";
image = "nix-store.img";
size = 1024 * 128;
}
];
writableStoreOverlay = "/nix/.rw-store";
shares = [
{
proto = "virtiofs";
tag = "downloads";
source = "/home/user/downloads";
mountPoint = "/home/user/downloads";
}
{
proto = "virtiofs";
tag = "pictures";
source = "/home/user/pictures";
mountPoint = "/home/user/pictures";
}
{
proto = "virtiofs";
tag = "dealwise";
source = "/home/user/work/dealwise";
mountPoint = "/home/user/work/dealwise";
}
{
proto = "virtiofs";
tag = "php-data-transfer-object";
source = "/home/user/dev/icefox/php/data-transfer-object";
mountPoint = "/home/user/dev/icefox/php/data-transfer-object";
}
{
proto = "virtiofs";
tag = "uni";
source = "/home/user/uni";
mountPoint = "/home/user/uni";
}
{
proto = "virtiofs";
tag = "dev";
source = "/home/user/dev";
mountPoint = "/home/user/dev";
}
{
proto = "virtiofs";
tag = "ro-store";
source = "/nix/store";
mountPoint = "/nix/.ro-store";
}
];
qemu.extraArgs = [
"-cpu"
"host"
];
};
system.stateVersion = "25.11";
};
};
};
}

32
vms/secrets/secrets.yaml Normal file
View file

@ -0,0 +1,32 @@
ssh:
private_key: ENC[AES256_GCM,data:0EDM0MEirn14hmU3UV0yFcB6kG8zjYyt+sbIb6v2vr3sqaK0EmBf4VxX1TRxjlT3nDk7NZG60+Lw6+c45COhZX0ApYkElUxPtKXsLM4HZKruJiL3cLicdFDsL7/53tMyp6waFVejq5dbog/kya+dbUujM8p2ILqO9GjB2k0truipq6ThpinytRqu5xccjJzUbEqCrr1U2lKTIm6s83zAJfcrnwEipIoV2WqxjPpeGjGBKwfi4284O1J5zZHvbxB+CQ+4rHrkcsio4CEDLdV6s93d5FHARGt/Ni/ZXfcP2Yve5M4PrakliHVv7dVNrGqX6tDXZkhVlhzCHk0vY9dSTONuvlmeoFtSWpJXG8MfaGzmfkT+/F39U1TpbRyIPL4OyeidvBV4hTJuKmCOSraXnFwz5l3EnZhBbrCBRw8XFTZGS8v8jMcC7QTFYxCDL4GcrSJac9cgDlggygr3Vv8627a+zYSwauuNWPYEf1Nr56owZdJUc6LJpOBd+QR2fiV+coA/cNbNhWOaRS3K/NRS,iv:1lU+UUhH4m5OjyDO5s/sNGGGoT/7NxI5Cs1GL5CEIGU=,tag:EG8YZERDyeG/XkCNO7f/cQ==,type:str]
wg0:
private_key: ENC[AES256_GCM,data:nr7y3wp7EtVW6uI6MBSwyMO9YuMyx/F0AZmD8GmuA3BPQTVTsVSctoKIxLE=,iv:KN68DwGuDo+aPP4mBk1MqY+lxFjisKSwXn0w+yngDRQ=,tag:gpjxIFWaZE+5hbYHVsO1ZQ==,type:str]
address: ENC[AES256_GCM,data:9Tnph2SHKeEt9Ss=,iv:CPR1N7fqqlaThGltSpfqeAOc5bAe13KWskGWj3jI8LQ=,tag:xha/hQOVqfUoGyfKbHhnuQ==,type:str]
conf: ENC[AES256_GCM,data:SRDnI+2PvK7Zz1L5XBvrBNejgJEg8DK+qVO5XEtx6Nal+f7IeB3Ascp8Bkit5fd5myn/RxiK80wYmvLkDmcJAk46UjHKOpbxJl1s5FmKDuZJ3c3MXLwH7k2PeZP14VDDlyQqlcyGBrSu74L64ZMh/6EWGKbONTD1Wt3Ykg+/RegzQFDr2CPbj6XQeXsNS2p0ugicP5ffBMTUa9KSYDMQVV80mjSZ246aeY0owU1VUsitdvsCbfxtFd5gr/9zdfOXOvGY/BKxAlvVbszCalNs9DgJDHt/,iv:FP90SvUGnsZJS7F/uxtbOqTvGOgtC4+r2+YgF5FBoQY=,tag:9G1tkXHTpbytmG9T6sTpMw==,type:str]
wg-br0:
private_key: ENC[AES256_GCM,data:AwGwtS6Bkx5SUwxfaz/UaogGQIwqJidHzyOC0EWCA1UzEo1XV+bFKpdvOjg=,iv:O5RTjtNHC3lY+uVb6JBTwCrxpDSOsVAy8VOvsSatr0M=,tag:HelKY1PtxI3Zi+9Alrw+Ow==,type:str]
sops:
age:
- recipient: age1y0tj3kt67pfnj38t9c8g2ghry3a0mhcq8rrqv5xr4jekwepxaelqzu3dkf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtOHZSRkpBVVdUUk9OYUFH
cVBra014WXJyRTJ0QWFKallLQlc0SXhNSlFBCmpwME92M2lCN2liVjZBRndlSVBk
OEpUU1YyakdCa0xVaHdhRlpXbGxYdUEKLS0tIDFlV1k0Qkx1UDd2NUVHTTI3NDZE
OWhIdUxDcHB4Z3dTdDkyZWF6NEJCYzAKfPB9AZFQ08yqil+4AhIi6EMy8PXI4CAz
lK4ON/M67T0UrlWN/m3pryOOr4Lj4oiZvdOR0BCO3kn4Pj0nq5jQOA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16v8w7q4wmn22hhakq2uzaus2508rhldm7lcwh0kukshzjzyhuqesqz44ze
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSC9Td1NTMzk2NlJDTDNM
UVUzTSt1dGkrUVRGT1UzeXcwR1REN1U0dW5JCnNJRzdKZHVyR0dzaUw2TlVzQnQ2
SHhSSGlDWUNBSXZiME5GM0JPTFRseDQKLS0tIEFnOXgzWFo2Rmo2THN4VFFIY1h0
OEZ4WUp1QlVrTkVTN1BHMG0yaXFuSk0KLw3ZuvWTurJDTpyoq5YafLm8YFT4v4Vh
s+ay8ju3kA1CKjMF3gBQF08EoCdP/jU6tZerNwwcs17el5zIvRmG7Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-06T22:06:59Z"
mac: ENC[AES256_GCM,data:IJXeoVdP8/R51hHNTkpYSj9f1bGRBh5PtlEdbcXuD12DFGZtEFcAeBgfKHSnYBRxZMedd/IxhsQYNatW8T/spAuPi0dEh2mnn9yz3evGjkc1WKGOy24Ou3xhZBboo9tzYfkX3PVGd10kx+vTJh3by7Eq4LjAfyq1vyGj1g3S5nU=,iv:wQsntFE/TO0Z5An9U7yYUIQ/nXbo5nnUQ9ukVMm0KRo=,tag:D9HpVrYEbzaCktzGmD0xvg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0