Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion .envrc
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@

strict_env

watch_file flake/per-system/pre-commit.nix
watch_file ./nix/flake/per-system/pre-commit.nix

use flake

CACHIX_AUTH_TOKEN="$(cat ~/.config/sops-nix/secrets/cachix-auth-token)"
export CACHIX_AUTH_TOKEN
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
/.direnv/
/.pre-commit-config.yaml
/.serena/
/result*
12 changes: 10 additions & 2 deletions .zellij-layout.kdl
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
layout {
tab name="nh" {
tab name="nh" hide_floating_panes=true {
pane split_direction="horizontal" {
pane split_direction="vertical" {
pane command="nh" {
Expand All @@ -26,6 +26,10 @@ layout {
}
}

floating_panes {
pane command="zsh" x="10%" y="10%" width="80%" height="80%"
}

pane size=1 borderless=true {
plugin location="zellij:compact-bar"
}
Expand All @@ -45,9 +49,13 @@ layout {
}
}

tab name="shell" {
tab name="shell" hide_floating_panes=true {
pane command="zsh"

floating_panes {
pane command="codex" x="10%" y="10%" width="80%" height="80%"
}

pane size=1 borderless=true {
plugin location="zellij:compact-bar"
}
Expand Down
104 changes: 62 additions & 42 deletions AGENTS.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,39 +27,38 @@ nix flake check # Check for evaluation errors

## Repository Structure

```
flake.nix # Entry point: delegates to flake-parts via ./flake
flake/ # Flake-parts modules defining all outputs
nixos-configurations.nix
home-configurations.nix
modules.nix # Exposes modules/ tree as flake.modules
flake-modules.nix # flake.flakeModules = modules.flake
home-modules.nix # flake.homeModules = modules.homeManager
nixos-modules.nix # flake.nixosModules = modules.nixos
per-system/ # All perSystem outputs
args/ # Injects custom perSystem args (lib, pkgs)
apps/ # Flake apps (ci via nix-fast-build)
checks/ # Flake checks (trufflehog)
dev-shells.nix # devShells (pre-commit shell)
pre-commit.nix # git-hooks-nix pre-commit config
inputs/ # Applies patches to flake inputs
default.nix # Merges patched inputs over raw inputs
nixpkgs.nix # nixpkgs patches (module-level changes)
nixpkgs-patched.nix # nixpkgs-unstable patches (package-level changes)
home-manager.nix # home-manager patches
dms.nix # dms patches
lib/ # Custom lib extensions (lib.my.*)
my.nix # lib.my.importTree, lib.my.mkAbsolute
my-pkgs.nix # lib.my-pkgs.callExpression
hosts/mephistopheles/ # NixOS host configuration
users/ilkecan/ # Home Manager user configuration
modules/ # Reusable modules, exposed as flake outputs
flake/ # Flake-parts modules (flakeModules)
home-manager/ # Home Manager modules (homeModules)
nixos/ # NixOS modules (nixosModules)
packages/ # Custom pkgs instantiation (overlays applied here)
secrets/ # sops-nix encrypted secrets
```
flake.nix # Entry point: delegates to flake-parts via ./nix/flake
nix/ # All Nix source files
flake/ # Flake-parts modules defining all outputs
nixos-configurations.nix
home-configurations.nix
modules.nix # Exposes nix/modules/ tree as flake.modules
flake-modules.nix # flake.flakeModules = modules.flake
home-modules.nix # flake.homeModules = modules.homeManager
nixos-modules.nix # flake.nixosModules = modules.nixos
per-system/ # All perSystem outputs
args/ # Injects custom perSystem args (lib, pkgs)
apps/ # Flake apps (ci via nix-fast-build)
checks/ # Flake checks (trufflehog)
dev-shells.nix # devShells (pre-commit shell)
pre-commit.nix # git-hooks-nix pre-commit config
inputs/ # Applies patches to flake inputs
nixpkgs.nix # nixpkgs patches (module-level changes)
nixpkgs-patched.nix # nixpkgs-unstable patches (package-level changes)
home-manager.nix # home-manager patches
dms.nix # dms patches
lib/ # Custom lib extensions (lib.my.*)
my.nix # lib.my.importTree, lib.my.mkAbsolute
my-pkgs.nix # lib.my-pkgs.callExpression
hosts/mephistopheles/ # NixOS host configuration
users/ilkecan/ # Home Manager user configuration
modules/ # Reusable modules, exposed as flake outputs
flake/ # Flake-parts modules (flakeModules)
home-manager/ # Home Manager modules (homeModules)
nixos/ # NixOS modules (nixosModules)
packages/ # Custom pkgs instantiation (overlays applied here)
inputs.nix # Merges patched inputs over raw inputs
secrets/ # sops-nix encrypted secrets

## Key Architectural Patterns

Expand All @@ -72,50 +71,71 @@ There are three nixpkgs inputs with distinct purposes:
- **`nixpkgs-patched`** — patched version of `nixpkgs-unstable`, stored as a separate input. Used for **package-level** changes to contain cascade rebuilds: patching a package in `nixpkgs-unstable` directly could trigger rebuilds for all dependents; isolating it in a named input limits the blast radius to what explicitly uses `pkgs.patched`.

### Input Patching
`inputs/default.nix` applies upstream PRs to inputs and makes patched versions transparent by overwriting the originals under `inputs.*` (except `nixpkgs-patched`, which is always a separate input). Modules consume patched inputs the same way as stock ones.

`nix/inputs/default.nix` applies upstream PRs to inputs and makes patched versions transparent by overwriting the originals under `inputs.*` (except `nixpkgs-patched`, which is always a separate additive input). Modules consume patched inputs the same way as stock ones.

Transitive flake inputs are rewritten recursively: `replacementMapping` maps each top-level input's `outPath` to its resolved counterpart, so `follows` aliases like `nixpkgs-lib` or `nixpkgs-stable` are transparently replaced with the correct canonical node.

Important invariants when editing `nix/inputs/default.nix`:

- **Top-level canonical nodes** — if a dependency is shared in multiple places, it should have a canonical representative at the top level and all repeats should follow that node.
- **Additive patched inputs must not be flake inputs** — `nixpkgs-patched` is excluded from `resolvedTopLevel` and `replacementMapping` because it is not declared in `flake.nix`'s inputs. This is by design: its pre-patch source `outPath` would collide with `nixpkgs-unstable` in `replacementMapping`. It enters the final result via the `patchedInputs // resolvedTopLevel` merge and is only consumed directly by self.
- **`self` is special-cased** — the recursive rewrite applies to external inputs, but `self` itself is not rebuilt through that recursion. Only `self.inputs` is updated with the rewritten/exported input set to avoid recursive self-reimport.

### Custom pkgs Overlays
`packages/default.nix` instantiates nixpkgs with several overlays, making these package sets available everywhere:

`nix/packages/default.nix` instantiates nixpkgs with several overlays, making these package sets available everywhere:

- `pkgs.unstable` — nixos-unstable packages
- `pkgs.patched` — nixpkgs-unstable with package-level patches applied
- `pkgs.nur` — NUR packages
- `pkgs.notashelf` — packages from the flint flake
- `pkgs.llm-agents.*` — LLM agent tools

### lib.my.importTree

Used extensively to auto-import directories. All `.nix` files and subdirectories are imported recursively, controlled by the `depth` parameter. Avoids manual `imports = [...]` lists for leaf modules.

### Impermanence
The host uses `impermanence` (ephemeral `/` via btrfs). Persistent paths must be explicitly declared in `hosts/mephistopheles/impermanence.nix`.

The host uses `impermanence` (ephemeral `/` via btrfs). Persistent paths must be explicitly declared in `nix/hosts/mephistopheles/impermanence.nix`.

### Secrets

Managed with `sops-nix`. Encrypted secrets live in `secrets/`.

### Key Inputs
- **nvf** — Neovim configuration framework (used for all neovim config under `users/ilkecan/text-editors/neovim/`)

- **nvf** — Neovim configuration framework (used for all neovim config under `nix/users/ilkecan/text-editors/neovim/`)
- **stylix** — System-wide theming
- **niri-flake** — Niri Wayland compositor
- **disko** — Declarative disk partitioning
- **impermanence** — Ephemeral root filesystem support
- **sops-nix** — Secrets management (encrypted secrets in `secrets/`)
- **dms** — DankMaterialShell, a desktop shell for Wayland compositors, built with Quickshell
- **betterfox-nix** — Firefox user.js optimization
- **git-hooks-nix** — Pre-commit hooks framework (deadnix, flake-checker, flint, gitleaks, nil, nixf-diagnose, ripsecrets)
- **git-hooks-nix** — Pre-commit hooks framework (comrak, deadnix, flake-checker, flint, gitleaks, nil, nixf-diagnose, nixfmt, ripsecrets)
- **nixos-cli** — NixOS CLI tool
- **mcp-servers-nix** — MCP server configuration for Home Manager
- **optnix** — Nix option analysis tool

### Flake Module Outputs
Modules under `modules/` are exposed as flake outputs via `flake/modules.nix`:
- `flakeModules` — from `modules/flake/`
- `homeModules` — from `modules/home-manager/`
- `nixosModules` — from `modules/nixos/`

Modules under `nix/modules/` are exposed as flake outputs via `nix/flake/modules.nix`:

- `flakeModules` — from `nix/modules/flake/`
- `homeModules` — from `nix/modules/home-manager/`
- `nixosModules` — from `nix/modules/nixos/`

The `cachix-push` flake module (in `nix/modules/flake/`) provides a `flake.cachix.push` option and generates a `perSystem.apps.cachix-push` app for pushing packages to Cachix caches.

Both host and user configurations dogfood their respective `*.default` module.

### specialArgs / extraSpecialArgs

- NixOS modules receive: `inputs'`, `lib` (extended), `self'`, `userConfig` (the HM config)
- HM modules receive: `inputs'`, `self'`, `hostConfig` (the NixOS config), `osConfig` (alias for `hostConfig`)

### Development Environment

The flake provides a `devShell` via direnv (`.envrc`) with pre-commit hooks enabled through `git-hooks-nix`. A CI app (`nix run .#ci`) wraps `nix-fast-build` for cached builds. A `trufflehog` flake check scans for leaked secrets.
79 changes: 41 additions & 38 deletions flake.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading