From 36132b04546671ea55bf3fb98025ccc9ae887e7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Tue, 17 Feb 2026 21:10:27 +0100 Subject: [PATCH] fix broken references to deleted files, remove dead code Build-breaking fixes: - kibbeh: remove imports of deleted admin-essentials, nix, zsh configs (all provided by niphas via profiles.default + profiles.desktop) - tabula, tahina: remove imports of deleted admin-essentials, nix configs (provided by niphas via profiles.default) - zaatar: remove import of deleted tmux config (provided by niphas via profiles.default) Dead code removal: - flake.nix: remove nixosModules.zsh-kmein (referenced deleted config/zsh.nix) - flake.nix: remove unused wallpapers input - packages/gpt.nix, hora.nix, k-lock.nix: orphaned, not in overlay or referenced - configs/hledger.nix: remove hora reference (package deleted) --- AGENTS.md | 104 +++++++++++++++++++++++++++++++ configs/hledger.nix | 2 - flake.nix | 4 -- packages/gpt.nix | 15 ----- packages/hora.nix | 81 ------------------------ packages/k-lock.nix | 30 --------- systems/kibbeh/configuration.nix | 3 - systems/tabula/configuration.nix | 2 - systems/tahina/configuration.nix | 2 - systems/zaatar/configuration.nix | 1 - 10 files changed, 104 insertions(+), 140 deletions(-) create mode 100644 AGENTS.md delete mode 100644 packages/gpt.nix delete mode 100644 packages/hora.nix delete mode 100644 packages/k-lock.nix diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..9f9618b --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,104 @@ +# niveum — Agent Notes + +## What This Is + +A NixOS flake managing ~9 machines (desktops, servers, family laptops) for one user (kmein/kfm). +Levantine food-themed hostnames: fatteh, kabsa, kibbeh, makanek, manakish, tabula, tahina, zaatar, ful. + +## Repository Structure + +``` +flake.nix # 636 lines — everything: inputs, overlay, nixosConfigurations, apps, packages +configs/ # ~50 NixOS config fragments imported by systems (desktop defaults, programs, services) + default.nix # 200+ line mega-module for desktop machines (user, shell, gnupg, i18n, etc.) + graphical/ # Hyprland + home-manager config (415 lines in home-manager.nix) + packages.nix # ~250 lines of environment.systemPackages + bots/ # Telegram/Mastodon/Matrix bot configs + keyboard/ # XKB layouts (Coptic, Avestan, Gothic, etc.) +configs/*.nix # Individual concerns: bluetooth, sound, printing, ssh, fonts, etc. +modules/ # Proper NixOS modules with options (retiolum, telegram-bot, passport, power-action, etc.) +packages/ # ~93 package files (many small scripts/wrappers) +systems// # Per-machine: configuration.nix + hardware-configuration.nix + extras +lib/ # default.nix (niveum helpers), machines.nix (IP/key inventory), panoptikon.nix +secrets/ # agenix-encrypted .age files (empty dir in checkout, tracked via secrets.txt) +.bin/ # toposort.nix (seems unused/experimental) +``` + +## Key Relationships + +- **niphas** (input): Provides shared "how I like things" config — nixosModules (shell, editor, git, desktop, nix, udiskie) and overlay (niphas-* packages). Used in `profiles.default` and `profiles.desktop`. +- **configs/default.nix**: The "big desktop profile" — imported by fatteh, kabsa, manakish (the main desktop machines). NOT imported by servers or family laptops. +- **profiles** (in flake.nix): `profiles.default`, `profiles.desktop`, `profiles.server` — lists of modules composed per machine. +- **lib.niveum**: Custom lib injected via overlay (`pkgs.lib.niveum`) — used everywhere for machine addresses, SSH port, helper functions. + +## Known Bugs / Broken References + +All previously broken references have been fixed. See git log for details. +The deleted files (`configs/admin-essentials.nix`, `configs/nix.nix`, `configs/zsh.nix`, +`configs/tmux.nix`) were superseded by niphas modules already present in `profiles.default`. + +## Architectural Issues + +### 1. flake.nix is a monolith (636 lines) +The overlay alone is ~180 lines. The nixosConfigurations block is ~170 lines. Overlay, apps, packages output, nixosConfigurations, profiles — all in one file. + +### 2. configs/default.nix is a grab-bag (200+ lines, ~15 inline anonymous modules) +It's a list of `imports` mixing inline `{ ... }` blocks with file imports. Hard to find what's defined where. Many of these inline blocks should be their own files (user config, i18n, gnupg, dconf, xdg dirs, etc.). + +### 3. Retiolum secret boilerplate repeated 9 times +Every system has a near-identical block: +```nix +age.secrets.retiolum-rsa = { file = ../../secrets/${hostname}-retiolum-privateKey-rsa.age; mode = "400"; owner = "tinc-retiolum"; group = "tinc-retiolum"; }; +age.secrets.retiolum-ed25519 = { ... same ... }; +``` +This could be a function or module parameterized by hostname. + +### 4. Nginx + ACME boilerplate duplicated +ful and makanek have identical nginx recommended settings + ACME config. Should be a shared server profile. + +### 5. modules/retiolum.nix uses NIX_PATH lookups (``, ``) +This breaks flake purity. The `configs/retiolum.nix` partially overrides the key paths to use agenix, but the hosts file and extraHosts still use ``. + +### 6. Orphaned packages +- `packages/gpt.nix`, `packages/hora.nix`, `packages/k-lock.nix` — not in overlay, not referenced anywhere +- `wallpapers` flake input — declared but never referenced in outputs +- `naersk` and `fenix` inputs — only used transitively via `follows`, not directly + +### 7. niveum-* overlay aliases +After our cleanup, `niveum-terminal`, `niveum-browser`, `niveum-filemanager` are aliases to niphas equivalents. These could be removed by updating the ~6 references in configs/i3.nix, configs/graphical/home-manager.nix, configs/default.nix to use niphas-* names directly. + +### 8. The `pkgs.lib.niveum` pattern +Custom lib is injected via overlay into `pkgs.lib`. This works but is unconventional — it means the lib is only available where the overlay is applied, and it pollutes the pkgs namespace. A `specialArgs` approach or a standalone lib would be cleaner. + +### 9. Restic backup config scattered +`services.restic.backups.niveum` is configured in configs/backup.nix, configs/applicative.nix, and extended in 5+ system files. The module system merges these, but it's hard to see what a given machine backs up without reading multiple files. + +### 10. configs/ vs modules/ distinction is unclear +`configs/` has both stateless config fragments (spacetime.nix = timezone) and stateful ones (backup.nix, cloud.nix). `modules/` has proper option-declaring modules. Some configs/ files (like power-action.nix) are actually imported from modules/. The boundary is blurry. + +## Machines Overview + +| Machine | Role | Profile | Arch | Notes | +|-----------|--------------|------------------|--------------|------------------------------------| +| fatteh | Desktop | default+desktop | x86_64 | ThinkPad T480, CUDA, main daily | +| kabsa | Desktop | default+desktop | x86_64 | ThinkPad X220, constrained (2 jobs)| +| manakish | Desktop | default+desktop | x86_64 | ThinkPad X230 | +| kibbeh | Desktop | custom (broken!) | x86_64 | Pantheon DE, travel laptop | +| ful | Server | default+server | aarch64 | Oracle/Hetzner, nginx, web services| +| makanek | Server | default+server | x86_64 | Hetzner, gitea, nextcloud, weechat | +| zaatar | Server/Home | custom (broken!) | x86_64 | Home assistant, backup server | +| tabula | Family laptop| custom (broken!) | x86_64 | LXQt, user "xenos" | +| tahina | Family laptop| custom (broken!) | x86_64 | Pantheon, user "xenos", German | + +## Improvement Ideas (Prioritized) + +1. **Fix broken references** (5 files reference deleted configs) +2. **Extract retiolum secret boilerplate** into a function/module +3. **Split flake.nix** — at minimum extract the overlay to `overlay.nix` +4. **Break up configs/default.nix** into proper named files +5. **Remove orphaned packages** (gpt.nix, hora.nix, k-lock.nix) +6. **Remove unused flake inputs** (wallpapers) +7. **Clean up nixosModules.zsh-kmein** (references deleted file) +8. **Extract nginx+ACME server profile** +9. **Replace niveum-* aliases** with direct niphas-* references +10. **Fix modules/retiolum.nix** NIX_PATH usage for flake purity diff --git a/configs/hledger.nix b/configs/hledger.nix index 367d354..71e49fe 100644 --- a/configs/hledger.nix +++ b/configs/hledger.nix @@ -4,7 +4,6 @@ }: let ledgerDirectory = "/home/kfm/sync/src/ledger"; - hora = pkgs.callPackage ../packages/hora.nix { timeLedger = "${ledgerDirectory}/time.timeclock"; }; in { environment.systemPackages = @@ -12,7 +11,6 @@ in git = "${pkgs.git}/bin/git -C ${ledgerDirectory}"; in [ - hora pkgs.hledger (pkgs.writers.writeDashBin "hledger-git" '' if [ "$1" = entry ]; then diff --git a/flake.nix b/flake.nix index e381f36..969a14b 100644 --- a/flake.nix +++ b/flake.nix @@ -22,14 +22,12 @@ tinc-graph.url = "github:kmein/tinc-graph"; treefmt-nix.url = "github:numtide/treefmt-nix"; voidrice.url = "github:Lukesmithxyz/voidrice"; - wallpapers.url = "github:kmein/wallpapers"; nix-topology.url = "github:oddlama/nix-topology"; wetter.url = "github:4z3/wetter"; wrappers.url = "github:lassulus/wrappers"; llm-agents.url = "github:numtide/llm-agents.nix"; voidrice.flake = false; - wallpapers.flake = false; naersk.url = "github:nix-community/naersk"; fenix.url = "github:nix-community/fenix"; @@ -195,8 +193,6 @@ system-dependent = import modules/system-dependent.nix; telegram-bot = import modules/telegram-bot.nix; go-webring = import modules/go-webring.nix; - - zsh-kmein = import config/zsh.nix; }; overlays.default = final: prev: { diff --git a/packages/gpt.nix b/packages/gpt.nix deleted file mode 100644 index ad1a49a..0000000 --- a/packages/gpt.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - curl, - writers, - jq, - apiKeyCommand ? "pass api-keys/openai.com", - model ? "gpt-3.5-turbo", -}: -writers.writeDashBin "gpt" '' - json=$(jq --slurp --raw-input '{model:"${model}", messages: [{role: "user", content: .}]}') - ${curl}/bin/curl -sSL https://api.openai.com/v1/chat/completions \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer $(${apiKeyCommand})" \ - -d "$json" \ - | ${jq}/bin/jq -r '.choices[] | .message.content' -'' diff --git a/packages/hora.nix b/packages/hora.nix deleted file mode 100644 index 6cb68ef..0000000 --- a/packages/hora.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - symlinkJoin, - hledger, - writers, - lib, - git, - coreutils, - gnugrep, - timeLedger, - ... -}: -let - date = "${coreutils}/bin/date +'%Y-%m-%d %H:%M:%S'"; - - hora = writers.writeDashBin "hora" "${hledger}/bin/hledger -f ${lib.escapeShellArg timeLedger} \"$@\""; - hora-edit = writers.writeDashBin "hora-edit" "$EDITOR ${lib.escapeShellArg timeLedger}"; - hora-status = writers.writeDashBin "hora-status" "${coreutils}/bin/tac ${lib.escapeShellArg timeLedger} | ${gnugrep}/bin/grep -m 1 ."; - - hora-start = writers.writeDashBin "hora-start" '' - last_nonempty_line=$(${hora-status}/bin/hora-status) - (echo $last_nonempty_line | ${gnugrep}/bin/grep -q "^o") || { - echo "Last activity must be closed: $last_nonempty_line" >/dev/stderr - exit 1 - } - - account=$1 - (${hora}/bin/hora accounts | ${gnugrep}/bin/grep -q "^$account\$") || { - echo "The account '$account' is not known. Please add manually." - exit 1 - } - - message=$2 - date=$(${date}) - echo "i $date $account $message\n" >> "${timeLedger}" - echo "Started $account at $date" >/dev/stderr - ''; - - hora-stop = writers.writeDashBin "hora-stop" '' - last_nonempty_line=$(${hora-status}/bin/hora-status) - - (echo $last_nonempty_line | ${gnugrep}/bin/grep "^i") || { - echo "Last activity cannot be closed: $last_nonempty_line" >/dev/stderr - exit 1 - } - - last_activity=$(echo "$last_nonempty_line" | ${coreutils}/bin/cut -d' ' -f 4) - date=$(${date}) - - echo "o $date\n" >> ${timeLedger} - echo "Stopped $last_activity at $date" >/dev/stderr - ''; - - hora-year = writers.writeDashBin "hora-year" '' - ${hora}/bin/hora balance --tree --monthly --begin $(${coreutils}/bin/date +%Y) --depth 1 - ''; - hora-git = writers.writeDashBin "hora-git" '' - directory=$(${coreutils}/bin/dirname ${lib.escapeShellArg timeLedger}) - if [ $# -gt 0 ] - then - ${git}/bin/git -C "$directory" --all --message=$(${date}) - else - ${git}/bin/git -C "$directory" "$@" - fi - ''; - hora-weekly = writers.writeDashBin "hora-weekly" '' - ${hora}/bin/hora register -p weekly --depth 1 --empty - ''; -in -symlinkJoin { - name = "hora"; - paths = [ - hora - hora-edit - hora-start - hora-status - hora-stop - hora-year - hora-git - hora-weekly - ]; -} diff --git a/packages/k-lock.nix b/packages/k-lock.nix deleted file mode 100644 index abaa2b3..0000000 --- a/packages/k-lock.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - writers, - lib, - xlockmore, -}: -let - xlockModes = lib.concatStringsSep "\\n" [ - # "braid" - "galaxy" - # "lightning" - # "matrix" - "pyro2" - "space" - ]; -in -writers.writeDashBin "k-lock" '' - MODE=$(printf "${xlockModes}" | shuf -n 1) - - ${xlockmore}/bin/xlock \ - -saturation 0.4 \ - -erasemode no_fade \ - +description \ - -showdate \ - -username " " \ - -password " " \ - -info " " \ - -validate "..." \ - -invalid "Computer says no." \ - -mode "$MODE" -'' diff --git a/systems/kibbeh/configuration.nix b/systems/kibbeh/configuration.nix index 1b11347..f3d33ff 100644 --- a/systems/kibbeh/configuration.nix +++ b/systems/kibbeh/configuration.nix @@ -8,17 +8,14 @@ imports = [ ./hardware-configuration.nix ../../configs/spacetime.nix - ../../configs/admin-essentials.nix ../../configs/keyboard ../../configs/sound.nix ../../configs/printing.nix - ../../configs/nix.nix ../../configs/fonts.nix ../../configs/mycelium.nix ../../configs/retiolum.nix ../../configs/sshd.nix ../../configs/sudo.nix - ../../configs/zsh.nix ]; age.secrets = { diff --git a/systems/tabula/configuration.nix b/systems/tabula/configuration.nix index 546012f..9ef989c 100644 --- a/systems/tabula/configuration.nix +++ b/systems/tabula/configuration.nix @@ -10,8 +10,6 @@ ../../configs/spacetime.nix ../../configs/retiolum.nix ../../configs/sshd.nix - ../../configs/nix.nix - ../../configs/admin-essentials.nix ]; age.secrets = { diff --git a/systems/tahina/configuration.nix b/systems/tahina/configuration.nix index 0dad355..76d95f9 100644 --- a/systems/tahina/configuration.nix +++ b/systems/tahina/configuration.nix @@ -10,8 +10,6 @@ ../../configs/spacetime.nix ../../configs/sshd.nix ../../configs/retiolum.nix - ../../configs/nix.nix - ../../configs/admin-essentials.nix ]; age.secrets = { diff --git a/systems/zaatar/configuration.nix b/systems/zaatar/configuration.nix index 89d6b48..bfea5ed 100644 --- a/systems/zaatar/configuration.nix +++ b/systems/zaatar/configuration.nix @@ -11,7 +11,6 @@ ./hardware-configuration.nix ./home-assistant.nix ../../configs/printing.nix - ../../configs/tmux.nix ../../configs/wpa_supplicant.nix ];