fix broken references to deleted files, remove dead code

Build-breaking fixes: - kibbeh: remove imports of deleted admin-essentials, nix, zsh configs (all provided by niphas via profiles.default + profiles.desktop) - tabula, tahina: remove imports of deleted admin-essentials, nix configs (provided by niphas via profiles.default) - zaatar: remove import of deleted tmux config (provided by niphas via profiles.default) Dead code removal: - flake.nix: remove nixosModules.zsh-kmein (referenced deleted config/zsh.nix) - flake.nix: remove unused wallpapers input - packages/gpt.nix, hora.nix, k-lock.nix: orphaned, not in overlay or referenced - configs/hledger.nix: remove hora reference (package deleted)
2026-03-16 10:11:08 +01:00 · 2026-02-17 21:10:27 +01:00
parent 3bebe25adb
commit 36132b0454
10 changed files with 104 additions and 140 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -0,0 +1,104 @@
 # niveum — Agent Notes
 ## What This Is
 A NixOS flake managing ~9 machines (desktops, servers, family laptops) for one user (kmein/kfm).
 Levantine food-themed hostnames: fatteh, kabsa, kibbeh, makanek, manakish, tabula, tahina, zaatar, ful.
 ## Repository Structure
 ```
 flake.nix          # 636 lines — everything: inputs, overlay, nixosConfigurations, apps, packages
 configs/           # ~50 NixOS config fragments imported by systems (desktop defaults, programs, services)
  default.nix      # 200+ line mega-module for desktop machines (user, shell, gnupg, i18n, etc.)
  graphical/       # Hyprland + home-manager config (415 lines in home-manager.nix)
  packages.nix     # ~250 lines of environment.systemPackages
  bots/            # Telegram/Mastodon/Matrix bot configs
  keyboard/        # XKB layouts (Coptic, Avestan, Gothic, etc.)
 configs/*.nix      # Individual concerns: bluetooth, sound, printing, ssh, fonts, etc.
 modules/           # Proper NixOS modules with options (retiolum, telegram-bot, passport, power-action, etc.)
 packages/          # ~93 package files (many small scripts/wrappers)
 systems/<name>/    # Per-machine: configuration.nix + hardware-configuration.nix + extras
 lib/               # default.nix (niveum helpers), machines.nix (IP/key inventory), panoptikon.nix
 secrets/           # agenix-encrypted .age files (empty dir in checkout, tracked via secrets.txt)
 .bin/              # toposort.nix (seems unused/experimental)
 ```
 ## Key Relationships
 - **niphas** (input): Provides shared "how I like things" config — nixosModules (shell, editor, git, desktop, nix, udiskie) and overlay (niphas-* packages). Used in `profiles.default` and `profiles.desktop`.
 - **configs/default.nix**: The "big desktop profile" — imported by fatteh, kabsa, manakish (the main desktop machines). NOT imported by servers or family laptops.
 - **profiles** (in flake.nix): `profiles.default`, `profiles.desktop`, `profiles.server` — lists of modules composed per machine.
 - **lib.niveum**: Custom lib injected via overlay (`pkgs.lib.niveum`) — used everywhere for machine addresses, SSH port, helper functions.
 ## Known Bugs / Broken References
 All previously broken references have been fixed. See git log for details.
 The deleted files (`configs/admin-essentials.nix`, `configs/nix.nix`, `configs/zsh.nix`,
 `configs/tmux.nix`) were superseded by niphas modules already present in `profiles.default`.
 ## Architectural Issues
 ### 1. flake.nix is a monolith (636 lines)
 The overlay alone is ~180 lines. The nixosConfigurations block is ~170 lines. Overlay, apps, packages output, nixosConfigurations, profiles — all in one file.
 ### 2. configs/default.nix is a grab-bag (200+ lines, ~15 inline anonymous modules)
 It's a list of `imports` mixing inline `{ ... }` blocks with file imports. Hard to find what's defined where. Many of these inline blocks should be their own files (user config, i18n, gnupg, dconf, xdg dirs, etc.).
 ### 3. Retiolum secret boilerplate repeated 9 times
 Every system has a near-identical block:
 ```nix
 age.secrets.retiolum-rsa = { file = ../../secrets/${hostname}-retiolum-privateKey-rsa.age; mode = "400"; owner = "tinc-retiolum"; group = "tinc-retiolum"; };
 age.secrets.retiolum-ed25519 = { ... same ... };
 ```
 This could be a function or module parameterized by hostname.
 ### 4. Nginx + ACME boilerplate duplicated
 ful and makanek have identical nginx recommended settings + ACME config. Should be a shared server profile.
 ### 5. modules/retiolum.nix uses NIX_PATH lookups (`<retiolum/hosts>`, `<system-secrets/...>`)
 This breaks flake purity. The `configs/retiolum.nix` partially overrides the key paths to use agenix, but the hosts file and extraHosts still use `<retiolum/...>`.
 ### 6. Orphaned packages
 - `packages/gpt.nix`, `packages/hora.nix`, `packages/k-lock.nix` — not in overlay, not referenced anywhere
 - `wallpapers` flake input — declared but never referenced in outputs
 - `naersk` and `fenix` inputs — only used transitively via `follows`, not directly
 ### 7. niveum-* overlay aliases
 After our cleanup, `niveum-terminal`, `niveum-browser`, `niveum-filemanager` are aliases to niphas equivalents. These could be removed by updating the ~6 references in configs/i3.nix, configs/graphical/home-manager.nix, configs/default.nix to use niphas-* names directly.
 ### 8. The `pkgs.lib.niveum` pattern
 Custom lib is injected via overlay into `pkgs.lib`. This works but is unconventional — it means the lib is only available where the overlay is applied, and it pollutes the pkgs namespace. A `specialArgs` approach or a standalone lib would be cleaner.
 ### 9. Restic backup config scattered
 `services.restic.backups.niveum` is configured in configs/backup.nix, configs/applicative.nix, and extended in 5+ system files. The module system merges these, but it's hard to see what a given machine backs up without reading multiple files.
 ### 10. configs/ vs modules/ distinction is unclear
 `configs/` has both stateless config fragments (spacetime.nix = timezone) and stateful ones (backup.nix, cloud.nix). `modules/` has proper option-declaring modules. Some configs/ files (like power-action.nix) are actually imported from modules/. The boundary is blurry.
 ## Machines Overview
 | Machine   | Role         | Profile          | Arch         | Notes                              |
 |-----------|--------------|------------------|--------------|------------------------------------|
 | fatteh    | Desktop      | default+desktop  | x86_64       | ThinkPad T480, CUDA, main daily    |
 | kabsa     | Desktop      | default+desktop  | x86_64       | ThinkPad X220, constrained (2 jobs)|
 | manakish  | Desktop      | default+desktop  | x86_64       | ThinkPad X230                      |
 | kibbeh    | Desktop      | custom (broken!) | x86_64       | Pantheon DE, travel laptop          |
 | ful       | Server       | default+server   | aarch64      | Oracle/Hetzner, nginx, web services|
 | makanek   | Server       | default+server   | x86_64       | Hetzner, gitea, nextcloud, weechat |
 | zaatar    | Server/Home  | custom (broken!) | x86_64       | Home assistant, backup server       |
 | tabula    | Family laptop| custom (broken!) | x86_64       | LXQt, user "xenos"                 |
 | tahina    | Family laptop| custom (broken!) | x86_64       | Pantheon, user "xenos", German      |
 ## Improvement Ideas (Prioritized)
 1. **Fix broken references** (5 files reference deleted configs)
 2. **Extract retiolum secret boilerplate** into a function/module
 3. **Split flake.nix** — at minimum extract the overlay to `overlay.nix`
 4. **Break up configs/default.nix** into proper named files
 5. **Remove orphaned packages** (gpt.nix, hora.nix, k-lock.nix)
 6. **Remove unused flake inputs** (wallpapers)
 7. **Clean up nixosModules.zsh-kmein** (references deleted file)
 8. **Extract nginx+ACME server profile**
 9. **Replace niveum-* aliases** with direct niphas-* references
 10. **Fix modules/retiolum.nix** NIX_PATH usage for flake purity
--- a/configs/hledger.nix
+++ b/configs/hledger.nix
@@ -4,7 +4,6 @@
 }:
 let
  ledgerDirectory = "/home/kfm/sync/src/ledger";
  hora = pkgs.callPackage ../packages/hora.nix { timeLedger = "${ledgerDirectory}/time.timeclock"; };
 in
 {
  environment.systemPackages =
@@ -12,7 +11,6 @@ in
      git = "${pkgs.git}/bin/git -C ${ledgerDirectory}";
    in
    [
      hora
      pkgs.hledger
      (pkgs.writers.writeDashBin "hledger-git" ''
        if [ "$1" = entry ]; then
--- a/flake.nix
+++ b/flake.nix
@@ -22,14 +22,12 @@
    tinc-graph.url = "github:kmein/tinc-graph";
    treefmt-nix.url = "github:numtide/treefmt-nix";
    voidrice.url = "github:Lukesmithxyz/voidrice";
    wallpapers.url = "github:kmein/wallpapers";
    nix-topology.url = "github:oddlama/nix-topology";
    wetter.url = "github:4z3/wetter";
    wrappers.url = "github:lassulus/wrappers";
    llm-agents.url = "github:numtide/llm-agents.nix";
    voidrice.flake = false;
    wallpapers.flake = false;
    naersk.url = "github:nix-community/naersk";
    fenix.url = "github:nix-community/fenix";
@@ -195,8 +193,6 @@
        system-dependent = import modules/system-dependent.nix;
        telegram-bot = import modules/telegram-bot.nix;
        go-webring = import modules/go-webring.nix;
        zsh-kmein = import config/zsh.nix;
      };
      overlays.default = final: prev: {
--- a/packages/gpt.nix
+++ b/packages/gpt.nix
@@ -1,15 +0,0 @@
 {
  curl,
  writers,
  jq,
  apiKeyCommand ? "pass api-keys/openai.com",
  model ? "gpt-3.5-turbo",
 }:
 writers.writeDashBin "gpt" ''
  json=$(jq --slurp --raw-input '{model:"${model}", messages: [{role: "user", content: .}]}')
  ${curl}/bin/curl -sSL https://api.openai.com/v1/chat/completions \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer $(${apiKeyCommand})" \
    -d "$json" \
    | ${jq}/bin/jq -r '.choices[] | .message.content'
 ''
--- a/packages/hora.nix
+++ b/packages/hora.nix
@@ -1,81 +0,0 @@
 {
  symlinkJoin,
  hledger,
  writers,
  lib,
  git,
  coreutils,
  gnugrep,
  timeLedger,
  ...
 }:
 let
  date = "${coreutils}/bin/date +'%Y-%m-%d %H:%M:%S'";
  hora = writers.writeDashBin "hora" "${hledger}/bin/hledger -f ${lib.escapeShellArg timeLedger} \"$@\"";
  hora-edit = writers.writeDashBin "hora-edit" "$EDITOR ${lib.escapeShellArg timeLedger}";
  hora-status = writers.writeDashBin "hora-status" "${coreutils}/bin/tac ${lib.escapeShellArg timeLedger} | ${gnugrep}/bin/grep -m 1 .";
  hora-start = writers.writeDashBin "hora-start" ''
    last_nonempty_line=$(${hora-status}/bin/hora-status)
    (echo $last_nonempty_line | ${gnugrep}/bin/grep -q "^o") || {
        echo "Last activity must be closed: $last_nonempty_line" >/dev/stderr
        exit 1
    }
    account=$1
    (${hora}/bin/hora accounts | ${gnugrep}/bin/grep -q "^$account\$") || {
        echo "The account '$account' is not known. Please add manually."
        exit 1
    }
    message=$2
    date=$(${date})
    echo "i $date $account  $message\n" >> "${timeLedger}"
    echo "Started $account at $date" >/dev/stderr 
  '';
  hora-stop = writers.writeDashBin "hora-stop" ''
    last_nonempty_line=$(${hora-status}/bin/hora-status)
    (echo $last_nonempty_line | ${gnugrep}/bin/grep "^i") || {
        echo "Last activity cannot be closed: $last_nonempty_line" >/dev/stderr
        exit 1
    }
    last_activity=$(echo "$last_nonempty_line" | ${coreutils}/bin/cut -d' ' -f 4)
    date=$(${date})
    echo "o $date\n" >> ${timeLedger}
    echo "Stopped $last_activity at $date" >/dev/stderr
  '';
  hora-year = writers.writeDashBin "hora-year" ''
    ${hora}/bin/hora balance --tree --monthly --begin $(${coreutils}/bin/date +%Y) --depth 1
  '';
  hora-git = writers.writeDashBin "hora-git" ''
    directory=$(${coreutils}/bin/dirname ${lib.escapeShellArg timeLedger})
    if [ $# -gt 0 ]
    then
      ${git}/bin/git -C "$directory" --all --message=$(${date})
    else
      ${git}/bin/git -C "$directory" "$@"
    fi
  '';
  hora-weekly = writers.writeDashBin "hora-weekly" ''
    ${hora}/bin/hora register -p weekly --depth 1 --empty
  '';
 in
 symlinkJoin {
  name = "hora";
  paths = [
    hora
    hora-edit
    hora-start
    hora-status
    hora-stop
    hora-year
    hora-git
    hora-weekly
  ];
 }
--- a/packages/k-lock.nix
+++ b/packages/k-lock.nix
@@ -1,30 +0,0 @@
 {
  writers,
  lib,
  xlockmore,
 }:
 let
  xlockModes = lib.concatStringsSep "\\n" [
    # "braid"
    "galaxy"
    # "lightning"
    # "matrix"
    "pyro2"
    "space"
  ];
 in
 writers.writeDashBin "k-lock" ''
  MODE=$(printf "${xlockModes}" | shuf -n 1)
  ${xlockmore}/bin/xlock \
    -saturation 0.4 \
    -erasemode no_fade \
    +description \
    -showdate \
    -username " " \
    -password " " \
    -info " " \
    -validate "..." \
    -invalid "Computer says no." \
    -mode "$MODE"
 ''
--- a/systems/kibbeh/configuration.nix
+++ b/systems/kibbeh/configuration.nix
@@ -8,17 +8,14 @@
  imports = [
    ./hardware-configuration.nix
    ../../configs/spacetime.nix
    ../../configs/admin-essentials.nix
    ../../configs/keyboard
    ../../configs/sound.nix
    ../../configs/printing.nix
    ../../configs/nix.nix
    ../../configs/fonts.nix
    ../../configs/mycelium.nix
    ../../configs/retiolum.nix
    ../../configs/sshd.nix
    ../../configs/sudo.nix
    ../../configs/zsh.nix
  ];
  age.secrets = {
--- a/systems/tabula/configuration.nix
+++ b/systems/tabula/configuration.nix
@@ -10,8 +10,6 @@
    ../../configs/spacetime.nix
    ../../configs/retiolum.nix
    ../../configs/sshd.nix
    ../../configs/nix.nix
    ../../configs/admin-essentials.nix
  ];
  age.secrets = {
--- a/systems/tahina/configuration.nix
+++ b/systems/tahina/configuration.nix
@@ -10,8 +10,6 @@
    ../../configs/spacetime.nix
    ../../configs/sshd.nix
    ../../configs/retiolum.nix
    ../../configs/nix.nix
    ../../configs/admin-essentials.nix
  ];
  age.secrets = {
--- a/systems/zaatar/configuration.nix
+++ b/systems/zaatar/configuration.nix
@@ -11,7 +11,6 @@
    ./hardware-configuration.nix
    ./home-assistant.nix
    ../../configs/printing.nix
    ../../configs/tmux.nix
    ../../configs/wpa_supplicant.nix
  ];