From 6fe970ae3a6c1e09ba52f8858224d1b0158b6947 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Tue, 17 Feb 2026 21:36:09 +0100 Subject: [PATCH] update AGENTS.md with current state - Remove resolved issues (broken refs, orphaned packages, dead code) - Add coding conventions section (lib.getExe, writer patterns) - Fix machine table (kibbeh/zaatar/tabula/tahina profiles are correct now) - Trim improvement ideas to remaining items only --- AGENTS.md | 99 ++++++++++++++++++++++++++----------------------------- 1 file changed, 46 insertions(+), 53 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index b548b62..15b8ec2 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -8,8 +8,8 @@ Levantine food-themed hostnames: fatteh, kabsa, kibbeh, makanek, manakish, tabul ## Repository Structure ``` -flake.nix # ~650 lines — everything: inputs, overlay, nixosConfigurations, apps, packages -configs/ # ~50 NixOS config fragments imported by systems (desktop defaults, programs, services) +flake.nix # ~670 lines — inputs, overlay, nixosConfigurations, apps, packages output +configs/ # ~50 NixOS config fragments imported by systems default.nix # 200+ line mega-module for desktop machines (user, shell, gnupg, i18n, etc.) graphical/ # Hyprland + home-manager config (415 lines in home-manager.nix) packages.nix # ~250 lines of environment.systemPackages @@ -30,74 +30,67 @@ secrets/ # agenix-encrypted .age files (empty dir in checkout, tracked - **profiles** (in flake.nix): `profiles.default`, `profiles.desktop`, `profiles.server` — lists of modules composed per machine. - **lib.niveum**: Custom lib injected via overlay (`pkgs.lib.niveum`) — used everywhere for machine addresses, SSH port, helper functions. +## Coding Conventions + +- Packages use `writers.writeDashBin`, `writers.writeBashBin`, or `writers.writePython3Bin` +- Dependencies are referenced via `lib.getExe pkg` (main executable) or `lib.getExe' pkg "name"` (specific binary) +- For packages needing many commands via PATH, use `lib.makeBinPath` instead (see `packages/prospekte.nix`) +- Overlay entries use `prev.callPackage packages/foo.nix { }` pattern +- Packages are exported via `inherit (pkgs) ...` in the `packages` output + ## Known Bugs / Broken References -All previously broken references have been fixed. See git log for details. -The deleted files (`configs/admin-essentials.nix`, `configs/nix.nix`, `configs/zsh.nix`, -`configs/tmux.nix`) were superseded by niphas modules already present in `profiles.default`. +All previously broken references have been fixed (see commits `36132b04`, `e67d6d7d`). + +Remaining issues: +- `modules/retiolum.nix` uses `` and `` NIX_PATH lookups — breaks flake purity but works with current `NIX_PATH` setup ## Architectural Issues -### 1. flake.nix is a monolith (636 lines) -The overlay alone is ~180 lines. The nixosConfigurations block is ~170 lines. Overlay, apps, packages output, nixosConfigurations, profiles — all in one file. +### 1. configs/default.nix is a grab-bag (200+ lines, ~15 inline anonymous modules) +It's a list of `imports` mixing inline `{ ... }` blocks with file imports. Hard to find what's defined where. -### 2. configs/default.nix is a grab-bag (200+ lines, ~15 inline anonymous modules) -It's a list of `imports` mixing inline `{ ... }` blocks with file imports. Hard to find what's defined where. Many of these inline blocks should be their own files (user config, i18n, gnupg, dconf, xdg dirs, etc.). - -### 3. Retiolum secret boilerplate repeated 9 times +### 2. Retiolum secret boilerplate repeated 9 times Every system has a near-identical block: ```nix -age.secrets.retiolum-rsa = { file = ../../secrets/${hostname}-retiolum-privateKey-rsa.age; mode = "400"; owner = "tinc-retiolum"; group = "tinc-retiolum"; }; +age.secrets.retiolum-rsa = { file = ../../secrets/${hostname}-retiolum-privateKey-rsa.age; mode = "400"; owner = "tinc-retiolum"; ... }; age.secrets.retiolum-ed25519 = { ... same ... }; ``` -This could be a function or module parameterized by hostname. +Could be a function or module parameterized by hostname. -### 4. Nginx + ACME boilerplate duplicated -ful and makanek have identical nginx recommended settings + ACME config. Should be a shared server profile. +### 3. Nginx + ACME boilerplate duplicated +ful and makanek have identical nginx recommended settings + ACME config. -### 5. modules/retiolum.nix uses NIX_PATH lookups (``, ``) -This breaks flake purity. The `configs/retiolum.nix` partially overrides the key paths to use agenix, but the hosts file and extraHosts still use ``. +### 4. niveum-* overlay aliases +`niveum-terminal`, `niveum-browser`, `niveum-filemanager` are aliases to niphas equivalents. Could be removed by updating ~6 references in configs/ to use niphas-* names directly. -### 6. Orphaned packages -- `packages/gpt.nix`, `packages/hora.nix`, `packages/k-lock.nix` — not in overlay, not referenced anywhere -- `wallpapers` flake input — declared but never referenced in outputs -- `naersk` and `fenix` inputs — only used transitively via `follows`, not directly +### 5. The `pkgs.lib.niveum` pattern +Custom lib injected via overlay into `pkgs.lib`. Unconventional — only available where overlay is applied. A `specialArgs` approach or standalone lib would be cleaner. -### 7. niveum-* overlay aliases -After our cleanup, `niveum-terminal`, `niveum-browser`, `niveum-filemanager` are aliases to niphas equivalents. These could be removed by updating the ~6 references in configs/i3.nix, configs/graphical/home-manager.nix, configs/default.nix to use niphas-* names directly. +### 6. Restic backup config scattered +`services.restic.backups.niveum` is configured in configs/backup.nix, configs/applicative.nix, and extended in 5+ system files. Hard to see what a given machine backs up. -### 8. The `pkgs.lib.niveum` pattern -Custom lib is injected via overlay into `pkgs.lib`. This works but is unconventional — it means the lib is only available where the overlay is applied, and it pollutes the pkgs namespace. A `specialArgs` approach or a standalone lib would be cleaner. - -### 9. Restic backup config scattered -`services.restic.backups.niveum` is configured in configs/backup.nix, configs/applicative.nix, and extended in 5+ system files. The module system merges these, but it's hard to see what a given machine backs up without reading multiple files. - -### 10. configs/ vs modules/ distinction is unclear -`configs/` has both stateless config fragments (spacetime.nix = timezone) and stateful ones (backup.nix, cloud.nix). `modules/` has proper option-declaring modules. Some configs/ files (like power-action.nix) are actually imported from modules/. The boundary is blurry. +### 7. configs/ vs modules/ distinction blurry +`configs/` has both stateless config fragments (spacetime.nix = timezone) and stateful ones (backup.nix, cloud.nix). `modules/` has proper option-declaring modules. Some configs/ files import from modules/. ## Machines Overview -| Machine | Role | Profile | Arch | Notes | -|-----------|--------------|------------------|--------------|------------------------------------| -| fatteh | Desktop | default+desktop | x86_64 | ThinkPad T480, CUDA, main daily | -| kabsa | Desktop | default+desktop | x86_64 | ThinkPad X220, constrained (2 jobs)| -| manakish | Desktop | default+desktop | x86_64 | ThinkPad X230 | -| kibbeh | Desktop | custom (broken!) | x86_64 | Pantheon DE, travel laptop | -| ful | Server | default+server | aarch64 | Oracle/Hetzner, nginx, web services| -| makanek | Server | default+server | x86_64 | Hetzner, gitea, nextcloud, weechat | -| zaatar | Server/Home | custom (broken!) | x86_64 | Home assistant, backup server | -| tabula | Family laptop| custom (broken!) | x86_64 | LXQt, user "xenos" | -| tahina | Family laptop| custom (broken!) | x86_64 | Pantheon, user "xenos", German | +| Machine | Role | Profile | Arch | Notes | +|-----------|--------------|------------------|---------|---------------------------------------| +| fatteh | Desktop | default+desktop | x86_64 | ThinkPad T480, CUDA, main daily | +| kabsa | Desktop | default+desktop | x86_64 | ThinkPad X220, constrained (2 jobs) | +| manakish | Desktop | default+desktop | x86_64 | ThinkPad X230 | +| kibbeh | Desktop | default+desktop | x86_64 | Pantheon DE, travel laptop | +| ful | Server | default+server | aarch64 | Oracle/Hetzner, nginx, web services | +| makanek | Server | default+server | x86_64 | Hetzner, gitea, nextcloud, weechat | +| zaatar | Server/Home | default+server | x86_64 | Home assistant, backup server | +| tabula | Family laptop| default | x86_64 | LXQt, user "xenos" | +| tahina | Family laptop| default | x86_64 | Pantheon, user "xenos", German | -## Improvement Ideas (Prioritized) +## Remaining Improvement Ideas -1. **Fix broken references** (5 files reference deleted configs) -2. **Extract retiolum secret boilerplate** into a function/module -3. **Split flake.nix** — at minimum extract the overlay to `overlay.nix` -4. **Break up configs/default.nix** into proper named files -5. **Remove orphaned packages** (gpt.nix, hora.nix, k-lock.nix) -6. **Remove unused flake inputs** (wallpapers) -7. **Clean up nixosModules.zsh-kmein** (references deleted file) -8. **Extract nginx+ACME server profile** -9. **Replace niveum-* aliases** with direct niphas-* references -10. **Fix modules/retiolum.nix** NIX_PATH usage for flake purity +1. **Extract retiolum secret boilerplate** into a function/module +2. **Break up configs/default.nix** into proper named files +3. **Extract nginx+ACME server profile** +4. **Replace niveum-* aliases** with direct niphas-* references +5. **Fix modules/retiolum.nix** NIX_PATH usage for flake purity