Add plasma-bigscreen role with package built from upstream master
(not yet in nixpkgs, tracking NixOS/nixpkgs#428077).
Changes:
- New role: roles/plasma-bigscreen/ (module + package derivation)
- boxy configuration: swap roles.kodi for roles.plasma-bigscreen
- Keeps all existing functionality: Jellyfin, Stremio, Firefox,
KDE Connect, app-launcher-server, AVR volume control (kodi user)
- Autologins to plasma-bigscreen-wayland session instead of plasma
NOTE: First build will fail with a hash mismatch on the source
fetch — copy the correct sha256 from the error into package.nix.
Some dep attribute names may also need adjustment on first build.
CronJob runs at 0/6/12/18h. Old 2-4 PM window never had a run
inside it, so Renovate never created PRs. Shift to 5-7 PM so the
18:00 run lands in the window. nixpkgs-qt staggered to 7-9 PM.
Enable wlr portal conditionally when wayland is active.
Add sway-specific portal config routing ScreenCast and
Screenshot interfaces through the wlr backend.
Extract shared package definition, add to flake packages output
and CI workflow so perles gets built and cached by Harmonia.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace inline wg-quick config in nix-book with a reusable role that
uses inline config instead of configFile, fixing the world-readable
/tmp key leak. Adds network-online.target dependency to prevent boot
failures from DNS not being ready.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Skip the create_handoff command during humanlayer plugin installation
and explicitly remove it if previously installed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Update beads and gastown flake inputs and vendorHashes
- Remove merged-upstream patches for gastown and beads
- Deduplicate beads/gastown build definitions in home role by using
callPackage to reference shared packages/ definitions
- Pin dolt to v1.82.4 (gastown requires >= 1.82.4)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The upstream gastown Go dependencies changed, causing a hash mismatch
in the fixed-output derivation. Updated vendorHash in both:
- packages/gastown/default.nix (flake packages output)
- home/roles/development/default.nix (home-manager inline build)
Add dnouri/pi-coding-agent as an Emacs frontend for the pi coding agent.
Pinned to commit 8d8158b.
- Package installed from GitHub with all .el files (includes md-ts-mode)
- Suppress grammar auto-install prompt since tree-sitter grammars are
already managed by Nix (treesit-grammars.with-all-grammars)
- Keybinding: SPC o p to launch pi-coding-agent
- Alias: M-x pi as shortcut for M-x pi-coding-agent
- Add pi-coding-agent package (v0.55.4) with multi-platform support
- Replace custom Go 1.25.6 override with nixpkgs-unstable buildGoModule
for beads and perles builds
- Update flake inputs: beads, nixpkgs-unstable, perles
- Update vendor hashes for beads and perles
- Add pi-coding-agent to development role
The monitor refresh rate was only configured via xrandr session commands,
which have no effect on Wayland/Sway sessions, leaving it at 60Hz.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- beads: update to 0.52.0 (16af00d7), refresh vendorHash
- gastown: update to 35157d02, remove flake=false now that upstream has flake.nix
- gastown: add inputs.nixpkgs.follows and inputs.beads.follows to deduplicate deps
- Clean up stale comments
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Kernel and qt5webengine builds are memory-intensive. Limiting to
2 parallel jobs prevents swapping on john-endesktop.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
qtwebengine-5.15.19 is marked insecure but stremio requires it.
Add to permittedInsecurePackages for the pkgsQt import.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Stremio uses qt5webengine, so it benefits from the separate
nixpkgs-qt input to avoid rebuild churn.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The Steam Deck (nix-deck) kernel from Jovian-NixOS is expensive to
build. Pre-building it in CI saves significant time on updates.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The org-msg commit pinned by doom-emacs was force-pushed away.
Pin it locally to a valid commit on main branch.
Also updates nix-doom-emacs-unstraightened input.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add permittedInsecurePackages to qt-pinned config in flake.nix
- Use qt-pinned.stremio instead of pkgs.stremio
- Update warning message to reference nixpkgs-qt
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- PRs: Fast flake check with clear status
- Main: check → build-and-cache (build only starts if check passes)
- Clearer failure attribution and status badges
Tradeoff: 2x nix-setup on main pushes, but better job structure.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
nix build outputs progress info to stdout along with the store path.
Filter to only the /nix/store/ line to get the actual path.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Merge check and build-and-cache into one job to eliminate redundant
nix-setup step. Saves ~1m43s per run.
- PRs: checkout → nix-setup → flake check
- Main pushes: same + build/sign/cache all packages
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add packages/beads and packages/gastown with shared definitions
- Expose custom-beads and custom-gastown in flake packages output
- Consolidate CI from matrix (8 parallel jobs) to single job with loop
- Saves ~12 minutes of redundant nix-setup time per run
- Uses ::group:: for collapsible log sections per package
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add packages output with:
- custom-* packages from packages/
- qt-pinned-jellyfin-media-player
Update CI to use hyphenated names (flake attrs can't have dots)
Focus on packages that actually need caching:
- custom.* packages from packages/
- qt-pinned.jellyfin-media-player (qt5webengine)
Avoids unrelated build failures (steam) and is much faster.
nixpkgs ships Go 1.25.5, but beads' dolt dependencies (dolthub/driver,
dolthub/go-icu-regex) require Go >= 1.25.6. Override Go toolchain to
1.25.6 and add ICU build dependency for dolt's regex library.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace broken k8s harmonia deployment with native NixOS service.
Configuration:
- services.harmonia.enable = true
- Bind to [::]:5000 (IPv4 and IPv6)
- Sign key at /etc/harmonia/signing-key.private
- Open firewall port 5000
The signing key must be placed manually on john-endesktop at
/etc/harmonia/signing-key.private using the key generated earlier.
Closes: x-fqaob
- Build all 6 machines (nix-book, boxy, zix790prors, nix-deck, john-endesktop, live-usb) in parallel matrix
- Only runs on push to main after check passes
- Signs closures with NIX_SIGNING_KEY secret
- Pushes to cache via SSH using CACHE_SSH_KEY, CACHE_HOST, CACHE_USER secrets
- Skips Darwin as no builder available
Required Gitea secrets:
- NIX_SIGNING_KEY: Cache signing private key
- CACHE_SSH_KEY: SSH key for cache server access
- CACHE_HOST: Cache server hostname
- CACHE_USER: SSH user for cache server
Closes: x-iyz0w
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
