Add reusable k3s-node role with configurable options for server/agent
modes. Configure john-endesktop as a k3s agent joining the cluster at
10.0.0.222.
Role supports:
- Server or agent role selection
- Configurable server address and token file
- Graceful node shutdown
- Optional firewall port opening
- Cluster initialization for first server
Note: NixOS nodes must be labeled with `k3s-upgrade=disabled` to exclude
them from the system-upgrade-controller, since NixOS manages k3s upgrades
through Nix rather than in-place binary replacement.
The nvidia role now handles full driver configuration instead of just
packages. Added options for open driver, modesetting, power management,
graphics settings, and driver package selection.
Updated zix790prors and wixos machine configs to use the new role
options, removing duplicated hardware.nvidia configuration blocks.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Create roles/common.nix containing shared configuration between NixOS and
Darwin: timezone, base packages (git, glances, pciutils, tree, usbutils, vim),
nix settings (experimental-features, max-jobs, trusted-users), gc config,
and allowUnfree setting.
Both roles/default.nix and roles/darwin.nix now import common.nix and only
contain platform-specific configuration.
The original implementation had several issues that prevented it from
building:
- Used buildInputs instead of nativeBuildInputs for makeWrapper
- Referenced wrong executable name (jellyfinmediaplayer vs jellyfin-desktop)
- Used wrapProgram which doesn't work with symlinks from symlinkJoin
Fixed by using makeWrapper directly with the correct executable path
after removing the symlink.
Also enabled jellyfinScaleFactor = 1.5 on boxy for UI scaling.
Fix syntax error by wrapping permittedInsecurePackages list with
lib.warn function call. The warning now properly displays during
evaluation about qtwebengine-5.15.19 being required for
jellyfin-media-player until it migrates to qt6.
Dolphin-emu and dolphin-emu-primehack now use maintained mbedtls version
3.6.5 instead of unmaintained mbedtls_2. No longer need to permit insecure
packages.
Verified both packages build successfully without the workaround.
Re-enable dolphin-emu-primehack now that binary build is fixed in 25.11.
Re-enable fluffychat as security issues have been resolved in nixpkgs 25.11.
Both packages verified to build and function correctly.
- Update flake inputs from 25.05 to 25.11 (nixpkgs, home-manager, nix-darwin)
- Remove Jovian compatibility shim that's no longer needed
- Move SteamOS configuration to only import in nix-deck machine
- Fixes jovian module not found error during nixos-rebuild
dolphin-emu-primehack will be available as a pre-build in 25.11
retroarch-full -- in general I'm wondering of using steam>retroarch is a
better experience
- Add Jovian-NixOS integration for Steam Deck hardware support
- Create nix-deck machine configuration with SteamOS role
- Add jovian-compat.nix for NixOS 25.05 compatibility (remove in 25.11+)
- Create remote-build role for distributed builds
- Configure zix790prors as build host
- Configure nix-book and nix-deck to use remote builder with fallback
- Add comprehensive setup documentation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Enables proper desktop integration services when using KDE applications
in i3 window manager, including file dialogs, theme integration, and
screen sharing capabilities.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Configured nix-darwin to write shell configuration to .local
variants (/etc/bash.local, /etc/zshrc.local, /etc/zshenv.local) instead
of managing the main shell files. This allows Salt (corporate laptop
management) to manage /etc/bashrc, /etc/zshrc, and /etc/zshenv while
nix-darwin provides the Nix environment setup through the .local files
that Salt already sources.
I'm standardizing on bitwarden and rbw for secrets. No need to build out
a separate secret management system. The complexity of this was just not
worth it for my effectively single-user workflows
