- Add specialArgs to nix-deck (was missing nixpkgs-unstable, causing
infinite recursion when roles/local-inference evaluated it)
- Move local-inference import out of roles/default.nix: its module-level
disabledModules/imports conflict with nix-deck's unstable-based nixpkgs
- Import local-inference directly in zix790prors (the only machine that
enables it)
- Add custom-qmd and custom-opencode to CI build-and-cache packages
- Add local-inference NixOS role using llama-swap (from nixpkgs-unstable)
with llama.cpp (CUDA-enabled, from nixpkgs-unstable)
- Serves Qwen3.6-35B-A3B via HuggingFace auto-download with --cpu-moe
- Add nixosSpecialArgs for nixpkgs-unstable module access
- Configure opencode with llama-local provider pointing to zix790prors:8080
- Update gptel from Ollama backend to OpenAI-compatible llama-swap backend
- Remove ollama service from zix790prors
Add plasma-bigscreen role with package built from upstream master
(not yet in nixpkgs, tracking NixOS/nixpkgs#428077).
Changes:
- New role: roles/plasma-bigscreen/ (module + package derivation)
- boxy configuration: swap roles.kodi for roles.plasma-bigscreen
- Keeps all existing functionality: Jellyfin, Stremio, Firefox,
KDE Connect, app-launcher-server, AVR volume control (kodi user)
- Autologins to plasma-bigscreen-wayland session instead of plasma
NOTE: First build will fail with a hash mismatch on the source
fetch — copy the correct sha256 from the error into package.nix.
Some dep attribute names may also need adjustment on first build.
Replace inline wg-quick config in nix-book with a reusable role that
uses inline config instead of configFile, fixing the world-readable
/tmp key leak. Adds network-online.target dependency to prevent boot
failures from DNS not being ready.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add a new system-level role for mounting WebDAV filesystems via rclone.
Includes rclone-torbox-setup helper script that uses rbw to bootstrap
credentials from Bitwarden.
Key features:
- Configurable WebDAV URL, username, mount point
- VFS cache mode and buffer size tuning for media streaming
- RequiresMountsFor option for ZFS pool dependencies
- Obscured password storage via environment file
Enable on john-endesktop for TorBox WebDAV access by rdt-client and
Jellyfin. Mount waits for /media ZFS pool before starting.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add reusable k3s-node role with configurable options for server/agent
modes. Configure john-endesktop as a k3s agent joining the cluster at
10.0.0.222.
Role supports:
- Server or agent role selection
- Configurable server address and token file
- Graceful node shutdown
- Optional firewall port opening
- Cluster initialization for first server
Note: NixOS nodes must be labeled with `k3s-upgrade=disabled` to exclude
them from the system-upgrade-controller, since NixOS manages k3s upgrades
through Nix rather than in-place binary replacement.
Create roles/common.nix containing shared configuration between NixOS and
Darwin: timezone, base packages (git, glances, pciutils, tree, usbutils, vim),
nix settings (experimental-features, max-jobs, trusted-users), gc config,
and allowUnfree setting.
Both roles/default.nix and roles/darwin.nix now import common.nix and only
contain platform-specific configuration.
- Add Jovian-NixOS integration for Steam Deck hardware support
- Create nix-deck machine configuration with SteamOS role
- Add jovian-compat.nix for NixOS 25.05 compatibility (remove in 25.11+)
- Create remote-build role for distributed builds
- Configure zix790prors as build host
- Configure nix-book and nix-deck to use remote builder with fallback
- Add comprehensive setup documentation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
I'm standardizing on bitwarden and rbw for secrets. No need to build out
a separate secret management system. The complexity of this was just not
worth it for my effectively single-user workflows
