refactor(modules/nixos): change paths and ordering of files

[DaRacci]

Summary by CodeRabbit

• New Features

  • Desktop docs now cover RGB lighting, VFIO passthrough and a separate VM guest import.
  • Core now exposes new custom.core toggles for enable, audio, bluetooth and network.

• Chores

  • Reorganised module layout and updated import paths, including Home Manager-related imports.

• Removed

  • Deprecated encrypted-root and proxies modules removed.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

Release Notes

• New Features

  • Added OpenSpec command guides for managing changes: new, continue, fast-forward, bulk archive, sync, verify, and onboarding workflows
  • Added new core modules for containers, virtualisation, gaming, security, printing, and generator configurations
  • New Home Manager audio management and slice allocation modules

• Refactoring

  • Migrated module namespace from custom.* to core.* across NixOS and Home Manager configurations
  • Consolidated shared optional modules into core module structure
  • Reorganised host configuration architecture

• Documentation

  • Added comprehensive guides for display-manager and remote-access functionality
  • Expanded module documentation with new core module pages

Walkthrough

The pull request restructures the codebase by migrating configuration namespaces from custom.* to core.* across NixOS and Home Manager modules, consolidating shared functionality from hosts/shared/ into reusable modules/nixos/core/ modules, and introducing comprehensive OpenSpec workflow documentation and command tooling.

Changes

Cohort / File(s)	Summary
Core namespace migration (NixOS) lib/builders/mkSystem.nix, modules/nixos/default.nix, modules/nixos/core/default.nix, modules/nixos/core/auto-upgrade.nix, modules/nixos/core/groups.nix, modules/nixos/hm-helper/default.nix, modules/nixos/hm-helper/1password.nix, modules/nixos/hm-helper/kde-connect.nix, modules/nixos/hm-helper/mpv.nix, modules/nixos/hm-helper/nautilus.nix	Renamed configuration options from custom.* to core.* namespace, including custom.core → core, custom.defaultGroups → core.defaultGroups, and custom.hm-helper.* → core.hm-helper.*. Updated mkSystem.nix to include shared core modules directory.
Core namespace migration (Home Manager) modules/home-manager/default.nix, modules/home-manager/core/default.nix, modules/home-manager/core/theme.nix, modules/home-manager/audio.nix, home/racci/nixmi.nix, home/racci/features/desktop/common/default.nix, home/racci/features/desktop/common/mobile.nix, home/racci/features/desktop/common/secrets.nix, home/racci/features/desktop/common/sync.nix, home/racci/features/desktop/hyprland/lock-suspend.nix, home/racci/features/desktop/hyprland/menus/clipboard.nix, home/racci/features/desktop/hyprland/menus/hyprpanel.nix, home/shared/desktop/common/audio.nix, hosts/laptop/shared/default.nix	Migrated Home Manager module options from custom.* to core.* namespace. Updated audio configuration, UWSM slice allocations, and theme settings to use new namespace throughout user configurations.
New core NixOS modules (foundational) modules/nixos/core/nix.nix, modules/nixos/core/activation.nix, modules/nixos/core/locale.nix, modules/nixos/core/security.nix, modules/nixos/core/openssh.nix, modules/nixos/core/sops.nix, modules/nixos/core/host/persistence.nix, modules/nixos/core/hardware/default.nix, modules/nixos/core/hardware/memory.nix	Added foundational system configuration modules covering state versioning, system activation reporting, locale/timezone settings, security/TPM/sudo-rs configuration, SSH host key management, SOPS secret handling, disk persistence, and memory/swap management. Includes conditional imports for external dependencies (impermanence, sops-nix).
New core NixOS modules (services & features) modules/nixos/core/display-manager.nix, modules/nixos/core/printing.nix, modules/nixos/core/containers.nix, modules/nixos/core/gaming.nix, modules/nixos/core/remote.nix, modules/nixos/core/networking/default.nix, modules/nixos/core/networking/tailscale.nix, modules/nixos/core/virtualisation.nix, modules/nixos/core/styling.nix, modules/nixos/core/wsl.nix, modules/nixos/core/generators.nix	Introduced comprehensive feature modules for display management (greetd/tuigreet), printing, containers (Docker), gaming (Steam/Proton/Wivrn/Decky Loader), remote desktop/streaming (xrdp/Sunshine with Hyprland integration), Tailscale networking, virtual machine support (libvirt/VFIO/OVMF), system theming, WSL integration, and Proxmox LXC generator support. Each module includes conditional enablement, configuration options, and persistence handling.
New Home Manager core modules modules/home-manager/core/uwsm.nix	Added UWSM (Universal Wayland Session Manager) slice allocation module to Home Manager, enabling per-slice systemd user service configuration with conditional enablement based on OS-level settings.
Removed host-level shared modules hosts/shared/global/default.nix, hosts/shared/global/generators.nix, hosts/shared/global/locale.nix, hosts/shared/global/networking.nix, hosts/shared/global/openssh.nix, hosts/shared/global/security.nix, hosts/shared/global/sops.nix, hosts/shared/global/stylix.nix, hosts/shared/global/time.nix, hosts/shared/global/zram.nix, hosts/shared/optional/containers.nix, hosts/shared/optional/gaming.nix, hosts/shared/optional/tailscale.nix, hosts/shared/optional/virtualisation.nix, hosts/shared/optional/wsl.nix	Deleted host-level shared configuration modules, consolidating their functionality into reusable modules/nixos/core/* modules. Removed separate optional module files for containers, gaming, Tailscale, virtualisation, and WSL integration.
Removed deprecated NixOS shared modules modules/nixos/shared/core/default.nix, modules/nixos/shared/core/printing.nix, modules/nixos/shared/display-manager.nix, modules/nixos/shared/remote.nix, modules/nixos/encrypted-root.nix, modules/nixos/proxies.nix, modules/home-manager/custom/uwsm.nix	Removed legacy module definitions under custom.* namespace and old shared/ organisation, including encrypted-root configuration, display-manager, remote services (moved to core.remote), printing support (moved to core.printing), and UWSM custom module (replaced with core.uwsm).
Desktop & laptop configuration updates modules/nixos/desktop/default.nix, modules/nixos/desktop/virtual-machine.nix, modules/nixos/desktop/rgb.nix, modules/nixos/desktop/vfio.nix	Updated desktop module imports to use local rgb.nix, vfio.nix, and virtual-machine.nix instead of shared modules. Changed desktop configuration to enable core.display-manager and core.remote via option flags. Tightened type definitions for virtual machine options and removed trailing newlines.
Host-specific configuration updates hosts/desktop/nixmi/default.nix, hosts/server/nixarr/arr/downloader.nix, hosts/server/nixio/default.nix	Consolidated optional module imports into core configuration blocks; enabled containers, virtualisation, gaming, Tailscale, and remote streaming through unified core.* options. Updated Transmission configuration with upload/ratio limiting. Removed legacy custom.remote and programs.alvr settings.
Documentation structure & module guidance .opencode/skills/modules/SKILL.md, docs/src/modules/overview.md, docs/src/modules/nixos/core/display-manager.md, docs/src/modules/nixos/core/remote.md, docs/src/hosts/overview.md	Updated module documentation to reflect core.* namespace migration, added new pages for display-manager and remote modules under core/, and restructured navigation to highlight core modules instead of desktop-specific modules. Updated host configuration guidance to use modules/nixos/core/* instead of hosts/shared/.
OpenSpec workflow commands .opencode/command/opsx-new.md, .opencode/command/opsx-continue.md, .opencode/command/opsx-ff.md, .opencode/command/opsx-sync.md, .opencode/command/opsx-verify.md, .opencode/command/opsx-bulk-archive.md	Introduced comprehensive OpenSpec workflow documentation for artifact-driven development: starting changes (opsx-new), continuing work (opsx-continue), fast-forward scaffolding (opsx-ff), syncing specs (opsx-sync), verification (opsx-verify), and bulk archival (opsx-bulk-archive). Each document specifies control flow, user interaction patterns, CLI commands, and output formats.
OpenSpec skill definitions .opencode/skills/openspec-new-change/SKILL.md, .opencode/skills/openspec-continue-change/SKILL.md, .opencode/skills/openspec-ff-change/SKILL.md, .opencode/skills/openspec-sync-specs/SKILL.md, .opencode/skills/openspec-verify-change/SKILL.md, .opencode/skills/openspec-bulk-archive-change/SKILL.md, .opencode/skills/openspec-onboard/SKILL.md	Added OpenSpec skill definitions implementing artifact-based development workflows with structured input/output, JSON-based status queries, conflict resolution logic, verification reporting (Completeness/Correctness/Coherence dimensions), and archival/sync orchestration. Includes comprehensive onboarding tutorial with full workflow cycle demonstration.
Metadata & skill version updates .opencode/skills/openspec-propose/SKILL.md, .opencode/skills/openspec-apply-change/SKILL.md, .opencode/skills/openspec-archive-change/SKILL.md, .opencode/skills/openspec-explore/SKILL.md	Updated skill metadata generatedBy version from 1.1.1 to 1.2.0 across multiple skill files.
Development environment & miscellaneous flake/dev/devenv.nix, .vscode/settings.json, docs/search.nix, modules/home-manager/programs/list-ephemeral.nix, modules/home-manager/purpose/development/editors/ai/default.nix, home/racci/features/desktop/hyprland/default.nix	Added OpenSpec telemetry disabling in dev shell, disabled VS Code Git integration, updated search indexing to use Codeberg URLs and tightened module discovery logic, simplified option default expressions, added OpenSpec wildcard permissions, and augmented Hyprland environment variables.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant OpenSpec CLI
    participant Agent
    participant Codebase
    participant Archive

    rect rgba(100, 150, 200, 0.5)
    Note over User,Archive: OpenSpec Fast-Forward Workflow

    User->>OpenSpec CLI: opsx-ff "feature-name"
    OpenSpec CLI->>OpenSpec CLI: Scaffold change directory
    OpenSpec CLI->>Agent: Query artifact status & dependencies
    Agent->>OpenSpec CLI: Return ordered artifact list

    loop For each ready artifact
        Agent->>OpenSpec CLI: Fetch artifact template & instructions
        Agent->>Codebase: Read dependency artifacts for context
        Agent->>Agent: Generate artifact using template
        Agent->>Codebase: Write output file
        Agent->>OpenSpec CLI: Check updated status
    end

    Agent->>User: Display completion status
    User->>User: Ready for implementation
    end

    rect rgba(200, 100, 150, 0.5)
    Note over User,Archive: OpenSpec Bulk Archive Workflow

    User->>OpenSpec CLI: opsx-bulk-archive
    OpenSpec CLI->>OpenSpec CLI: List active changes
    User->>OpenSpec CLI: Multi-select changes to archive
    
    loop For each selected change
        OpenSpec CLI->>Agent: Validate artifact completion
        Agent->>Codebase: Parse delta specs for conflicts
        Agent->>Codebase: Detect implementation status
    end

    Agent->>User: Report conflicts & readiness
    User->>User: Confirm archive operation
    
    loop For each confirmed change
        Agent->>Codebase: Sync delta specs to main specs
        Agent->>Archive: Move to archive/YYYY-MM-DD-name
        Agent->>Agent: Track outcome
    end

    Agent->>User: Report success/failures/synced specs
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

The PR involves substantial structural reorganisation across 100+ files with heterogeneous change patterns: namespace migrations applied consistently across multiple module types, consolidation of 15+ deleted host-level modules into new core.* modules with complex logic (virtualisation, gaming, remote), introduction of new module architecture with interdependencies, and comprehensive OpenSpec documentation. Multiple component interactions require verification of correct configuration wiring and persistence handling. While many namespace changes are repetitive and relatively low-risk, the new core modules contain dense logic (VFIO, libvirt, Sunshine/Hyprland integration) demanding careful review of correctness and conditional gating logic.

Poem

🐰 From scattered customs came a core so clean,
Building blocks now reused across the scene,
Games and virtuals, displays and remote streams—
Shared from the centre like modular dreams,
While OpenSpec guides the workflow through,
Artifacts ordered in all that we do! ✨

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch push-lmktvltnszyn

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch push-lmktvltnszyn

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🔴 Enforce conventional commit

Waiting for:

• title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert)(?:\(.+\))?:

This rule is failing.

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

• title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert)(?:\(.+\))?:

🟢 Do not merge outdated PRs

Wonderful, this rule succeeded.

Make sure PRs are almost up to date before merging

• #commits-behind <= 10

[mergify]

🧪 CI Insights

Here's what we observed from your CI run for dc7ec0c.

🟢 All jobs passed!

But CI Insights is watching 👀

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

home/shared/desktop/gnome/default.nix (1)

39-55: ⚠️ Potential issue | 🟡 Minor

Use Loupe’s actual desktop file name.

xdg.mimeApps matches the .desktop file name exactly. This block uses org.gnome.Loupe.Desktop, but home/shared/applications/media.nix already refers to Loupe as org.gnome.Loupe.desktop, so the JPEG/PNG default here will be ignored.

💡 Suggested fix

-      defaultApplications = forAll "org.gnome.Loupe.Desktop" [
+      defaultApplications = forAll "org.gnome.Loupe.desktop" [

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@home/shared/desktop/gnome/default.nix` around lines 39 - 55, The xdg.mimeApps
defaultApplications mapping uses the wrong desktop filename casing so the
JPEG/PNG defaults aren't applied; update the string literal in the
defaultApplications call (currently "org.gnome.Loupe.Desktop") to the exact
desktop file name used elsewhere ("org.gnome.Loupe.desktop") so that forAll and
defaultApplications correctly match the Loupe .desktop entry.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@modules/nixos/shared/core/default.nix`:
- Around line 103-107: The activation script uses a bare "rfkill" which may not
be in the activation PATH; update the rfkillUnblockBluetooth activation script
(system.activationScripts.rfkillUnblockBluetooth.text) to call the rfkill binary
by its Nix store path from the package set (e.g. use ${pkgs.rfkill}/bin/rfkill)
instead of the plain command, ensuring pkgs is available in scope so the script
always references the correct store path.
- Around line 14-50: The imports at the top are unguarded so custom.core.enable
only affects the later config block; either propagate the parent flag into the
imported submodules or rename the option to avoid a misleading master switch.
Fix by wrapping the imports list (or each problematic import like
./printing.nix) with an mkIf that checks cfg.enable (the same custom.core.enable
used in the config block), or modify the imported module
(modules/nixos/shared/core/printing.nix) to early-exit/apply mkIf based on
config.custom.core.enable; update any references to custom.core.enable
accordingly so the imported modules are conditionally loaded when the master
flag is false.

---

Outside diff comments:
In `@home/shared/desktop/gnome/default.nix`:
- Around line 39-55: The xdg.mimeApps defaultApplications mapping uses the wrong
desktop filename casing so the JPEG/PNG defaults aren't applied; update the
string literal in the defaultApplications call (currently
"org.gnome.Loupe.Desktop") to the exact desktop file name used elsewhere
("org.gnome.Loupe.desktop") so that forAll and defaultApplications correctly
match the Loupe .desktop entry.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 743c9e5d-15bc-4d44-bfe8-f40974235a7e

📥 Commits

Reviewing files that changed from the base of the PR and between baec492 and dc7ec0c.

📒 Files selected for processing (54)

• docs/src/modules/nixos/desktop.md
• docs/src/modules/nixos/services.md
• home/shared/applications/media.nix
• home/shared/desktop/gnome/default.nix
• lib/builders/mkSystem.nix
• modules/home-manager/services/mcpo.nix
• modules/nixos/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/desktop/rgb.nix
• modules/nixos/desktop/vfio.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/encrypted-root.nix
• modules/nixos/laptop/default.nix
• modules/nixos/proxies.nix
• modules/nixos/server/default.nix
• modules/nixos/server/proxy/kanidm.nix
• modules/nixos/shared/core.nix
• modules/nixos/shared/core/auto-upgrade.nix
• modules/nixos/shared/core/boot/default.nix
• modules/nixos/shared/core/boot/quietboot.nix
• modules/nixos/shared/core/boot/secureboot.nix
• modules/nixos/shared/core/boot/systemd-boot.nix
• modules/nixos/shared/core/default.nix
• modules/nixos/shared/core/hardware/backlight.nix
• modules/nixos/shared/core/hardware/biometrics.nix
• modules/nixos/shared/core/hardware/bluetooth.nix
• modules/nixos/shared/core/hardware/cooling.nix
• modules/nixos/shared/core/hardware/default.nix
• modules/nixos/shared/core/hardware/display.nix
• modules/nixos/shared/core/hardware/graphics.nix
• modules/nixos/shared/core/hardware/openrgb.nix
• modules/nixos/shared/core/hardware/storage/default.nix
• modules/nixos/shared/core/hardware/storage/ephemeral.nix
• modules/nixos/shared/core/hardware/storage/maintenance.nix
• modules/nixos/shared/core/hardware/storage/partitions/btrfs.nix
• modules/nixos/shared/core/hardware/storage/partitions/esp.nix
• modules/nixos/shared/core/hardware/storage/partitions/luks.nix
• modules/nixos/shared/core/hardware/storage/partitions/tmpfs.nix
• modules/nixos/shared/core/host/default.nix
• modules/nixos/shared/core/host/device.nix
• modules/nixos/shared/core/host/persistence.nix
• modules/nixos/shared/default.nix
• modules/nixos/shared/features/display-manager.nix
• modules/nixos/shared/features/hm-helper/1password.nix
• modules/nixos/shared/features/hm-helper/default.nix
• modules/nixos/shared/features/hm-helper/kde-connect.nix
• modules/nixos/shared/features/hm-helper/mpv.nix
• modules/nixos/shared/features/hm-helper/nautilus.nix
• modules/nixos/shared/features/remote.nix
• modules/nixos/shared/services/default.nix
• modules/nixos/shared/services/huntress.nix
• modules/nixos/shared/services/mcpo.nix
• modules/nixos/shared/services/metrics.nix
• modules/nixos/shared/services/tailscale.nix

💤 Files with no reviewable changes (4)

• modules/nixos/default.nix
• modules/nixos/shared/core.nix
• modules/nixos/encrypted-root.nix
• modules/nixos/proxies.nix

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)

• GitHub Check: Build nixosConfigurations.nixdev.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixcloud.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixai.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build homeConfigurations.racci.activationPackage on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixio.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixarr.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixmon.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixserv.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixmi.config.system.build.toplevel on x86_64-linux
• GitHub Check: Mergify Merge Protections
• GitHub Check: Summary

🧰 Additional context used

📓 Path-based instructions (14)

docs/src/**/*.md

📄 CodeRabbit inference engine (.opencode/skills/docs/SKILL.md)

docs/src/**/*.md: Create or update Markdown files in docs/src following the documentation workflow: analyze changes, identify impact on documentation files, draft content with underscore filenames, update docs/src/SUMMARY.md, and verify Nix code examples are valid
Keep documentation explanations concise and focus on why something is configured a certain way rather than just what the code does

Files:

• docs/src/modules/nixos/desktop.md
• docs/src/modules/nixos/services.md

docs/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Project documentation should be maintained in the docs/ directory

Files:

• docs/src/modules/nixos/desktop.md
• docs/src/modules/nixos/services.md

**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/building/SKILL.md)

Use nix fmt to format Nix code and check syntax

**/*.nix: Run nix fmt <paths...> after making any changes to ensure consistent formatting
Use 2 spaces for indentation in Nix files
Use kebab-case for Nix file and directory names
Use camelCase for Nix attributes (e.g., myOption, enableFeature)
Use camelCase for Nix option paths (e.g., services.myService.enable)
Prefer minimal comments; code should be self-explanatory, using comments to explain why, not what
Prefer relative imports over absolute imports (e.g., ./modules/foo.nix)
Group imports at the top of the Nix file and use list format for multiple imports
When generating JSON, YAML, or other structured formats, define as Nix attribute sets and convert using builtins functions (e.g., builtins.toJSON), rather than using inline string literals
Follow the standard module structure pattern with config, lib, pkgs destructuring, let bindings for module configuration, and options/config sections
Use let bindings with inherit for importing functions from libraries (e.g., inherit (lib) mkIf mkEnableOption)

Run nix fmt to format code before submitting changes

**/*.nix: Use builtins.trace to add trace statements for seeing values during Nix evaluation, with builtins.toJSON for complex attribute sets
Check for circular dependencies in imports or option definitions as the root cause of infinite recursion errors in Nix
Verify attribute names, imports, and option paths to resolve 'attribute missing' errors in Nix configurations

Run nix fmt on changed Nix files after modifying modules

**/*.nix: Declare secrets in Nix using sops.secrets with the secret path as the key
Specify custom permissions for secrets using owner, group, and mode attributes in sops.secrets declarations
Use sops.templates to combine multiple secrets into configuration files with placeholders
Add restartUnits to secret declarations to automatically restart services when secrets change
Use empty `k...

Files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/server/proxy/kanidm.nix
• home/shared/applications/media.nix
• lib/builders/mkSystem.nix
• modules/nixos/shared/default.nix
• modules/nixos/desktop/virtual-machine.nix
• home/shared/desktop/gnome/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/server/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

modules/home-manager/**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/modules/SKILL.md)

modules/home-manager/**/*.nix: Create Home-Manager modules at modules/home-manager/<category>/<name>.nix with osConfig parameter support and conditional config application using mkIf
Use purpose.<category> namespace for use-case modules in Home-Manager modules
Use custom.<name> namespace for custom extensions in Home-Manager modules
Use user.<name> namespace for user-specific options in Home-Manager modules

Files:

• modules/home-manager/services/mcpo.nix

modules/home-manager/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Reusable Home-Manager module fragments should be placed in modules/home-manager/ directory

Files:

• modules/home-manager/services/mcpo.nix

modules/nixos/**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/modules/SKILL.md)

Create NixOS modules at modules/nixos/<category>/<name>.nix with standard pattern including options definition, lib imports (mkEnableOption, mkOption, mkIf, types), config variable binding, and conditional config application using mkIf

Files:

• modules/nixos/server/proxy/kanidm.nix
• modules/nixos/shared/default.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/desktop/default.nix
• modules/nixos/server/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

modules/nixos/server/**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/modules/SKILL.md)

Use server.<name> namespace for server cluster options in NixOS modules

Files:

• modules/nixos/server/proxy/kanidm.nix
• modules/nixos/server/default.nix

modules/nixos/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Reusable NixOS module fragments should be placed in modules/nixos/ directory

Files:

• modules/nixos/server/proxy/kanidm.nix
• modules/nixos/shared/default.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/desktop/default.nix
• modules/nixos/server/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

home/**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/contributing/SKILL.md)

Test at least one affected home configuration before submitting changes

Files:

• home/shared/applications/media.nix
• home/shared/desktop/gnome/default.nix

home/shared/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Shared Home-Manager configurations across all users should be placed in home/shared/ directory

Files:

• home/shared/applications/media.nix
• home/shared/desktop/gnome/default.nix

home/shared/applications/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Shared application-specific Home-Manager configurations should be in home/shared/applications/

Files:

• home/shared/applications/media.nix

lib/builders/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Custom system and home builders should be implemented in lib/builders/ directory with mkSystem.nix and mkHome.nix as entry points

Files:

• lib/builders/mkSystem.nix

modules/nixos/*/default.nix

📄 CodeRabbit inference engine (.opencode/skills/modules/SKILL.md)

Register NixOS modules in parent default.nix using imports list pattern: _: { imports = [ ./module-a.nix ./module-b.nix ]; }

Files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/server/default.nix
• modules/nixos/laptop/default.nix

home/shared/desktop/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Shared desktop environment configurations should be in home/shared/desktop/

Files:

• home/shared/desktop/gnome/default.nix

🧠 Learnings (63)

📓 Common learnings

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Avoid hardcoded paths that should be configurable options

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/contributing/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:29.910Z
Learning: Applies to **/*.nix : Run `nix fmt` to format code before submitting changes

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to **/*.nix : Run `nix fmt <changed-files>` to fix Nix formatting failures in CI checks

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Prefer relative imports (e.g., `./modules/foo.nix`) over absolute paths

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/contributing/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:29.910Z
Learning: Applies to home/**/*.nix : Test at least one affected home configuration before submitting changes

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Follow the standard module structure pattern with `config`, `lib`, `pkgs` destructuring, `let` bindings for module configuration, and `options`/`config` sections

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to **/*.nix : Run `nix fmt` on changed Nix files after modifying modules

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/** : Reusable NixOS module fragments should be placed in `modules/nixos/` directory

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/test.md:0-0
Timestamp: 2026-03-01T12:27:25.837Z
Learning: Applies to **/*.nix : Always ensure formatting is correct by running 'nix fmt' on changed files

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Prefer relative imports over absolute imports (e.g., `./modules/foo.nix`)

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/features/**/*.nix : User's feature modules should be organized in a `features/` directory within the user directory (`home/<username>/features/`)

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/services/**/*.nix : Use `services.<name>` namespace for system services in NixOS modules

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/**/*.nix : Create NixOS modules at `modules/nixos/<category>/<name>.nix` with standard pattern including options definition, lib imports (mkEnableOption, mkOption, mkIf, types), config variable binding, and conditional config application using mkIf

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/default.nix : Export module categories from top-level `modules/nixos/default.nix` as attribute set with structure: `{ boot = import ./boot; hardware = import ./hardware; services = import ./services; }`

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/default.nix : NixOS modules should be exported through `modules/nixos/default.nix`

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to flake/nixos/** : NixOS flake modules should be organized in the `flake/nixos/` directory

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Physical hardware configurations should import appropriate modules from `inputs.nixos-hardware` (e.g., CPU, SSD, GPU modules) in `hardware.nix`

Applied to files:

• docs/src/modules/nixos/desktop.md
• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/hardware/**/*.nix : Use `hardware.<name>` namespace for hardware configuration in NixOS modules

Applied to files:

• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/default.nix : Export module categories from top-level `modules/nixos/default.nix` as attribute set with structure: `{ boot = import ./boot; hardware = import ./hardware; services = import ./services; }`

Applied to files:

• docs/src/modules/nixos/desktop.md
• docs/src/modules/nixos/services.md
• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/server/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Physical host machines (desktops/laptops) must include a `hardware.nix` file with hardware-specific configuration

Applied to files:

• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/default.nix : NixOS modules should be exported through `modules/nixos/default.nix`

Applied to files:

• docs/src/modules/nixos/desktop.md
• docs/src/modules/nixos/services.md
• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/home-manager/default.nix : Home-Manager modules should be exported through `modules/home-manager/default.nix`

Applied to files:

• docs/src/modules/nixos/desktop.md
• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• docs/src/modules/nixos/services.md
• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{server,desktop,laptop}/*/default.nix : Host `default.nix` files must import `${modulesPath}/virtualisation/proxmox-lxc.nix` for LXC containers or `./hardware.nix` for physical machines

Applied to files:

• docs/src/modules/nixos/desktop.md
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/home-manager/*/default.nix : Register Home-Manager modules in parent `default.nix` using imports list pattern

Applied to files:

• docs/src/modules/nixos/desktop.md
• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• docs/src/modules/nixos/services.md
• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{server,desktop,laptop}/*/default.nix : Each host requires a `default.nix` file as the main configuration entry point

Applied to files:

• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to hosts/shared/optional/** : Optional NixOS features (gaming, containers, etc.) should be organized in `hosts/shared/optional/`

Applied to files:

• docs/src/modules/nixos/desktop.md
• docs/src/modules/nixos/services.md
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to hosts/{desktop,laptop,server}/*/default.nix : Host system configurations should follow the pattern `hosts/<type>/<hostname>/default.nix`

Applied to files:

• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to home/shared/desktop/** : Shared desktop environment configurations should be in `home/shared/desktop/`

Applied to files:

• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Use `let` bindings with `inherit` for importing functions from libraries (e.g., `inherit (lib) mkIf mkEnableOption`)

Applied to files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/services/**/*.nix : Use `services.<name>` namespace for system services in NixOS modules

Applied to files:

• modules/home-manager/services/mcpo.nix
• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:26:01.611Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/packages/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:01.611Z
Learning: Applies to pkgs/*/default.nix : For multi-output packages, use a let binding to define multiple outputs and register them with inherit syntax in pkgs/default.nix

Applied to files:

• modules/home-manager/services/mcpo.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Always use `inherit` to bring functions and values into scope instead of manual assignment

Applied to files:

• modules/home-manager/services/mcpo.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Follow the standard NixOS module structure pattern with config, lib, pkgs parameters and proper `let`/`in` blocks

Applied to files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/host/**/*.nix : Use `host.<name>` namespace for host-specific options in NixOS modules

Applied to files:

• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• docs/src/modules/nixos/services.md
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:41.504Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/hm-config.nix : Import shared user configurations from `home/shared/` directories in user configs: use `../shared/global/` for configs applied to all users, `../shared/applications/` for application configs, `../shared/desktop/` for desktop environment configs, and `../shared/features/cli/` for CLI tool configurations

Applied to files:

• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Remove unused let bindings

Applied to files:

• home/shared/applications/media.nix
• home/shared/desktop/gnome/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Use intermediate bindings instead of deeply nested attribute access for improved readability

Applied to files:

• home/shared/applications/media.nix
• home/shared/desktop/gnome/default.nix
• modules/nixos/server/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Ensure all used functions are properly inherited to avoid circular imports and hidden dependencies

Applied to files:

• home/shared/applications/media.nix
• modules/nixos/shared/default.nix
• home/shared/desktop/gnome/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:24:29.910Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/contributing/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:29.910Z
Learning: Applies to **/*.nix : Run `nix fmt` to format code before submitting changes

Applied to files:

• home/shared/applications/media.nix
• home/shared/desktop/gnome/default.nix
• modules/nixos/server/default.nix

📚 Learning: 2026-03-01T12:27:25.837Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/test.md:0-0
Timestamp: 2026-03-01T12:27:25.837Z
Learning: For changes affecting only hosts, build at least one affected host configuration using 'nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel'

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to lib/builders/** : Custom system and home builders should be implemented in `lib/builders/` directory with `mkSystem.nix` and `mkHome.nix` as entry points

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:26:41.504Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/hm-config.nix : Create `hm-config.nix` in `home/<username>/` as the main Home-Manager entry point containing shared configuration across all hosts for that user

Applied to files:

• lib/builders/mkSystem.nix
• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/home-manager/**/*.nix : Create Home-Manager modules at `modules/home-manager/<category>/<name>.nix` with osConfig parameter support and conditional config application using mkIf

Applied to files:

• lib/builders/mkSystem.nix
• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/home-manager/**/*.nix : Use `custom.<name>` namespace for custom extensions in Home-Manager modules

Applied to files:

• lib/builders/mkSystem.nix
• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:24:15.388Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/building/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:15.388Z
Learning: Build a host's NixOS system using `nix build .#nixosConfigurations.<host>.config.system.build.toplevel`

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/home-manager/**/*.nix : Use `user.<name>` namespace for user-specific options in Home-Manager modules

Applied to files:

• lib/builders/mkSystem.nix
• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/*/default.nix : Register NixOS modules in parent `default.nix` using imports list pattern: `_: { imports = [ ./module-a.nix ./module-b.nix ]; }`

Applied to files:

• lib/builders/mkSystem.nix
• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:41.504Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/features/**/*.nix : User's feature modules should be organized in a `features/` directory within the user directory (`home/<username>/features/`)

Applied to files:

• lib/builders/mkSystem.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:26:41.504Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/[!.]*@(hm-config|os-config|secrets).nix : Create host-specific configuration files named `<hostname>.nix` in the user directory (`home/<username>/<hostname>.nix`), containing Home-Manager configuration with user-specific git settings, imports of shared features, and host-specific customizations

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:26:25.327Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/secrets/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:25.327Z
Learning: Applies to **/*.nix : Declare secrets in Nix using `sops.secrets` with the secret path as the key

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/server/**/*.nix : Use `server.<name>` namespace for server cluster options in NixOS modules

Applied to files:

• docs/src/modules/nixos/services.md
• modules/nixos/server/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Use camelCase for Nix option paths (e.g., `services.myService.enable`)

Applied to files:

• docs/src/modules/nixos/services.md
• modules/nixos/shared/default.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/** : Reusable NixOS module fragments should be placed in `modules/nixos/` directory

Applied to files:

• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:26:25.327Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/secrets/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:25.327Z
Learning: Applies to **/*.nix : Add `restartUnits` to secret declarations to automatically restart services when secrets change

Applied to files:

• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:27:16.409Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/security.md:0-0
Timestamp: 2026-03-01T12:27:16.409Z
Learning: Applies to **/*.nix : Apply systemd hardening options (DynamicUser, ProtectSystem, ProtectHome, PrivateTmp, NoNewPrivileges, CapabilityBoundingSet, RestrictNamespaces, RestrictRealtime, RestrictSUIDSGID, MemoryDenyWriteExecute, LockPersonality) to service definitions

Applied to files:

• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/**/*.nix : Create NixOS modules at `modules/nixos/<category>/<name>.nix` with standard pattern including options definition, lib imports (mkEnableOption, mkOption, mkIf, types), config variable binding, and conditional config application using mkIf

Applied to files:

• docs/src/modules/nixos/services.md
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Follow the standard module structure pattern with `config`, `lib`, `pkgs` destructuring, `let` bindings for module configuration, and `options`/`config` sections

Applied to files:

• docs/src/modules/nixos/services.md
• modules/nixos/shared/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:51.425Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to **/*.nix : Check for infinite recursion by examining recent changes for circular imports between modules or option definitions that reference themselves

Applied to files:

• modules/nixos/shared/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Group imports at the top of the file and use list format for multiple imports

Applied to files:

• modules/nixos/shared/default.nix
• home/shared/desktop/gnome/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Group imports at the top of the Nix file and use list format for multiple imports

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Prefer relative imports over absolute imports (e.g., `./modules/foo.nix`)

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Avoid hardcoded paths that should be configurable options

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:01.611Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/packages/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:01.611Z
Learning: Applies to overlays/default.nix : Expose custom packages via overlays/default.nix by importing the pkgs directory with inputs, lib, and pkgs parameters

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Prefer relative imports (e.g., `./modules/foo.nix`) over absolute paths

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Ensure all required options are defined before use in configuration blocks

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Hardware configurations must define filesystem mount points with device labels and filesystem types (e.g., `fileSystems./`)

Applied to files:

• modules/nixos/desktop/virtual-machine.nix

📚 Learning: 2026-03-01T12:26:51.425Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to **/*.nix : Verify type mismatches by checking option type definitions and the value being provided in NixOS options

Applied to files:

• modules/nixos/desktop/virtual-machine.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Verify option type definitions match their usage and configuration values

Applied to files:

• modules/nixos/desktop/virtual-machine.nix

📚 Learning: 2026-03-01T12:27:25.837Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/test.md:0-0
Timestamp: 2026-03-01T12:27:25.837Z
Learning: Applies to **/*.nix : Always ensure formatting is correct by running 'nix fmt' on changed files

Applied to files:

• home/shared/desktop/gnome/default.nix
• modules/nixos/server/default.nix

📚 Learning: 2026-03-01T12:24:29.910Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/contributing/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:29.910Z
Learning: Applies to home/**/*.nix : Test at least one affected home configuration before submitting changes

Applied to files:

• home/shared/desktop/gnome/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Code MUST pass `nix fmt` formatting validation

Applied to files:

• home/shared/desktop/gnome/default.nix
• modules/nixos/server/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to **/*.nix : Run `nix fmt` on changed Nix files after modifying modules

Applied to files:

• home/shared/desktop/gnome/default.nix
• modules/nixos/server/default.nix

📚 Learning: 2026-03-01T12:26:51.425Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to **/*.nix : Run `nix fmt <changed-files>` to fix Nix formatting failures in CI checks

Applied to files:

• home/shared/desktop/gnome/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : When generating JSON/YAML, define as Nix attribute sets and convert using `builtins.toJSON` instead of inline strings

Applied to files:

• modules/nixos/server/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Use camelCase for attributes (e.g., `myOption`, `enableFeature`, `services.myService.enable`)

Applied to files:

• modules/nixos/server/default.nix

📚 Learning: 2026-03-01T12:24:38.213Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/debugging/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:38.213Z
Learning: Applies to **/*.nix : Verify attribute names, imports, and option paths to resolve 'attribute missing' errors in Nix configurations

Applied to files:

• modules/nixos/server/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Use `mkDefault`, `mkForce`, and `mkOverride` correctly to control option priority

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/boot/**/*.nix : Use `boot.<name>` namespace for boot configuration in NixOS modules

Applied to files:

• modules/nixos/shared/core/default.nix

🔇 Additional comments (5)

modules/nixos/server/default.nix (1)

61-63: Formatting change approved.

The getAllAttrs function pipeline has been collapsed to a single line. This is a non-functional formatting change that maintains the same logic.

modules/nixos/laptop/default.nix (1)

2-5: Import paths updated to new features subdirectory.

The shared module imports have been correctly updated to use the new ../shared/features/ path structure. This aligns with the desktop module's import pattern and the broader refactor consolidating features under a dedicated subdirectory.

modules/nixos/desktop/default.nix (1)

2-8: Desktop module imports restructured with local hardware modules and shared features.

The module now properly combines:

• Desktop-specific hardware modules (./rgb.nix for OpenRGB, ./vfio.nix for GPU passthrough)
• Shared feature modules from the new features subdirectory

The context snippets confirm all imported modules exist with well-defined option namespaces (hardware.openrgb, virtualisation.vfio, custom.display-manager, custom.remote).

docs/src/modules/nixos/desktop.md (1)

7-22: Documentation accurately reflects the refactored module structure.

The updated documentation correctly describes:

• The expanded purpose including hardware features (RGB lighting, VFIO passthrough)
• All four component imports with their correct paths
• The availability of ./virtual-machine.nix for separate VM guest configuration

This aligns well with the actual code changes in modules/nixos/desktop/default.nix.

modules/nixos/shared/default.nix (1)

19-22: Import structure is correct.

The imports use relative paths with list format (./core and ./services), following standard conventions. The ./services directory is properly structured with default.nix and supporting modules (huntress, mcpo, metrics, tailscale). The auto-upgrade functionality remains intact via the ./core import chain.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

custom.core.enable is only a partial master switch.

Line 14-20 imports the core submodules unconditionally, but Line 50-145 only guards the config defined here. modules/nixos/shared/core/printing.nix:1-19 already configures custom.core.printing independently, so custom.core.enable = false will still leave part of the core stack active. Either thread the parent flag into the imported modules or rename this option to avoid a misleading API.

As per coding guidelines, always use mkIf guards on config sections that are conditionally applied.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/shared/core/default.nix` around lines 14 - 50, The imports at
the top are unguarded so custom.core.enable only affects the later config block;
either propagate the parent flag into the imported submodules or rename the
option to avoid a misleading master switch. Fix by wrapping the imports list (or
each problematic import like ./printing.nix) with an mkIf that checks cfg.enable
(the same custom.core.enable used in the config block), or modify the imported
module (modules/nixos/shared/core/printing.nix) to early-exit/apply mkIf based
on config.custom.core.enable; update any references to custom.core.enable
accordingly so the imported modules are conditionally loaded when the master
flag is false.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@modules/nixos/shared/core/default.nix`:
- Around line 41-45: The bluetooth option's default enables Bluetooth for any
non-headless host but doesn't exclude virtual machines; update the default
expression for the bluetooth option (the bluetooth = { enable = ... } block in
default.nix) to also check host.device.isVirtual and only enable when not
headless AND not virtual (i.e., use !config.host.device.isHeadless &&
!config.host.device.isVirtual), so that dependent modules like
hardware.bluetooth, blueman and the rfkill activation step are not pulled in for
virtual targets.

🪄 Autofix (Beta)

✅ Autofix completed

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 628af9af-4ff2-4156-bbba-e935d6cc3735

📥 Commits

Reviewing files that changed from the base of the PR and between dc7ec0c and e764573.

📒 Files selected for processing (51)

• docs/src/modules/nixos/desktop.md
• docs/src/modules/nixos/services.md
• lib/builders/mkSystem.nix
• modules/home-manager/services/mcpo.nix
• modules/nixos/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/desktop/rgb.nix
• modules/nixos/desktop/vfio.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/encrypted-root.nix
• modules/nixos/laptop/default.nix
• modules/nixos/proxies.nix
• modules/nixos/shared/core.nix
• modules/nixos/shared/core/auto-upgrade.nix
• modules/nixos/shared/core/boot/default.nix
• modules/nixos/shared/core/boot/quietboot.nix
• modules/nixos/shared/core/boot/secureboot.nix
• modules/nixos/shared/core/boot/systemd-boot.nix
• modules/nixos/shared/core/default.nix
• modules/nixos/shared/core/hardware/backlight.nix
• modules/nixos/shared/core/hardware/biometrics.nix
• modules/nixos/shared/core/hardware/bluetooth.nix
• modules/nixos/shared/core/hardware/cooling.nix
• modules/nixos/shared/core/hardware/default.nix
• modules/nixos/shared/core/hardware/display.nix
• modules/nixos/shared/core/hardware/graphics.nix
• modules/nixos/shared/core/hardware/openrgb.nix
• modules/nixos/shared/core/hardware/storage/default.nix
• modules/nixos/shared/core/hardware/storage/ephemeral.nix
• modules/nixos/shared/core/hardware/storage/maintenance.nix
• modules/nixos/shared/core/hardware/storage/partitions/btrfs.nix
• modules/nixos/shared/core/hardware/storage/partitions/esp.nix
• modules/nixos/shared/core/hardware/storage/partitions/luks.nix
• modules/nixos/shared/core/hardware/storage/partitions/tmpfs.nix
• modules/nixos/shared/core/host/default.nix
• modules/nixos/shared/core/host/device.nix
• modules/nixos/shared/core/host/persistence.nix
• modules/nixos/shared/core/printing.nix
• modules/nixos/shared/default.nix
• modules/nixos/shared/features/display-manager.nix
• modules/nixos/shared/features/hm-helper/1password.nix
• modules/nixos/shared/features/hm-helper/default.nix
• modules/nixos/shared/features/hm-helper/kde-connect.nix
• modules/nixos/shared/features/hm-helper/mpv.nix
• modules/nixos/shared/features/hm-helper/nautilus.nix
• modules/nixos/shared/features/remote.nix
• modules/nixos/shared/services/default.nix
• modules/nixos/shared/services/huntress.nix
• modules/nixos/shared/services/mcpo.nix
• modules/nixos/shared/services/metrics.nix
• modules/nixos/shared/services/tailscale.nix

💤 Files with no reviewable changes (4)

• modules/nixos/proxies.nix
• modules/nixos/default.nix
• modules/nixos/encrypted-root.nix
• modules/nixos/shared/core.nix

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Mergify Merge Protections
• GitHub Check: Summary

🧰 Additional context used

📓 Path-based instructions (9)

**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/building/SKILL.md)

Use nix fmt to format Nix code and check syntax

**/*.nix: Run nix fmt <paths...> after making any changes to ensure consistent formatting
Use 2 spaces for indentation in Nix files
Use kebab-case for Nix file and directory names
Use camelCase for Nix attributes (e.g., myOption, enableFeature)
Use camelCase for Nix option paths (e.g., services.myService.enable)
Prefer minimal comments; code should be self-explanatory, using comments to explain why, not what
Prefer relative imports over absolute imports (e.g., ./modules/foo.nix)
Group imports at the top of the Nix file and use list format for multiple imports
When generating JSON, YAML, or other structured formats, define as Nix attribute sets and convert using builtins functions (e.g., builtins.toJSON), rather than using inline string literals
Follow the standard module structure pattern with config, lib, pkgs destructuring, let bindings for module configuration, and options/config sections
Use let bindings with inherit for importing functions from libraries (e.g., inherit (lib) mkIf mkEnableOption)

Run nix fmt to format code before submitting changes

**/*.nix: Use builtins.trace to add trace statements for seeing values during Nix evaluation, with builtins.toJSON for complex attribute sets
Check for circular dependencies in imports or option definitions as the root cause of infinite recursion errors in Nix
Verify attribute names, imports, and option paths to resolve 'attribute missing' errors in Nix configurations

Run nix fmt on changed Nix files after modifying modules

**/*.nix: Declare secrets in Nix using sops.secrets with the secret path as the key
Specify custom permissions for secrets using owner, group, and mode attributes in sops.secrets declarations
Use sops.templates to combine multiple secrets into configuration files with placeholders
Add restartUnits to secret declarations to automatically restart services when secrets change
Use empty `k...

Files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/shared/default.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/shared/core/printing.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• lib/builders/mkSystem.nix
• modules/nixos/shared/core/default.nix

modules/home-manager/**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/modules/SKILL.md)

modules/home-manager/**/*.nix: Create Home-Manager modules at modules/home-manager/<category>/<name>.nix with osConfig parameter support and conditional config application using mkIf
Use purpose.<category> namespace for use-case modules in Home-Manager modules
Use custom.<name> namespace for custom extensions in Home-Manager modules
Use user.<name> namespace for user-specific options in Home-Manager modules

Files:

• modules/home-manager/services/mcpo.nix

modules/home-manager/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Reusable Home-Manager module fragments should be placed in modules/home-manager/ directory

Files:

• modules/home-manager/services/mcpo.nix

modules/nixos/**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/modules/SKILL.md)

Create NixOS modules at modules/nixos/<category>/<name>.nix with standard pattern including options definition, lib imports (mkEnableOption, mkOption, mkIf, types), config variable binding, and conditional config application using mkIf

Files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/shared/core/printing.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

modules/nixos/*/default.nix

📄 CodeRabbit inference engine (.opencode/skills/modules/SKILL.md)

Register NixOS modules in parent default.nix using imports list pattern: _: { imports = [ ./module-a.nix ./module-b.nix ]; }

Files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

modules/nixos/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Reusable NixOS module fragments should be placed in modules/nixos/ directory

Files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/shared/core/printing.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

docs/src/**/*.md

📄 CodeRabbit inference engine (.opencode/skills/docs/SKILL.md)

docs/src/**/*.md: Create or update Markdown files in docs/src following the documentation workflow: analyze changes, identify impact on documentation files, draft content with underscore filenames, update docs/src/SUMMARY.md, and verify Nix code examples are valid
Keep documentation explanations concise and focus on why something is configured a certain way rather than just what the code does

Files:

• docs/src/modules/nixos/services.md
• docs/src/modules/nixos/desktop.md

docs/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Project documentation should be maintained in the docs/ directory

Files:

• docs/src/modules/nixos/services.md
• docs/src/modules/nixos/desktop.md

lib/builders/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Custom system and home builders should be implemented in lib/builders/ directory with mkSystem.nix and mkHome.nix as entry points

Files:

• lib/builders/mkSystem.nix

🧠 Learnings (53)

📓 Common learnings

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Avoid hardcoded paths that should be configurable options

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/contributing/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:29.910Z
Learning: Applies to **/*.nix : Run `nix fmt` to format code before submitting changes

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to **/*.nix : Run `nix fmt <changed-files>` to fix Nix formatting failures in CI checks

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Prefer relative imports (e.g., `./modules/foo.nix`) over absolute paths

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/contributing/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:29.910Z
Learning: Applies to home/**/*.nix : Test at least one affected home configuration before submitting changes

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Follow the standard module structure pattern with `config`, `lib`, `pkgs` destructuring, `let` bindings for module configuration, and `options`/`config` sections

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to **/*.nix : Run `nix fmt` on changed Nix files after modifying modules

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/** : Reusable NixOS module fragments should be placed in `modules/nixos/` directory

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/test.md:0-0
Timestamp: 2026-03-01T12:27:25.837Z
Learning: Applies to **/*.nix : Always ensure formatting is correct by running 'nix fmt' on changed files

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Prefer relative imports over absolute imports (e.g., `./modules/foo.nix`)

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/**/*.nix : Create NixOS modules at `modules/nixos/<category>/<name>.nix` with standard pattern including options definition, lib imports (mkEnableOption, mkOption, mkIf, types), config variable binding, and conditional config application using mkIf

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/default.nix : Export module categories from top-level `modules/nixos/default.nix` as attribute set with structure: `{ boot = import ./boot; hardware = import ./hardware; services = import ./services; }`

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/default.nix : NixOS modules should be exported through `modules/nixos/default.nix`

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/features/**/*.nix : User's feature modules should be organized in a `features/` directory within the user directory (`home/<username>/features/`)

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to flake/nixos/** : NixOS flake modules should be organized in the `flake/nixos/` directory

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Follow the standard NixOS module structure pattern with config, lib, pkgs parameters and proper `let`/`in` blocks

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/services/**/*.nix : Use `services.<name>` namespace for system services in NixOS modules

Applied to files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/shared/default.nix
• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/home-manager/default.nix : Home-Manager modules should be exported through `modules/home-manager/default.nix`

Applied to files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/shared/default.nix
• docs/src/modules/nixos/services.md
• docs/src/modules/nixos/desktop.md
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/home-manager/*/default.nix : Register Home-Manager modules in parent `default.nix` using imports list pattern

Applied to files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/shared/default.nix
• docs/src/modules/nixos/services.md
• docs/src/modules/nixos/desktop.md
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/home-manager/**/*.nix : Use `user.<name>` namespace for user-specific options in Home-Manager modules

Applied to files:

• modules/home-manager/services/mcpo.nix
• docs/src/modules/nixos/services.md
• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/default.nix : NixOS modules should be exported through `modules/nixos/default.nix`

Applied to files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/shared/default.nix
• docs/src/modules/nixos/services.md
• docs/src/modules/nixos/desktop.md
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Use camelCase for Nix option paths (e.g., `services.myService.enable`)

Applied to files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/shared/default.nix
• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Use `let` bindings with `inherit` for importing functions from libraries (e.g., `inherit (lib) mkIf mkEnableOption`)

Applied to files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:01.611Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/packages/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:01.611Z
Learning: Applies to pkgs/*/default.nix : For multi-output packages, use a let binding to define multiple outputs and register them with inherit syntax in pkgs/default.nix

Applied to files:

• modules/home-manager/services/mcpo.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Always use `inherit` to bring functions and values into scope instead of manual assignment

Applied to files:

• modules/home-manager/services/mcpo.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Physical hardware configurations should import appropriate modules from `inputs.nixos-hardware` (e.g., CPU, SSD, GPU modules) in `hardware.nix`

Applied to files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/desktop/virtual-machine.nix
• docs/src/modules/nixos/desktop.md
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Follow the standard NixOS module structure pattern with config, lib, pkgs parameters and proper `let`/`in` blocks

Applied to files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/host/**/*.nix : Use `host.<name>` namespace for host-specific options in NixOS modules

Applied to files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/desktop/virtual-machine.nix
• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:26:41.504Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/hm-config.nix : Import shared user configurations from `home/shared/` directories in user configs: use `../shared/global/` for configs applied to all users, `../shared/applications/` for application configs, `../shared/desktop/` for desktop environment configs, and `../shared/features/cli/` for CLI tool configurations

Applied to files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/default.nix : Export module categories from top-level `modules/nixos/default.nix` as attribute set with structure: `{ boot = import ./boot; hardware = import ./hardware; services = import ./services; }`

Applied to files:

• modules/nixos/shared/default.nix
• docs/src/modules/nixos/services.md
• docs/src/modules/nixos/desktop.md
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/*/default.nix : Register NixOS modules in parent `default.nix` using imports list pattern: `_: { imports = [ ./module-a.nix ./module-b.nix ]; }`

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{server,desktop,laptop}/*/default.nix : Host `default.nix` files must import `${modulesPath}/virtualisation/proxmox-lxc.nix` for LXC containers or `./hardware.nix` for physical machines

Applied to files:

• modules/nixos/shared/default.nix
• docs/src/modules/nixos/desktop.md
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Prefer relative imports over absolute imports (e.g., `./modules/foo.nix`)

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Ensure all used functions are properly inherited to avoid circular imports and hidden dependencies

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Avoid hardcoded paths that should be configurable options

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Group imports at the top of the file and use list format for multiple imports

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:26:01.611Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/packages/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:01.611Z
Learning: Applies to overlays/default.nix : Expose custom packages via overlays/default.nix by importing the pkgs directory with inputs, lib, and pkgs parameters

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Group imports at the top of the Nix file and use list format for multiple imports

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Prefer relative imports (e.g., `./modules/foo.nix`) over absolute paths

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Follow the standard module structure pattern with `config`, `lib`, `pkgs` destructuring, `let` bindings for module configuration, and `options`/`config` sections

Applied to files:

• modules/nixos/shared/default.nix
• docs/src/modules/nixos/services.md
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Ensure all required options are defined before use in configuration blocks

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Hardware configurations must define filesystem mount points with device labels and filesystem types (e.g., `fileSystems./`)

Applied to files:

• modules/nixos/desktop/virtual-machine.nix

📚 Learning: 2026-03-01T12:26:51.425Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to **/*.nix : Verify type mismatches by checking option type definitions and the value being provided in NixOS options

Applied to files:

• modules/nixos/desktop/virtual-machine.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Verify option type definitions match their usage and configuration values

Applied to files:

• modules/nixos/desktop/virtual-machine.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/server/**/*.nix : Use `server.<name>` namespace for server cluster options in NixOS modules

Applied to files:

• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:27:29.965Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-03-01T12:27:29.965Z
Learning: Applies to **/*.nix : Documentation in docs/ MUST be updated simultaneously with code changes to .nix files

Applied to files:

• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:26:25.327Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/secrets/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:25.327Z
Learning: Applies to **/*.nix : Add `restartUnits` to secret declarations to automatically restart services when secrets change

Applied to files:

• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/** : Reusable NixOS module fragments should be placed in `modules/nixos/` directory

Applied to files:

• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:27:16.409Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/security.md:0-0
Timestamp: 2026-03-01T12:27:16.409Z
Learning: Applies to **/*.nix : Apply systemd hardening options (DynamicUser, ProtectSystem, ProtectHome, PrivateTmp, NoNewPrivileges, CapabilityBoundingSet, RestrictNamespaces, RestrictRealtime, RestrictSUIDSGID, MemoryDenyWriteExecute, LockPersonality) to service definitions

Applied to files:

• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to hosts/shared/optional/** : Optional NixOS features (gaming, containers, etc.) should be organized in `hosts/shared/optional/`

Applied to files:

• docs/src/modules/nixos/services.md
• docs/src/modules/nixos/desktop.md
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:41.504Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/hm-config.nix : Create `hm-config.nix` in `home/<username>/` as the main Home-Manager entry point containing shared configuration across all hosts for that user

Applied to files:

• docs/src/modules/nixos/services.md
• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/home-manager/**/*.nix : Create Home-Manager modules at `modules/home-manager/<category>/<name>.nix` with osConfig parameter support and conditional config application using mkIf

Applied to files:

• docs/src/modules/nixos/services.md
• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/home-manager/**/*.nix : Use `custom.<name>` namespace for custom extensions in Home-Manager modules

Applied to files:

• docs/src/modules/nixos/services.md
• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/**/*.nix : Create NixOS modules at `modules/nixos/<category>/<name>.nix` with standard pattern including options definition, lib imports (mkEnableOption, mkOption, mkIf, types), config variable binding, and conditional config application using mkIf

Applied to files:

• docs/src/modules/nixos/services.md
• modules/nixos/shared/core/printing.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/hardware/**/*.nix : Use `hardware.<name>` namespace for hardware configuration in NixOS modules

Applied to files:

• docs/src/modules/nixos/desktop.md
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{server,desktop,laptop}/*/default.nix : Each host requires a `default.nix` file as the main configuration entry point

Applied to files:

• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to hosts/{desktop,laptop,server}/*/default.nix : Host system configurations should follow the pattern `hosts/<type>/<hostname>/default.nix`

Applied to files:

• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to home/shared/desktop/** : Shared desktop environment configurations should be in `home/shared/desktop/`

Applied to files:

• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:26:41.504Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/features/**/*.nix : User's feature modules should be organized in a `features/` directory within the user directory (`home/<username>/features/`)

Applied to files:

• modules/nixos/laptop/default.nix
• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to lib/builders/** : Custom system and home builders should be implemented in `lib/builders/` directory with `mkSystem.nix` and `mkHome.nix` as entry points

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:27:25.837Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/test.md:0-0
Timestamp: 2026-03-01T12:27:25.837Z
Learning: For changes affecting only hosts, build at least one affected host configuration using 'nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel'

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:27:25.837Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/test.md:0-0
Timestamp: 2026-03-01T12:27:25.837Z
Learning: For changes affecting only homes, build at least one affected home configuration using 'nix build .#homeConfigurations.<user>@<host>.activationPackage'

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:26:41.504Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/[!.]*@(hm-config|os-config|secrets).nix : Create host-specific configuration files named `<hostname>.nix` in the user directory (`home/<username>/<hostname>.nix`), containing Home-Manager configuration with user-specific git settings, imports of shared features, and host-specific customizations

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:26:25.327Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/secrets/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:25.327Z
Learning: Applies to **/*.nix : Declare secrets in Nix using `sops.secrets` with the secret path as the key

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Use `mkDefault`, `mkForce`, and `mkOverride` correctly to control option priority

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Always use `mkIf` guards on config sections that are conditionally applied

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:27:29.965Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-03-01T12:27:29.965Z
Learning: Applies to **/*.nix : All affected configurations MUST be tested before completing any task, using the test agent and testing skill to identify affected configurations

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Hardware configurations must define boot loader settings including `systemd-boot.enable` and `efi.canTouchEfiVariables`

Applied to files:

• modules/nixos/shared/core/default.nix

🔇 Additional comments (10)

modules/home-manager/services/mcpo.nix (1)

11-11: Shared MCPO import retarget looks correct.

Line 11 cleanly repoints the options source to the new shared service module path without changing the surrounding option contract.

modules/nixos/laptop/default.nix (1)

3-4: Laptop shared-feature imports are correctly updated.

Lines 3-4 follow the new shared/features layout and preserve the existing aggregation pattern.

lib/builders/mkSystem.nix (1)

69-69: HM helper import migration is consistent and safe.

Line 69 points to the new shared feature location that still exposes the expected module interface.

docs/src/modules/nixos/services.md (1)

9-9: Service documentation paths are now in sync with module moves.

All updated entry points correctly reference modules/nixos/shared/services/*.

Also applies to: 39-39, 72-72, 109-109

modules/nixos/desktop/virtual-machine.nix (1)

93-93: mounts option typing is now explicit and valid.

Line 93 uses a concrete attrsOf type, which is a solid correction for option schema definition.

modules/nixos/desktop/default.nix (1)

3-7: Desktop module import set is well-structured after the refactor.

Lines 3-7 correctly combine local desktop features with the moved shared feature modules.

docs/src/modules/nixos/desktop.md (1)

7-7: Desktop docs now accurately reflect the module composition.

The updated section aligns with current imports and clearly distinguishes shared vs desktop-local components.

Also applies to: 15-23

modules/nixos/shared/default.nix (1)

21-21: Shared module aggregation update is correct.

Line 21 appropriately wires the new shared services aggregator into modules/nixos/shared/default.nix.

modules/nixos/shared/core/default.nix (1)

20-27: Please re-check the imported core submodules against custom.core.enable.

This file still imports ./boot, ./hardware, ./host, and ./auto-upgrade.nix unconditionally, while only the local config block is wrapped in mkIf cfg.enable. printing.nix now honours the master switch, but any sibling module with an unguarded config = { ... }; will keep custom.core.enable as only a partial master switch.

Use this read-only check to inspect the imported tree for unguarded config blocks:

#!/bin/bash
set -euo pipefail

rg --heading -n -C2 '^\s*config\s*=|cfg\.enable|custom\.core\.enable' \
  modules/nixos/shared/core/auto-upgrade.nix \
  modules/nixos/shared/core/printing.nix \
  modules/nixos/shared/core/boot \
  modules/nixos/shared/core/hardware \
  modules/nixos/shared/core/host

Expected result: every imported module that sets config also shows a guard tied to cfg.enable or custom.core.enable. As per coding guidelines, always use mkIf guards on config sections that are conditionally applied.

modules/nixos/shared/core/printing.nix (1)

9-9: Printing now honours the parent core switch.

Good change: the service block only applies when both custom.core.enable and custom.core.printing.enable are on, so this child module no longer drifts away from the parent toggle.

Also applies to: 21-21

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@modules/home-manager/services/mcpo.nix`:
- Line 11: Change the hardcoded absolute import in
modules/home-manager/services/mcpo.nix to a relative import: replace the (import
"${self}/modules/nixos/shared/services/mcpo.nix" { ... }) usage with a relative
path pointing to the shared module (e.g., (import
../../nixos/shared/services/mcpo.nix { ... })), updating the import expression
in modules/home-manager/services/mcpo.nix so it uses a portable relative path
instead of ${self}.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 07a7dda0-cd36-4dd5-a265-72c8d422073e

📥 Commits

Reviewing files that changed from the base of the PR and between e764573 and c729680.

📒 Files selected for processing (51)

• docs/src/modules/nixos/desktop.md
• docs/src/modules/nixos/services.md
• lib/builders/mkSystem.nix
• modules/home-manager/services/mcpo.nix
• modules/nixos/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/desktop/rgb.nix
• modules/nixos/desktop/vfio.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/encrypted-root.nix
• modules/nixos/laptop/default.nix
• modules/nixos/proxies.nix
• modules/nixos/shared/core.nix
• modules/nixos/shared/core/auto-upgrade.nix
• modules/nixos/shared/core/boot/default.nix
• modules/nixos/shared/core/boot/quietboot.nix
• modules/nixos/shared/core/boot/secureboot.nix
• modules/nixos/shared/core/boot/systemd-boot.nix
• modules/nixos/shared/core/default.nix
• modules/nixos/shared/core/hardware/backlight.nix
• modules/nixos/shared/core/hardware/biometrics.nix
• modules/nixos/shared/core/hardware/bluetooth.nix
• modules/nixos/shared/core/hardware/cooling.nix
• modules/nixos/shared/core/hardware/default.nix
• modules/nixos/shared/core/hardware/display.nix
• modules/nixos/shared/core/hardware/graphics.nix
• modules/nixos/shared/core/hardware/openrgb.nix
• modules/nixos/shared/core/hardware/storage/default.nix
• modules/nixos/shared/core/hardware/storage/ephemeral.nix
• modules/nixos/shared/core/hardware/storage/maintenance.nix
• modules/nixos/shared/core/hardware/storage/partitions/btrfs.nix
• modules/nixos/shared/core/hardware/storage/partitions/esp.nix
• modules/nixos/shared/core/hardware/storage/partitions/luks.nix
• modules/nixos/shared/core/hardware/storage/partitions/tmpfs.nix
• modules/nixos/shared/core/host/default.nix
• modules/nixos/shared/core/host/device.nix
• modules/nixos/shared/core/host/persistence.nix
• modules/nixos/shared/core/printing.nix
• modules/nixos/shared/default.nix
• modules/nixos/shared/features/display-manager.nix
• modules/nixos/shared/features/hm-helper/1password.nix
• modules/nixos/shared/features/hm-helper/default.nix
• modules/nixos/shared/features/hm-helper/kde-connect.nix
• modules/nixos/shared/features/hm-helper/mpv.nix
• modules/nixos/shared/features/hm-helper/nautilus.nix
• modules/nixos/shared/features/remote.nix
• modules/nixos/shared/services/default.nix
• modules/nixos/shared/services/huntress.nix
• modules/nixos/shared/services/mcpo.nix
• modules/nixos/shared/services/metrics.nix
• modules/nixos/shared/services/tailscale.nix

💤 Files with no reviewable changes (4)

• modules/nixos/proxies.nix
• modules/nixos/default.nix
• modules/nixos/encrypted-root.nix
• modules/nixos/shared/core.nix

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: generate-matrix
• GitHub Check: Mergify Merge Protections
• GitHub Check: Summary

🧰 Additional context used

📓 Path-based instructions (9)

**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/building/SKILL.md)

Use nix fmt to format Nix code and check syntax

**/*.nix: Run nix fmt <paths...> after making any changes to ensure consistent formatting
Use 2 spaces for indentation in Nix files
Use kebab-case for Nix file and directory names
Use camelCase for Nix attributes (e.g., myOption, enableFeature)
Use camelCase for Nix option paths (e.g., services.myService.enable)
Prefer minimal comments; code should be self-explanatory, using comments to explain why, not what
Prefer relative imports over absolute imports (e.g., ./modules/foo.nix)
Group imports at the top of the Nix file and use list format for multiple imports
When generating JSON, YAML, or other structured formats, define as Nix attribute sets and convert using builtins functions (e.g., builtins.toJSON), rather than using inline string literals
Follow the standard module structure pattern with config, lib, pkgs destructuring, let bindings for module configuration, and options/config sections
Use let bindings with inherit for importing functions from libraries (e.g., inherit (lib) mkIf mkEnableOption)

Run nix fmt to format code before submitting changes

**/*.nix: Use builtins.trace to add trace statements for seeing values during Nix evaluation, with builtins.toJSON for complex attribute sets
Check for circular dependencies in imports or option definitions as the root cause of infinite recursion errors in Nix
Verify attribute names, imports, and option paths to resolve 'attribute missing' errors in Nix configurations

Run nix fmt on changed Nix files after modifying modules

**/*.nix: Declare secrets in Nix using sops.secrets with the secret path as the key
Specify custom permissions for secrets using owner, group, and mode attributes in sops.secrets declarations
Use sops.templates to combine multiple secrets into configuration files with placeholders
Add restartUnits to secret declarations to automatically restart services when secrets change
Use empty `k...

Files:

• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• modules/nixos/shared/default.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix
• modules/nixos/shared/core/printing.nix

modules/home-manager/**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/modules/SKILL.md)

modules/home-manager/**/*.nix: Create Home-Manager modules at modules/home-manager/<category>/<name>.nix with osConfig parameter support and conditional config application using mkIf
Use purpose.<category> namespace for use-case modules in Home-Manager modules
Use custom.<name> namespace for custom extensions in Home-Manager modules
Use user.<name> namespace for user-specific options in Home-Manager modules

Files:

• modules/home-manager/services/mcpo.nix

modules/home-manager/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Reusable Home-Manager module fragments should be placed in modules/home-manager/ directory

Files:

• modules/home-manager/services/mcpo.nix

lib/builders/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Custom system and home builders should be implemented in lib/builders/ directory with mkSystem.nix and mkHome.nix as entry points

Files:

• lib/builders/mkSystem.nix

modules/nixos/**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/modules/SKILL.md)

Create NixOS modules at modules/nixos/<category>/<name>.nix with standard pattern including options definition, lib imports (mkEnableOption, mkOption, mkIf, types), config variable binding, and conditional config application using mkIf

Files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix
• modules/nixos/shared/core/printing.nix

modules/nixos/*/default.nix

📄 CodeRabbit inference engine (.opencode/skills/modules/SKILL.md)

Register NixOS modules in parent default.nix using imports list pattern: _: { imports = [ ./module-a.nix ./module-b.nix ]; }

Files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

modules/nixos/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Reusable NixOS module fragments should be placed in modules/nixos/ directory

Files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix
• modules/nixos/shared/core/printing.nix

docs/src/**/*.md

📄 CodeRabbit inference engine (.opencode/skills/docs/SKILL.md)

docs/src/**/*.md: Create or update Markdown files in docs/src following the documentation workflow: analyze changes, identify impact on documentation files, draft content with underscore filenames, update docs/src/SUMMARY.md, and verify Nix code examples are valid
Keep documentation explanations concise and focus on why something is configured a certain way rather than just what the code does

Files:

• docs/src/modules/nixos/services.md
• docs/src/modules/nixos/desktop.md

docs/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Project documentation should be maintained in the docs/ directory

Files:

• docs/src/modules/nixos/services.md
• docs/src/modules/nixos/desktop.md

🧠 Learnings (60)

📓 Common learnings

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Avoid hardcoded paths that should be configurable options

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/contributing/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:29.910Z
Learning: Applies to **/*.nix : Run `nix fmt` to format code before submitting changes

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to **/*.nix : Run `nix fmt <changed-files>` to fix Nix formatting failures in CI checks

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Prefer relative imports (e.g., `./modules/foo.nix`) over absolute paths

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/contributing/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:29.910Z
Learning: Applies to home/**/*.nix : Test at least one affected home configuration before submitting changes

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Follow the standard module structure pattern with `config`, `lib`, `pkgs` destructuring, `let` bindings for module configuration, and `options`/`config` sections

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to **/*.nix : Run `nix fmt` on changed Nix files after modifying modules

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/** : Reusable NixOS module fragments should be placed in `modules/nixos/` directory

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/test.md:0-0
Timestamp: 2026-03-01T12:27:25.837Z
Learning: Applies to **/*.nix : Always ensure formatting is correct by running 'nix fmt' on changed files

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Prefer relative imports over absolute imports (e.g., `./modules/foo.nix`)

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/**/*.nix : Create NixOS modules at `modules/nixos/<category>/<name>.nix` with standard pattern including options definition, lib imports (mkEnableOption, mkOption, mkIf, types), config variable binding, and conditional config application using mkIf

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/default.nix : NixOS modules should be exported through `modules/nixos/default.nix`

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/default.nix : Export module categories from top-level `modules/nixos/default.nix` as attribute set with structure: `{ boot = import ./boot; hardware = import ./hardware; services = import ./services; }`

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Physical hardware configurations should import appropriate modules from `inputs.nixos-hardware` (e.g., CPU, SSD, GPU modules) in `hardware.nix`

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/features/**/*.nix : User's feature modules should be organized in a `features/` directory within the user directory (`home/<username>/features/`)

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/hm-config.nix : Import shared user configurations from `home/shared/` directories in user configs: use `../shared/global/` for configs applied to all users, `../shared/applications/` for application configs, `../shared/desktop/` for desktop environment configs, and `../shared/features/cli/` for CLI tool configurations

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/host/**/*.nix : Use `host.<name>` namespace for host-specific options in NixOS modules

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/services/**/*.nix : Use `services.<name>` namespace for system services in NixOS modules

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/home-manager/default.nix : Home-Manager modules should be exported through `modules/home-manager/default.nix`

Applied to files:

• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• modules/nixos/shared/default.nix
• docs/src/modules/nixos/services.md
• modules/nixos/desktop/default.nix
• docs/src/modules/nixos/desktop.md
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/home-manager/*/default.nix : Register Home-Manager modules in parent `default.nix` using imports list pattern

Applied to files:

• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• modules/nixos/shared/default.nix
• docs/src/modules/nixos/services.md
• modules/nixos/desktop/default.nix
• docs/src/modules/nixos/desktop.md
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/home-manager/**/*.nix : Use `user.<name>` namespace for user-specific options in Home-Manager modules

Applied to files:

• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/services/**/*.nix : Use `services.<name>` namespace for system services in NixOS modules

Applied to files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/shared/default.nix
• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/home-manager/**/*.nix : Use `purpose.<category>` namespace for use-case modules in Home-Manager modules

Applied to files:

• modules/home-manager/services/mcpo.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Use `let` bindings with `inherit` for importing functions from libraries (e.g., `inherit (lib) mkIf mkEnableOption`)

Applied to files:

• modules/home-manager/services/mcpo.nix

📚 Learning: 2026-03-01T12:26:01.611Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/packages/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:01.611Z
Learning: Applies to pkgs/*/default.nix : For multi-output packages, use a let binding to define multiple outputs and register them with inherit syntax in pkgs/default.nix

Applied to files:

• modules/home-manager/services/mcpo.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Always use `inherit` to bring functions and values into scope instead of manual assignment

Applied to files:

• modules/home-manager/services/mcpo.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Physical hardware configurations should import appropriate modules from `inputs.nixos-hardware` (e.g., CPU, SSD, GPU modules) in `hardware.nix`

Applied to files:

• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/desktop/default.nix
• docs/src/modules/nixos/desktop.md
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Follow the standard NixOS module structure pattern with config, lib, pkgs parameters and proper `let`/`in` blocks

Applied to files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/host/**/*.nix : Use `host.<name>` namespace for host-specific options in NixOS modules

Applied to files:

• modules/home-manager/services/mcpo.nix
• docs/src/modules/nixos/services.md
• modules/nixos/desktop/virtual-machine.nix

📚 Learning: 2026-03-01T12:26:41.504Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/hm-config.nix : Import shared user configurations from `home/shared/` directories in user configs: use `../shared/global/` for configs applied to all users, `../shared/applications/` for application configs, `../shared/desktop/` for desktop environment configs, and `../shared/features/cli/` for CLI tool configurations

Applied to files:

• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to lib/builders/** : Custom system and home builders should be implemented in `lib/builders/` directory with `mkSystem.nix` and `mkHome.nix` as entry points

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:27:25.837Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/test.md:0-0
Timestamp: 2026-03-01T12:27:25.837Z
Learning: For changes affecting only hosts, build at least one affected host configuration using 'nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel'

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/home-manager/**/*.nix : Create Home-Manager modules at `modules/home-manager/<category>/<name>.nix` with osConfig parameter support and conditional config application using mkIf

Applied to files:

• lib/builders/mkSystem.nix
• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:27:25.837Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/test.md:0-0
Timestamp: 2026-03-01T12:27:25.837Z
Learning: For changes affecting only homes, build at least one affected home configuration using 'nix build .#homeConfigurations.<user>@<host>.activationPackage'

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:26:41.504Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/hm-config.nix : Create `hm-config.nix` in `home/<username>/` as the main Home-Manager entry point containing shared configuration across all hosts for that user

Applied to files:

• lib/builders/mkSystem.nix
• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:24:29.910Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/contributing/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:29.910Z
Learning: Applies to home/**/*.nix : Test at least one affected home configuration before submitting changes

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/*/default.nix : Register NixOS modules in parent `default.nix` using imports list pattern: `_: { imports = [ ./module-a.nix ./module-b.nix ]; }`

Applied to files:

• lib/builders/mkSystem.nix
• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:26:41.504Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/features/**/*.nix : User's feature modules should be organized in a `features/` directory within the user directory (`home/<username>/features/`)

Applied to files:

• lib/builders/mkSystem.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:26:41.504Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/[!.]*@(hm-config|os-config|secrets).nix : Create host-specific configuration files named `<hostname>.nix` in the user directory (`home/<username>/<hostname>.nix`), containing Home-Manager configuration with user-specific git settings, imports of shared features, and host-specific customizations

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:26:25.327Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/secrets/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:25.327Z
Learning: Applies to **/*.nix : Declare secrets in Nix using `sops.secrets` with the secret path as the key

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/default.nix : NixOS modules should be exported through `modules/nixos/default.nix`

Applied to files:

• modules/nixos/shared/default.nix
• docs/src/modules/nixos/services.md
• modules/nixos/desktop/default.nix
• docs/src/modules/nixos/desktop.md
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/default.nix : Export module categories from top-level `modules/nixos/default.nix` as attribute set with structure: `{ boot = import ./boot; hardware = import ./hardware; services = import ./services; }`

Applied to files:

• modules/nixos/shared/default.nix
• docs/src/modules/nixos/services.md
• modules/nixos/desktop/default.nix
• docs/src/modules/nixos/desktop.md
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{server,desktop,laptop}/*/default.nix : Host `default.nix` files must import `${modulesPath}/virtualisation/proxmox-lxc.nix` for LXC containers or `./hardware.nix` for physical machines

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/desktop/default.nix
• docs/src/modules/nixos/desktop.md
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:51.425Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to **/*.nix : Check for infinite recursion by examining recent changes for circular imports between modules or option definitions that reference themselves

Applied to files:

• modules/nixos/shared/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Prefer relative imports over absolute imports (e.g., `./modules/foo.nix`)

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to pkgs/default.nix : Custom packages should export their definitions through `pkgs/default.nix`

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Avoid hardcoded paths that should be configurable options

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Group imports at the top of the file and use list format for multiple imports

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:26:01.611Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/packages/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:01.611Z
Learning: Applies to overlays/default.nix : Expose custom packages via overlays/default.nix by importing the pkgs directory with inputs, lib, and pkgs parameters

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Ensure all used functions are properly inherited to avoid circular imports and hidden dependencies

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Group imports at the top of the Nix file and use list format for multiple imports

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Prefer relative imports (e.g., `./modules/foo.nix`) over absolute paths

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Follow the standard module structure pattern with `config`, `lib`, `pkgs` destructuring, `let` bindings for module configuration, and `options`/`config` sections

Applied to files:

• modules/nixos/shared/default.nix
• docs/src/modules/nixos/services.md
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Use camelCase for Nix option paths (e.g., `services.myService.enable`)

Applied to files:

• modules/nixos/shared/default.nix
• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Ensure all required options are defined before use in configuration blocks

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/server/**/*.nix : Use `server.<name>` namespace for server cluster options in NixOS modules

Applied to files:

• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:27:29.965Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-03-01T12:27:29.965Z
Learning: Applies to **/*.nix : Documentation in docs/ MUST be updated simultaneously with code changes to .nix files

Applied to files:

• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:26:25.327Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/secrets/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:25.327Z
Learning: Applies to **/*.nix : Add `restartUnits` to secret declarations to automatically restart services when secrets change

Applied to files:

• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/** : Reusable NixOS module fragments should be placed in `modules/nixos/` directory

Applied to files:

• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:27:16.409Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/security.md:0-0
Timestamp: 2026-03-01T12:27:16.409Z
Learning: Applies to **/*.nix : Apply systemd hardening options (DynamicUser, ProtectSystem, ProtectHome, PrivateTmp, NoNewPrivileges, CapabilityBoundingSet, RestrictNamespaces, RestrictRealtime, RestrictSUIDSGID, MemoryDenyWriteExecute, LockPersonality) to service definitions

Applied to files:

• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to hosts/shared/optional/** : Optional NixOS features (gaming, containers, etc.) should be organized in `hosts/shared/optional/`

Applied to files:

• docs/src/modules/nixos/services.md
• docs/src/modules/nixos/desktop.md
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/home-manager/**/*.nix : Use `custom.<name>` namespace for custom extensions in Home-Manager modules

Applied to files:

• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/**/*.nix : Create NixOS modules at `modules/nixos/<category>/<name>.nix` with standard pattern including options definition, lib imports (mkEnableOption, mkOption, mkIf, types), config variable binding, and conditional config application using mkIf

Applied to files:

• docs/src/modules/nixos/services.md
• modules/nixos/shared/core/default.nix
• modules/nixos/shared/core/printing.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Hardware configurations must define filesystem mount points with device labels and filesystem types (e.g., `fileSystems./`)

Applied to files:

• modules/nixos/desktop/virtual-machine.nix

📚 Learning: 2026-03-01T12:26:51.425Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to **/*.nix : Verify type mismatches by checking option type definitions and the value being provided in NixOS options

Applied to files:

• modules/nixos/desktop/virtual-machine.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to hosts/{desktop,laptop,server}/*/default.nix : Host system configurations should follow the pattern `hosts/<type>/<hostname>/default.nix`

Applied to files:

• modules/nixos/desktop/virtual-machine.nix
• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Verify option type definitions match their usage and configuration values

Applied to files:

• modules/nixos/desktop/virtual-machine.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to hosts/{desktop,laptop,server}/** : Per-machine NixOS configurations should be organized in `hosts/<type>/<hostname>/` where type is desktop, laptop, or server

Applied to files:

• modules/nixos/desktop/virtual-machine.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{server,desktop,laptop}/*/default.nix : Each host requires a `default.nix` file as the main configuration entry point

Applied to files:

• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to home/shared/desktop/** : Shared desktop environment configurations should be in `home/shared/desktop/`

Applied to files:

• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/hardware/**/*.nix : Use `hardware.<name>` namespace for hardware configuration in NixOS modules

Applied to files:

• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Use `mkDefault`, `mkForce`, and `mkOverride` correctly to control option priority

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Always use `mkIf` guards on config sections that are conditionally applied

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:27:29.965Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-03-01T12:27:29.965Z
Learning: Applies to **/*.nix : All affected configurations MUST be tested before completing any task, using the test agent and testing skill to identify affected configurations

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/server/*/default.nix : Server hosts must set `host.device.isHeadless = true` in their configuration

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Physical host machines (desktops/laptops) must include a `hardware.nix` file with hardware-specific configuration

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Hardware configurations must define boot loader settings including `systemd-boot.enable` and `efi.canTouchEfiVariables`

Applied to files:

• modules/nixos/shared/core/default.nix

🔇 Additional comments (14)

lib/builders/mkSystem.nix (1)

69-69: LGTM!

The import path update from modules/nixos/hm-helper to modules/nixos/shared/features/hm-helper aligns with the PR's restructuring of NixOS modules. The target module exists at the new location and follows the kebab-case naming convention.

modules/nixos/laptop/default.nix (1)

3-4: Import path migration looks correct

The updated shared feature imports are consistent with the new module layout and keep the file aligned with relative import conventions.

docs/src/modules/nixos/services.md (1)

9-9: Service documentation entry points are now aligned with the refactor

Nice sync between docs and the moved service module paths under modules/nixos/shared/services/.

Also applies to: 39-39, 72-72, 109-109

modules/nixos/shared/default.nix (1)

21-21: Shared services import is correctly wired

Adding ./services in the shared aggregator keeps service fragments discoverable from a single parent module import.

modules/nixos/desktop/default.nix (1)

3-7: Desktop module aggregation update looks good

The added RGB/VFIO imports and the move to ../shared/features/* are clean and consistent with the new module split.

docs/src/modules/nixos/desktop.md (1)

7-7: Desktop module docs now match current imports and responsibilities

Good update: the doc now captures RGB/VFIO inclusion, shared feature paths, and the separate VM module import path.

Also applies to: 15-23

modules/nixos/shared/core/printing.nix (1)

9-9: Conditional gating for printing is improved

The updated cfg scope plus the combined enable check is a solid guard and keeps printing activation aligned with core module enablement.

Also applies to: 21-21

modules/nixos/desktop/virtual-machine.nix (1)

93-93: 🧹 Nitpick | 🔵 Trivial

Module unused: schema refinement is premature

The mounts option is not actually used anywhere in the codebase—no host configuration references storage.mounts or any part of this module. Tightening the schema to a typed submodule is a sound design practice for future use, but it's currently speculative since there are no actual usage patterns to guide the type definition. Consider completing the module implementation or documenting its intended usage before refining the schema.

⛔ Skipped due to learnings

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Hardware configurations must define filesystem mount points with device labels and filesystem types (e.g., `fileSystems./`)

modules/nixos/shared/core/default.nix (6)

20-27: Imports remain unconditional despite the custom.core.enable guard.

The submodules imported here (e.g., ./printing.nix, ./auto-upgrade.nix) are loaded regardless of cfg.enable. If those modules define their own config blocks without checking the parent flag, disabling custom.core.enable will not fully disable core functionality.

Consider either:

1. Threading config.custom.core.enable into each submodule's config guard, or
2. Renaming custom.core.enable to clarify it only controls the config defined in this file.

---

41-46: Bluetooth default should exclude virtual targets.

The bluetooth.enable default only checks isHeadless, but the network option excludes virtual environments. Bluetooth hardware typically doesn't exist in VMs/containers, so enabling it pulls in unnecessary configuration (hardware.bluetooth, blueman, rfkill activation script).

🛠️ Suggested fix

     bluetooth = {
       enable = mkEnableOption "Enable Bluetooth support" // {
-        default = !config.host.device.isHeadless;
-        defaultText = literalExpression "!config.host.device.isHeadless";
+        default = !config.host.device.isHeadless && !config.host.device.isVirtual;
+        defaultText = literalExpression "!config.host.device.isHeadless && !config.host.device.isVirtual";
       };
     };

---

1-18: LGTM!

The module signature and let bindings follow the standard NixOS module structure pattern correctly. Good use of inherit to bring lib functions into scope.

---

56-108: LGTM!

The audio configuration is well-structured with appropriate mkIf guards. The PAM login limits and udev rules are standard for low-latency audio setups, and using mkForce to ensure PulseAudio is disabled while rtkit is enabled prevents conflicts.

---

109-127: LGTM!

Good fix using ${getExe pkgs.rfkill} to reference the store path instead of relying on PATH. The Bluetooth configuration with experimental settings and persistence is appropriate.

---

129-151: LGTM!

The network and non-headless configuration blocks are properly guarded with mkIf. The services enabled for non-headless systems (dleyna, gnome-keyring, udisks2, colord, polkit) are appropriate for desktop environments.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify whether `${self}`-based absolute imports are standard in Home Manager modules.
# Expected: if this file is an outlier, migrate it to relative import style.
rg -nP --type=nix '\$\{self\}/modules/nixos/' modules/home-manager

Repository: DaRacci/nix-config

Length of output: 166

---

🏁 Script executed:

# Verify the target file exists
ls -la modules/nixos/shared/services/mcpo.nix

# Check for other absolute import patterns in home-manager modules (e.g., builtins.fetchGit, other ${...} patterns)
rg -nP --type=nix '(import.*\$\{[^}]+\}|builtins\.fetch)' modules/home-manager/

Repository: DaRacci/nix-config

Length of output: 384

---

Use a relative import for the shared MCPO module

Line 11 hardcodes the module path via ${self}. This is the only instance of this pattern in the Home Manager modules directory and reduces portability compared to a relative import.

Suggested change

-    (import "${self}/modules/nixos/shared/services/mcpo.nix" {
+    (import ../../nixos/shared/services/mcpo.nix {

Per coding guidelines: prefer relative imports over absolute imports (e.g., ./modules/foo.nix).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	(import "${self}/modules/nixos/shared/services/mcpo.nix" {
	(import ../../nixos/shared/services/mcpo.nix {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/home-manager/services/mcpo.nix` at line 11, Change the hardcoded
absolute import in modules/home-manager/services/mcpo.nix to a relative import:
replace the (import "${self}/modules/nixos/shared/services/mcpo.nix" { ... })
usage with a relative path pointing to the shared module (e.g., (import
../../nixos/shared/services/mcpo.nix { ... })), updating the import expression
in modules/home-manager/services/mcpo.nix so it uses a portable relative path
instead of ${self}.

[coderabbitai]

Note

Autofix is a beta feature. Expect some limitations and changes as we gather feedback and continue to improve it.

Fixes Applied Successfully

Fixed 1 file(s) based on 1 unresolved review comment.

Files modified:

• modules/nixos/shared/core/default.nix

Commit: 683b1e79671582e2783906011a9dd72bd9724dc1

The changes have been pushed to the push-lmktvltnszyn branch.

Time taken: 1m 47s

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@modules/nixos/shared/core/default.nix`:
- Around line 134-150: Add a dedicated boolean option (e.g.,
config.custom.core.desktop.enable) defaulting to !config.host.device.isHeadless
and use it to guard the existing desktop block instead of directly using
!config.host.device.isHeadless; update the module's options set to declare the
new option with a description and default, then change the mkIf guard around
custom.defaultGroups, services (dleyna, gnome.gnome-keyring, udisks2,
xserver.updateDbusEnvironment, colord), and security.polkit.enable to mkIf
config.custom.core.desktop.enable so users can explicitly toggle the
non-headless desktop services.
- Around line 58-62: The custom.defaultGroups list incorrectly includes "rtkit"
(users access rtkit via D-Bus/Polkit, not group membership); remove the "rtkit"
entry from the custom.defaultGroups array so the list only contains "audio" and
"pipewire", leaving the security.rtkit module to manage its system group/user
and D-Bus/Polkit access.

🪄 Autofix (Beta)

❌ Autofix failed (check again to retry)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: e2d4789c-2f12-4be3-92b3-de740c56cbcb

📥 Commits

Reviewing files that changed from the base of the PR and between c729680 and 683b1e7.

📒 Files selected for processing (1)

• modules/nixos/shared/core/default.nix

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: Build nixosConfigurations.nixmi.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixio.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixarr.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixcloud.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixserv.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixai.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixmon.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixdev.config.system.build.toplevel on x86_64-linux
• GitHub Check: Mergify Merge Protections
• GitHub Check: Summary

🧰 Additional context used

📓 Path-based instructions (3)

**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/building/SKILL.md)

Use nix fmt to format Nix code and check syntax

**/*.nix: Run nix fmt <paths...> after making any changes to ensure consistent formatting
Use 2 spaces for indentation in Nix files
Use kebab-case for Nix file and directory names
Use camelCase for Nix attributes (e.g., myOption, enableFeature)
Use camelCase for Nix option paths (e.g., services.myService.enable)
Prefer minimal comments; code should be self-explanatory, using comments to explain why, not what
Prefer relative imports over absolute imports (e.g., ./modules/foo.nix)
Group imports at the top of the Nix file and use list format for multiple imports
When generating JSON, YAML, or other structured formats, define as Nix attribute sets and convert using builtins functions (e.g., builtins.toJSON), rather than using inline string literals
Follow the standard module structure pattern with config, lib, pkgs destructuring, let bindings for module configuration, and options/config sections
Use let bindings with inherit for importing functions from libraries (e.g., inherit (lib) mkIf mkEnableOption)

Run nix fmt to format code before submitting changes

**/*.nix: Use builtins.trace to add trace statements for seeing values during Nix evaluation, with builtins.toJSON for complex attribute sets
Check for circular dependencies in imports or option definitions as the root cause of infinite recursion errors in Nix
Verify attribute names, imports, and option paths to resolve 'attribute missing' errors in Nix configurations

Run nix fmt on changed Nix files after modifying modules

**/*.nix: Declare secrets in Nix using sops.secrets with the secret path as the key
Specify custom permissions for secrets using owner, group, and mode attributes in sops.secrets declarations
Use sops.templates to combine multiple secrets into configuration files with placeholders
Add restartUnits to secret declarations to automatically restart services when secrets change
Use empty `k...

Files:

• modules/nixos/shared/core/default.nix

modules/nixos/**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/modules/SKILL.md)

Create NixOS modules at modules/nixos/<category>/<name>.nix with standard pattern including options definition, lib imports (mkEnableOption, mkOption, mkIf, types), config variable binding, and conditional config application using mkIf

Files:

• modules/nixos/shared/core/default.nix

modules/nixos/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Reusable NixOS module fragments should be placed in modules/nixos/ directory

Files:

• modules/nixos/shared/core/default.nix

🧠 Learnings (20)

📓 Common learnings

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Avoid hardcoded paths that should be configurable options

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/contributing/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:29.910Z
Learning: Applies to **/*.nix : Run `nix fmt` to format code before submitting changes

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to **/*.nix : Run `nix fmt <changed-files>` to fix Nix formatting failures in CI checks

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Prefer relative imports (e.g., `./modules/foo.nix`) over absolute paths

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/contributing/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:29.910Z
Learning: Applies to home/**/*.nix : Test at least one affected home configuration before submitting changes

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Follow the standard module structure pattern with `config`, `lib`, `pkgs` destructuring, `let` bindings for module configuration, and `options`/`config` sections

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to **/*.nix : Run `nix fmt` on changed Nix files after modifying modules

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/** : Reusable NixOS module fragments should be placed in `modules/nixos/` directory

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/test.md:0-0
Timestamp: 2026-03-01T12:27:25.837Z
Learning: Applies to **/*.nix : Always ensure formatting is correct by running 'nix fmt' on changed files

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Prefer relative imports over absolute imports (e.g., `./modules/foo.nix`)

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/**/*.nix : Create NixOS modules at `modules/nixos/<category>/<name>.nix` with standard pattern including options definition, lib imports (mkEnableOption, mkOption, mkIf, types), config variable binding, and conditional config application using mkIf

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/hm-config.nix : Import shared user configurations from `home/shared/` directories in user configs: use `../shared/global/` for configs applied to all users, `../shared/applications/` for application configs, `../shared/desktop/` for desktop environment configs, and `../shared/features/cli/` for CLI tool configurations

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Physical hardware configurations should import appropriate modules from `inputs.nixos-hardware` (e.g., CPU, SSD, GPU modules) in `hardware.nix`

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to hosts/shared/optional/** : Optional NixOS features (gaming, containers, etc.) should be organized in `hosts/shared/optional/`

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/default.nix : Export module categories from top-level `modules/nixos/default.nix` as attribute set with structure: `{ boot = import ./boot; hardware = import ./hardware; services = import ./services; }`

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/default.nix : NixOS modules should be exported through `modules/nixos/default.nix`

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/host/**/*.nix : Use `host.<name>` namespace for host-specific options in NixOS modules

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/**/*.nix : Create NixOS modules at `modules/nixos/<category>/<name>.nix` with standard pattern including options definition, lib imports (mkEnableOption, mkOption, mkIf, types), config variable binding, and conditional config application using mkIf

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/default.nix : NixOS modules should be exported through `modules/nixos/default.nix`

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Follow the standard module structure pattern with `config`, `lib`, `pkgs` destructuring, `let` bindings for module configuration, and `options`/`config` sections

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/default.nix : Export module categories from top-level `modules/nixos/default.nix` as attribute set with structure: `{ boot = import ./boot; hardware = import ./hardware; services = import ./services; }`

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Use `mkDefault`, `mkForce`, and `mkOverride` correctly to control option priority

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/home-manager/default.nix : Home-Manager modules should be exported through `modules/home-manager/default.nix`

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/host/**/*.nix : Use `host.<name>` namespace for host-specific options in NixOS modules

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/*/default.nix : Register NixOS modules in parent `default.nix` using imports list pattern: `_: { imports = [ ./module-a.nix ./module-b.nix ]; }`

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Physical hardware configurations should import appropriate modules from `inputs.nixos-hardware` (e.g., CPU, SSD, GPU modules) in `hardware.nix`

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Follow the standard NixOS module structure pattern with config, lib, pkgs parameters and proper `let`/`in` blocks

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Always use `mkIf` guards on config sections that are conditionally applied

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Ensure all required options are defined before use in configuration blocks

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Avoid hardcoded paths that should be configurable options

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:27:29.965Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-03-01T12:27:29.965Z
Learning: Applies to **/*.nix : All affected configurations MUST be tested before completing any task, using the test agent and testing skill to identify affected configurations

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/server/*/default.nix : Server hosts must set `host.device.isHeadless = true` in their configuration

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{server,desktop,laptop}/*/default.nix : Host `default.nix` files must import `${modulesPath}/virtualisation/proxmox-lxc.nix` for LXC containers or `./hardware.nix` for physical machines

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:01.611Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/packages/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:01.611Z
Learning: Applies to overlays/default.nix : Expose custom packages via overlays/default.nix by importing the pkgs directory with inputs, lib, and pkgs parameters

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to hosts/shared/optional/** : Optional NixOS features (gaming, containers, etc.) should be organized in `hosts/shared/optional/`

Applied to files:

• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Hardware configurations must define boot loader settings including `systemd-boot.enable` and `efi.canTouchEfiVariables`

Applied to files:

• modules/nixos/shared/core/default.nix

🔇 Additional comments (4)

modules/nixos/shared/core/default.nix (4)

20-27: Imports follow correct relative path conventions.

The import structure is well-organised. Note: the existing review comment regarding custom.core.enable being a partial master switch (imports unconditional while config is guarded) still applies.

---

1-18: LGTM!

The module signature and let bindings follow the standard NixOS module structure pattern correctly. Good use of inherit to bring lib functions into scope.

---

29-54: LGTM!

Options are well-defined with sensible defaults. The bluetooth option correctly excludes virtual environments now, aligning with the network and printing modules' behaviour.

---

109-114: LGTM!

The rfkill invocation now correctly uses getExe to reference the store path, addressing the previous review concern about relying on PATH.

[coderabbitai]

Note

Autofix is a beta feature. Expect some limitations and changes as we gather feedback and continue to improve it.

❌ Cannot run autofix: This PR has merge conflicts.

Please resolve the conflicts with the base branch and try again.

Alternatively, use @coderabbitai resolve merge conflict to automatically resolve the conflicts.

[DaRacci]

@coderabbitai resolve merge conflict

[coderabbitai]

✅ Merge conflicts resolved successfully!

Resolved 1 conflict file(s). Commit: cce1577a312b0014aab7dc06bae9cef0ba0dd384 pushed to push-lmktvltnszyn.

90 file operation(s)

• docs/src/modules/nixos/desktop.md (update)
• lib/builders/mkSystem.nix (update)
• modules/home-manager/services/mcpo.nix (update)
• modules/nixos/default.nix (update)
• modules/nixos/desktop/default.nix (update)
• modules/nixos/desktop/rgb.nix (update)
• modules/nixos/desktop/vfio.nix (update)
• modules/nixos/desktop/virtual-machine.nix (update)
• modules/nixos/laptop/default.nix (update)
• modules/nixos/shared/core/auto-upgrade.nix (update)
• modules/nixos/shared/core/boot/default.nix (update)
• modules/nixos/shared/core/boot/quietboot.nix (update)
• modules/nixos/shared/core/boot/secureboot.nix (update)
• modules/nixos/shared/core/boot/systemd-boot.nix (update)
• modules/nixos/shared/core/default.nix (update)
• modules/nixos/shared/core/hardware/backlight.nix (update)
• modules/nixos/shared/core/hardware/biometrics.nix (update)
• modules/nixos/shared/core/hardware/bluetooth.nix (update)
• modules/nixos/shared/core/hardware/cooling.nix (update)
• modules/nixos/shared/core/hardware/default.nix (update)
• modules/nixos/shared/core/hardware/display.nix (update)
• modules/nixos/shared/core/hardware/graphics.nix (update)
• modules/nixos/shared/core/hardware/openrgb.nix (update)
• modules/nixos/shared/core/hardware/storage/default.nix (update)
• modules/nixos/shared/core/hardware/storage/ephemeral.nix (update)
• modules/nixos/shared/core/hardware/storage/maintenance.nix (update)
• modules/nixos/shared/core/hardware/storage/partitions/btrfs.nix (update)
• modules/nixos/shared/core/hardware/storage/partitions/esp.nix (update)
• modules/nixos/shared/core/hardware/storage/partitions/luks.nix (update)
• modules/nixos/shared/core/hardware/storage/partitions/tmpfs.nix (update)
• modules/nixos/shared/core/host/default.nix (update)
• modules/nixos/shared/core/host/device.nix (update)
• modules/nixos/shared/core/host/persistence.nix (update)
• modules/nixos/shared/core/printing.nix (update)
• modules/nixos/shared/default.nix (update)
• modules/nixos/shared/features/display-manager.nix (update)
• modules/nixos/shared/features/hm-helper/1password.nix (update)
• modules/nixos/shared/features/hm-helper/default.nix (update)
• modules/nixos/shared/features/hm-helper/kde-connect.nix (update)
• modules/nixos/shared/features/hm-helper/mpv.nix (update)
• modules/nixos/shared/features/hm-helper/nautilus.nix (update)
• modules/nixos/shared/features/remote.nix (update)
• modules/nixos/shared/services/ai-agent.nix (update)
• modules/nixos/shared/services/default.nix (update)
• modules/nixos/shared/services/huntress.nix (update)
• modules/nixos/shared/services/mcpo.nix (update)
• modules/nixos/shared/services/metrics.nix (update)
• modules/nixos/shared/services/tailscale.nix (update)
• modules/nixos/rgb.nix (delete)
• modules/nixos/vfio.nix (delete)
• modules/nixos/virtual-machine.nix (delete)
• modules/nixos/encrypted-root.nix (delete)
• modules/nixos/proxies.nix (delete)
• modules/nixos/shared/core.nix (delete)
• modules/nixos/shared/auto-upgrade.nix (delete)
• modules/nixos/boot/default.nix (delete)
• modules/nixos/boot/quietboot.nix (delete)
• modules/nixos/boot/secureboot.nix (delete)
• modules/nixos/boot/systemd-boot.nix (delete)
• modules/nixos/hardware/backlight.nix (delete)
• modules/nixos/hardware/biometrics.nix (delete)
• modules/nixos/hardware/bluetooth.nix (delete)
• modules/nixos/hardware/cooling.nix (delete)
• modules/nixos/hardware/default.nix (delete)
• modules/nixos/hardware/display.nix (delete)
• modules/nixos/hardware/graphics.nix (delete)
• modules/nixos/hardware/openrgb.nix (delete)
• modules/nixos/hardware/storage/default.nix (delete)
• modules/nixos/hardware/storage/ephemeral.nix (delete)
• modules/nixos/hardware/storage/maintenance.nix (delete)
• modules/nixos/hardware/storage/partitions/btrfs.nix (delete)
• modules/nixos/hardware/storage/partitions/esp.nix (delete)
• modules/nixos/hardware/storage/partitions/luks.nix (delete)
• modules/nixos/hardware/storage/partitions/tmpfs.nix (delete)
• modules/nixos/host/default.nix (delete)
• modules/nixos/host/device.nix (delete)
• modules/nixos/host/persistence.nix (delete)
• modules/nixos/shared/display-manager.nix (delete)
• modules/nixos/hm-helper/1password.nix (delete)
• modules/nixos/hm-helper/default.nix (delete)
• modules/nixos/hm-helper/kde-connect.nix (delete)
• modules/nixos/hm-helper/mpv.nix (delete)
• modules/nixos/hm-helper/nautilus.nix (delete)
• modules/nixos/shared/remote.nix (delete)
• modules/nixos/services/ai-agent.nix (delete)
• modules/nixos/services/default.nix (delete)
• modules/nixos/services/huntress.nix (delete)
• modules/nixos/services/mcpo.nix (delete)
• modules/nixos/services/metrics.nix (delete)
• modules/nixos/services/tailscale.nix (delete)

View agent analysis

I'll resolve the merge conflict for `docs/src/modules/nixos/services.md`. Let me start by inspecting the git state.

The merge conflict in `docs/src/modules/nixos/services.md` has been resolved. Here's a summary:

**Conflict type:** UD (deleted on master, modified in PR branch)

**Resolution:** Deleted the file (accepted master's deletion)

**Reasoning:**
- **Master branch** deleted `docs/src/modules/nixos/services.md` as part of a documentation reorganization, replacing it with individual files in a `docs/src/modules/nixos/services/` subdirectory (ai-agent.md, huntress.md, mcpo.md, metrics.md, tailscale.md, default.md)
- **PR branch** updated module paths in the file from `modules/nixos/services/*.nix` → `modules/nixos/shared/services/*.nix`

Since master already reorganized the docs into a superior subdirectory structure, the PR's path updates to the old monolithic file are moot. The correct resolution is to accept master's deletion.

**Note:** `docs/src/SUMMARY.md` still contains a reference to the deleted file at line 23 (`- [Services](modules/nixos/services.md)`). This is a pre-existing issue unrelated to the conflict itself—you may want to update that reference to point to the new subdirectory structure.

[coderabbitai]

Actionable comments posted: 17

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (4)

modules/nixos/shared/core/host/device.nix (1)

67-67: 🧹 Nitpick | 🔵 Trivial

Minor grammatical improvement suggestion.

The description has two clauses joined without proper punctuation. Consider revising for clarity.

✏️ Suggested improvement

-        Whether the device is headless, i.e. does not have a display is only accessible via SSH.
+        Whether the device is headless, i.e. does not have a display and is only accessible via SSH.

Alternatively:

-        Whether the device is headless, i.e. does not have a display is only accessible via SSH.
+        Whether the device is headless, i.e. does not have a display, is only accessible via SSH.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/shared/core/host/device.nix` at line 67, Edit the description
string for the headless device flag to fix punctuation and clarity: replace
"Whether the device is headless, i.e. does not have a display is only accessible
via SSH." with a clearer sentence such as "Whether the device is headless, i.e.,
does not have a display and is only accessible via SSH." (locate the description
associated with the headless attribute/flag in device.nix).

modules/nixos/shared/core/hardware/storage/ephemeral.nix (1)

36-36: 🧹 Nitpick | 🔵 Trivial

Typo in option name: paritionLabel should be partitionLabel.

The option name paritionLabel is missing a 't' and should be partitionLabel. While this is pre-existing code (not introduced in this PR), it's worth noting for a follow-up fix. The misspelling is consistently used throughout the module (lines 70, 93, 95, 96), so correcting it would require updating all references.

📝 Locations requiring updates

If corrected, the following lines would need to be updated:

• Line 36: Option definition
• Line 70: cfg.ephemeral.paritionLabel → cfg.ephemeral.partitionLabel
• Line 93: cfg.ephemeral.paritionLabel → cfg.ephemeral.partitionLabel
• Line 95: cfg.ephemeral.paritionLabel → cfg.ephemeral.partitionLabel
• Line 96: cfg.ephemeral.paritionLabel → cfg.ephemeral.partitionLabel

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/shared/core/hardware/storage/ephemeral.nix` at line 36, The
option name is misspelled: change the mkOption key and all usages from
paritionLabel to partitionLabel; update the option definition (the mkOption
named paritionLabel) and replace every reference like
cfg.ephemeral.paritionLabel with cfg.ephemeral.partitionLabel in this module so
the option name is consistent across the definition and all consumers.

modules/nixos/shared/services/ai-agent.nix (2)

219-219: ⚠️ Potential issue | 🟡 Minor

Remove trailing space from domain name.

The domain "www.moltbook.com " contains a trailing space, which is likely a typo and could cause domain matching issues.

🔧 Proposed fix

-            "www.moltbook.com "
+            "www.moltbook.com"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/shared/services/ai-agent.nix` at line 219, The domain string
"www.moltbook.com " contains a trailing space; locate the string in the
ai-agent.nix service configuration (the line with "www.moltbook.com ") and
remove the trailing whitespace so the domain reads "www.moltbook.com" to avoid
domain-matching issues.

---

15-15: 🧹 Nitpick | 🔵 Trivial

Consider simplifying the import syntax.

The string interpolation "${inputs.services-zeroclaw}" is unusual. If inputs.services-zeroclaw is already a path, you can use it directly without quotes and interpolation: inputs.services-zeroclaw.

♻️ Proposed simplification

   imports = [
-    "${inputs.services-zeroclaw}"
+    inputs.services-zeroclaw
   ];

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/shared/services/ai-agent.nix` at line 15, The string
interpolation "${inputs.services-zeroclaw}" is unnecessary; update the reference
to use the value directly by replacing the interpolated string with
inputs.services-zeroclaw where it's used (look for the literal
"${inputs.services-zeroclaw}" in modules/nixos/shared/services/ai-agent.nix) so
the attribute is referenced as a bare value instead of a quoted interpolated
string.

♻️ Duplicate comments (4)

modules/home-manager/services/mcpo.nix (1)

11-11: ⚠️ Potential issue | 🟡 Minor

Use a relative import for the shared MCPO module.

Line [11] still uses a ${self} absolute path, which reduces portability and breaks the repo’s import convention.

Suggested fix

-    (import "${self}/modules/nixos/shared/services/mcpo.nix" {
+    (import ../../nixos/shared/services/mcpo.nix {

As per coding guidelines: Prefer relative imports over absolute imports (e.g., ./modules/foo.nix).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/home-manager/services/mcpo.nix` at line 11, Replace the absolute
`${self}/modules/nixos/shared/services/mcpo.nix` import in
modules/home-manager/services/mcpo.nix with a relative path so the module
follows the repo convention; change the import expression to reference the
sibling modules directory (e.g., use ../nixos/shared/services/mcpo.nix) in the
import call so the line that currently reads import
"${self}/modules/nixos/shared/services/mcpo.nix" now uses the relative path.

modules/nixos/shared/core/default.nix (3)

58-64: ⚠️ Potential issue | 🟡 Minor

Remove rtkit from custom.defaultGroups.

Users talk to rtkit over D-Bus/Polkit rather than regular membership of the daemon’s own system group, so keeping "rtkit" here only broadens the default group set without changing behaviour.

🛠️ Proposed fix

       custom.defaultGroups = [
         "audio"
         "pipewire"
-        "rtkit"
       ];

In NixOS, does enabling `security.rtkit.enable` require regular users to be members of the `rtkit` group, or is realtime access handled through D-Bus/Polkit instead?

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/shared/core/default.nix` around lines 58 - 64, Remove "rtkit"
from custom.defaultGroups: keep security.rtkit.enable = mkForce true as-is but
delete the "rtkit" entry from custom.defaultGroups because realtime access is
handled via D-Bus/Polkit rather than requiring users to be in the rtkit system
group; locate the list labeled custom.defaultGroups in the same file and remove
the "rtkit" string item.

---

41-45: ⚠️ Potential issue | 🟡 Minor

Keep Bluetooth off on virtual targets by default.

This still enables Bluetooth on any non-headless VM, which also pulls in hardware.bluetooth, blueman, and the rfkill activation step. network and printing already exclude virtual targets, so this default should match that behaviour.

🛠️ Proposed fix

     bluetooth = {
       enable = mkEnableOption "Enable Bluetooth support" // {
-        default = !config.host.device.isHeadless;
-        defaultText = literalExpression "!config.host.device.isHeadless";
+        default = !config.host.device.isHeadless && !config.host.device.isVirtual;
+        defaultText = literalExpression
+          "!config.host.device.isHeadless && !config.host.device.isVirtual";
       };
     };

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/shared/core/default.nix` around lines 41 - 45, The bluetooth
option currently enables on any non-headless VM; change the default to also
exclude virtual targets by updating the bluetooth enable block (bluetooth,
mkEnableOption, default, defaultText) so default =
!config.host.device.isHeadless && !config.host.device.isVirtual and update
defaultText = literalExpression "!config.host.device.isHeadless &&
!config.host.device.isVirtual" to match the existing network/printing behaviour.

---

20-27: ⚠️ Potential issue | 🟠 Major

Verify custom.core.enable reaches every imported submodule.

config = mkIf cfg.enable ... only gates this file. ./boot, ./hardware, ./host, and ./auto-upgrade.nix are still imported unconditionally, so the master switch stays partial unless each imported module also checks config.custom.core.enable. As per coding guidelines, always use mkIf guards on config sections that are conditionally applied.

#!/bin/bash
set -euo pipefail

targets=(
  modules/nixos/shared/core/boot
  modules/nixos/shared/core/hardware
  modules/nixos/shared/core/host
  modules/nixos/shared/core/auto-upgrade.nix
  modules/nixos/shared/core/printing.nix
)

for target in "${targets[@]}"; do
  echo "=== $target ==="
  if [ -d "$target" ]; then
    fd -e nix . "$target" -x sh -c '
      f="$1"
      echo "--- $f ---"
      rg -n -C2 "custom\.core\.enable|cfg\.enable|mkIf" "$f" || true
    ' sh {}
  else
    rg -n -C2 "custom\.core\.enable|cfg\.enable|mkIf" "$target" || true
  fi
  echo
done

Expected result: every imported module that emits config should guard it with config.custom.core.enable or an equivalent shared binding.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/shared/core/default.nix` around lines 20 - 27, The imports
block currently brings in boot/hardware/host/auto-upgrade/printing modules
unconditionally while the top-level uses mkIf cfg.enable, so the master switch
is partial; open each imported module (boot, hardware, host, auto-upgrade,
printing) and wrap any sections that emit NixOS `config` with mkIf
config.custom.core.enable (or mkIf cfg.enable if the module uses `cfg` arg) so
no config is applied unless the core enable flag is true; look for unguarded
`config.` assignments and replace them with mkIf guards (use the existing mkIf
helper and the symbol config.custom.core.enable) so every config-producing block
is conditionally applied.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/src/modules/nixos/desktop.md`:
- Line 40: Add a trailing newline to the end of the document to satisfy
markdownlint MD047: open the file containing the line "If you need to disable a
specific component imported by this module, you may need to use `lib.mkForce` or
target the specific component's enable option if available." and ensure there is
a final newline (blank line) after that sentence, then save/commit the change so
the file ends with a newline.

In `@modules/nixos/default.nix`:
- Around line 1-3: The top-level export in modules/nixos/default.nix currently
only exposes shared, which breaks the documented contract; restore the full
module category exports by returning an attribute set that includes the expected
categories (e.g., boot, hardware, services) alongside shared, each imported from
their respective files (import ./boot, import ./hardware, import ./services,
etc.) so callers get the top-level structure { boot = import ./boot; hardware =
import ./hardware; services = import ./services; shared = import ./shared; }.

In `@modules/nixos/desktop/rgb.nix`:
- Line 47: The file modules/nixos/desktop/rgb.nix has EOF formatting drift
(missing trailing newline); fix it by running nix fmt on that file (e.g., `nix
fmt modules/nixos/desktop/rgb.nix`) to restore the proper end-of-file newline
and formatting, then re-stage and commit the updated rgb.nix so the trailing
newline and nixfmt rules are applied.

In `@modules/nixos/shared/core/boot/secureboot.nix`:
- Line 31: The file modules/nixos/shared/core/boot/secureboot.nix is missing a
trailing newline at EOF; restore the final newline character at the end of
secureboot.nix (so the file ends with a newline) and then run nix fmt on this
and any other changed .nix files to ensure formatting compliance with the
repository's linting rules.

In `@modules/nixos/shared/core/boot/systemd-boot.nix`:
- Line 30: The file ends with a formatting/regression at EOF (an extra/missing
newline after the final closing brace '}'); fix it by re-running the formatter
(nix fmt) for the module so the file ends in formatter-compliant form and commit
the resulting change (ensure the final '}' is followed by the proper newline per
nix fmt).

In `@modules/nixos/shared/core/hardware/graphics.nix`:
- Line 184: The file ends without a trailing newline which breaks nix fmt; add a
final newline (ensure the file terminates with an EOF newline) and run `nix fmt`
on modules/nixos/shared/core/hardware/graphics.nix (or reformat the changed
file) so the formatter validation passes.

In `@modules/nixos/shared/core/hardware/storage/ephemeral.nix`:
- Line 106: Add a trailing newline at the end of the file so it ends with a
newline character; specifically ensure the final closing brace '}' in the file
is followed by a newline (POSIX EOF newline) to satisfy nix fmt and project
formatting rules.

In `@modules/nixos/shared/core/hardware/storage/maintenance.nix`:
- Line 19: Add a missing trailing newline at the end of maintenance.nix (the
file ending after the final "}" token) and then run nix fmt to reformat; ensure
the file ends with a single EOF newline so it passes the nix fmt/style check.

In `@modules/nixos/shared/core/hardware/storage/partitions/btrfs.nix`:
- Line 47: The file ends with a closing brace "}" but is missing the trailing
newline; add a newline character after the final "}" so the file ends with an
EOF newline and then run `nix fmt` to reformat (e.g., format the file containing
the final "}" in
modules/nixos/shared/core/hardware/storage/partitions/btrfs.nix) to ensure it
passes the nix fmt validation.

In `@modules/nixos/shared/core/hardware/storage/partitions/luks.nix`:
- Line 20: The file ends with a lone closing brace '}' and is missing the
required trailing newline; add a final newline at EOF and run nix fmt to
reformat (e.g., run `nix fmt` for the repo or specifically on this file) so the
file (containing the final '}') passes the Nix formatter and style checks, then
commit the formatted change.

In `@modules/nixos/shared/core/hardware/storage/partitions/tmpfs.nix`:
- Line 9: Add a missing trailing newline at the end of the file by inserting a
final newline after the closing brace ('}') at EOF in the tmpfs partition
definition so the file ends with a newline; then run `nix fmt` (or your
project's formatting step) to ensure the file passes CI formatting checks.

In `@modules/nixos/shared/core/host/default.nix`:
- Line 41: The file ends with a closing brace '}' but is missing the
newline-at-EOF; re-run the formatter (nix fmt) on the changed file to restore
the normalised EOF newline and repo formatting standards so the trailing '}' is
followed by a newline.

In `@modules/nixos/shared/features/hm-helper/kde-connect.nix`:
- Line 39: The file modules/nixos/shared/features/hm-helper/kde-connect.nix was
left without a final newline (EOF newline-only regression); restore the
formatter-consistent file ending by running nix fmt on that file (or the changed
Nix files) so the file ends with a single trailing newline and formatting is
applied, ensuring the closing brace '}' and file end conform to nix fmt
standards.

In `@modules/nixos/shared/features/hm-helper/mpv.nix`:
- Line 30: The file modules/nixos/shared/features/hm-helper/mpv.nix has
formatting/regression around the EOF block; run the Nix formatter on that module
(nix fmt modules/nixos/shared/features/hm-helper/mpv.nix) to restore proper
EOF/newline and consistent formatting, then re-stage the formatted file (ensure
the EOF delimiter and surrounding braces in the mpv.nix module are corrected).

In `@modules/nixos/shared/features/remote.nix`:
- Line 209: The file ends without a trailing newline; add a final newline
character at EOF so the file terminates with a newline and then run nix fmt on
the changed Nix files to restore formatter compliance and satisfy CI; target the
file that lacks the EOF newline and reformat with nix fmt to update the file
accordingly.

In `@modules/nixos/shared/services/ai-agent.nix`:
- Line 277: The file ai-agent.nix is missing a trailing newline at EOF; add a
single newline character at the end of the file (or run nix fmt to apply
formatting) so the file ends with a newline character and the formatter will
pass.

In `@modules/nixos/shared/services/metrics.nix`:
- Line 525: Add a single trailing newline at the end of
modules/nixos/shared/services/metrics.nix (ensure the file ends with a newline
character) and then run `nix fmt` to enforce Nix formatting; verify `nix fmt`
passes for metrics.nix before committing.

---

Outside diff comments:
In `@modules/nixos/shared/core/hardware/storage/ephemeral.nix`:
- Line 36: The option name is misspelled: change the mkOption key and all usages
from paritionLabel to partitionLabel; update the option definition (the mkOption
named paritionLabel) and replace every reference like
cfg.ephemeral.paritionLabel with cfg.ephemeral.partitionLabel in this module so
the option name is consistent across the definition and all consumers.

In `@modules/nixos/shared/core/host/device.nix`:
- Line 67: Edit the description string for the headless device flag to fix
punctuation and clarity: replace "Whether the device is headless, i.e. does not
have a display is only accessible via SSH." with a clearer sentence such as
"Whether the device is headless, i.e., does not have a display and is only
accessible via SSH." (locate the description associated with the headless
attribute/flag in device.nix).

In `@modules/nixos/shared/services/ai-agent.nix`:
- Line 219: The domain string "www.moltbook.com " contains a trailing space;
locate the string in the ai-agent.nix service configuration (the line with
"www.moltbook.com ") and remove the trailing whitespace so the domain reads
"www.moltbook.com" to avoid domain-matching issues.
- Line 15: The string interpolation "${inputs.services-zeroclaw}" is
unnecessary; update the reference to use the value directly by replacing the
interpolated string with inputs.services-zeroclaw where it's used (look for the
literal "${inputs.services-zeroclaw}" in
modules/nixos/shared/services/ai-agent.nix) so the attribute is referenced as a
bare value instead of a quoted interpolated string.

---

Duplicate comments:
In `@modules/home-manager/services/mcpo.nix`:
- Line 11: Replace the absolute `${self}/modules/nixos/shared/services/mcpo.nix`
import in modules/home-manager/services/mcpo.nix with a relative path so the
module follows the repo convention; change the import expression to reference
the sibling modules directory (e.g., use ../nixos/shared/services/mcpo.nix) in
the import call so the line that currently reads import
"${self}/modules/nixos/shared/services/mcpo.nix" now uses the relative path.

In `@modules/nixos/shared/core/default.nix`:
- Around line 58-64: Remove "rtkit" from custom.defaultGroups: keep
security.rtkit.enable = mkForce true as-is but delete the "rtkit" entry from
custom.defaultGroups because realtime access is handled via D-Bus/Polkit rather
than requiring users to be in the rtkit system group; locate the list labeled
custom.defaultGroups in the same file and remove the "rtkit" string item.
- Around line 41-45: The bluetooth option currently enables on any non-headless
VM; change the default to also exclude virtual targets by updating the bluetooth
enable block (bluetooth, mkEnableOption, default, defaultText) so default =
!config.host.device.isHeadless && !config.host.device.isVirtual and update
defaultText = literalExpression "!config.host.device.isHeadless &&
!config.host.device.isVirtual" to match the existing network/printing behaviour.
- Around line 20-27: The imports block currently brings in
boot/hardware/host/auto-upgrade/printing modules unconditionally while the
top-level uses mkIf cfg.enable, so the master switch is partial; open each
imported module (boot, hardware, host, auto-upgrade, printing) and wrap any
sections that emit NixOS `config` with mkIf config.custom.core.enable (or mkIf
cfg.enable if the module uses `cfg` arg) so no config is applied unless the core
enable flag is true; look for unguarded `config.` assignments and replace them
with mkIf guards (use the existing mkIf helper and the symbol
config.custom.core.enable) so every config-producing block is conditionally
applied.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 3cb828e3-70ea-4304-90fd-eed7e2b6bee0

📥 Commits

Reviewing files that changed from the base of the PR and between 683b1e7 and cce1577.

📒 Files selected for processing (48)

• docs/src/modules/nixos/desktop.md
• lib/builders/mkSystem.nix
• modules/home-manager/services/mcpo.nix
• modules/nixos/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/desktop/rgb.nix
• modules/nixos/desktop/vfio.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/auto-upgrade.nix
• modules/nixos/shared/core/boot/default.nix
• modules/nixos/shared/core/boot/quietboot.nix
• modules/nixos/shared/core/boot/secureboot.nix
• modules/nixos/shared/core/boot/systemd-boot.nix
• modules/nixos/shared/core/default.nix
• modules/nixos/shared/core/hardware/backlight.nix
• modules/nixos/shared/core/hardware/biometrics.nix
• modules/nixos/shared/core/hardware/bluetooth.nix
• modules/nixos/shared/core/hardware/cooling.nix
• modules/nixos/shared/core/hardware/default.nix
• modules/nixos/shared/core/hardware/display.nix
• modules/nixos/shared/core/hardware/graphics.nix
• modules/nixos/shared/core/hardware/openrgb.nix
• modules/nixos/shared/core/hardware/storage/default.nix
• modules/nixos/shared/core/hardware/storage/ephemeral.nix
• modules/nixos/shared/core/hardware/storage/maintenance.nix
• modules/nixos/shared/core/hardware/storage/partitions/btrfs.nix
• modules/nixos/shared/core/hardware/storage/partitions/esp.nix
• modules/nixos/shared/core/hardware/storage/partitions/luks.nix
• modules/nixos/shared/core/hardware/storage/partitions/tmpfs.nix
• modules/nixos/shared/core/host/default.nix
• modules/nixos/shared/core/host/device.nix
• modules/nixos/shared/core/host/persistence.nix
• modules/nixos/shared/core/printing.nix
• modules/nixos/shared/default.nix
• modules/nixos/shared/features/display-manager.nix
• modules/nixos/shared/features/hm-helper/1password.nix
• modules/nixos/shared/features/hm-helper/default.nix
• modules/nixos/shared/features/hm-helper/kde-connect.nix
• modules/nixos/shared/features/hm-helper/mpv.nix
• modules/nixos/shared/features/hm-helper/nautilus.nix
• modules/nixos/shared/features/remote.nix
• modules/nixos/shared/services/ai-agent.nix
• modules/nixos/shared/services/default.nix
• modules/nixos/shared/services/huntress.nix
• modules/nixos/shared/services/mcpo.nix
• modules/nixos/shared/services/metrics.nix
• modules/nixos/shared/services/tailscale.nix

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add the missing trailing newline.

markdownlint MD047 will keep flagging this file as-is.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~40-~40: Possible missing comma found.
Context: ... target the specific component's enable option if available.

(AI_HYDRA_LEO_MISSING_COMMA)

🪛 markdownlint-cli2 (0.22.0)

[warning] 40-40: Files should end with a single newline character

(MD047, single-trailing-newline)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/src/modules/nixos/desktop.md` at line 40, Add a trailing newline to the
end of the document to satisfy markdownlint MD047: open the file containing the
line "If you need to disable a specific component imported by this module, you
may need to use `lib.mkForce` or target the specific component's enable option
if available." and ensure there is a final newline (blank line) after that
sentence, then save/commit the change so the file ends with a newline.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Restore category exports in top-level modules/nixos/default.nix.

Line 2 narrows the public export to only shared, which drops expected top-level category attrs and breaks the documented contract for this file.

Suggested compatibility-preserving fix

 {
   shared = import ./shared;
+  boot = import ./shared/core/boot;
+  hardware = import ./shared/core/hardware;
+  services = import ./shared/services;
 }

As per coding guidelines: modules/nixos/default.nix must export module categories from top-level with a structure like { boot = import ./boot; hardware = import ./hardware; services = import ./services; }.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/default.nix` around lines 1 - 3, The top-level export in
modules/nixos/default.nix currently only exposes shared, which breaks the
documented contract; restore the full module category exports by returning an
attribute set that includes the expected categories (e.g., boot, hardware,
services) alongside shared, each imported from their respective files (import
./boot, import ./hardware, import ./services, etc.) so callers get the top-level
structure { boot = import ./boot; hardware = import ./hardware; services =
import ./services; shared = import ./shared; }.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

EOF formatting drift detected.

Please re-run nix fmt for this file; the change looks like an end-of-file newline removal.

As per coding guidelines, “All code MUST be formatted with nix fmt before completing any task”.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/desktop/rgb.nix` at line 47, The file
modules/nixos/desktop/rgb.nix has EOF formatting drift (missing trailing
newline); fix it by running nix fmt on that file (e.g., `nix fmt
modules/nixos/desktop/rgb.nix`) to restore the proper end-of-file newline and
formatting, then re-stage and commit the updated rgb.nix so the trailing newline
and nixfmt rules are applied.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Restore trailing newline at EOF to keep formatter compliance.

This file now ends without a trailing newline, which can break strict formatting checks in CI. Please add the newline back and run nix fmt on changed Nix files.

As per coding guidelines, **/*.nix must pass nix fmt formatting validation and formatting must be correct before submission.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/shared/core/boot/secureboot.nix` at line 31, The file
modules/nixos/shared/core/boot/secureboot.nix is missing a trailing newline at
EOF; restore the final newline character at the end of secureboot.nix (so the
file ends with a newline) and then run nix fmt on this and any other changed
.nix files to ensure formatting compliance with the repository's linting rules.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Formatting regression at end-of-file.

Line 30 indicates an EOF-only change; please re-run nix fmt so the file ends in formatter-compliant form.

As per coding guidelines, “Run nix fmt to format code before submitting changes”.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/shared/core/boot/systemd-boot.nix` at line 30, The file ends
with a formatting/regression at EOF (an extra/missing newline after the final
closing brace '}'); fix it by re-running the formatter (nix fmt) for the module
so the file ends in formatter-compliant form and commit the resulting change
(ensure the final '}' is followed by the proper newline per nix fmt).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Please restore formatter-consistent file ending.

This appears to be an EOF newline-only regression; run nix fmt on the changed Nix files.

As per coding guidelines, “Run nix fmt on changed Nix files after modifying modules”.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/shared/features/hm-helper/kde-connect.nix` at line 39, The file
modules/nixos/shared/features/hm-helper/kde-connect.nix was left without a final
newline (EOF newline-only regression); restore the formatter-consistent file
ending by running nix fmt on that file (or the changed Nix files) so the file
ends with a single trailing newline and formatting is applied, ensuring the
closing brace '}' and file end conform to nix fmt standards.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Run formatter on this hm-helper module.

EOF formatting appears to have regressed here; please run nix fmt for this path.

As per coding guidelines, “Run nix fmt <paths...> after making any changes to ensure consistent formatting”.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/shared/features/hm-helper/mpv.nix` at line 30, The file
modules/nixos/shared/features/hm-helper/mpv.nix has formatting/regression around
the EOF block; run the Nix formatter on that module (nix fmt
modules/nixos/shared/features/hm-helper/mpv.nix) to restore proper EOF/newline
and consistent formatting, then re-stage the formatted file (ensure the EOF
delimiter and surrounding braces in the mpv.nix module are corrected).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Restore formatter compliance for EOF newline.

This file appears to end without a final newline; please run nix fmt on changed files to keep CI formatting checks green.

As per coding guidelines, “Code MUST pass nix fmt formatting validation” and “Run nix fmt <changed-files> to fix Nix formatting failures in CI checks”.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/shared/features/remote.nix` at line 209, The file ends without
a trailing newline; add a final newline character at EOF so the file terminates
with a newline and then run nix fmt on the changed Nix files to restore
formatter compliance and satisfy CI; target the file that lacks the EOF newline
and reformat with nix fmt to update the file accordingly.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check and format the file with nix fmt

# Format the file
nix fmt modules/nixos/shared/services/ai-agent.nix

# Verify the file now has proper EOF newline
if [ -n "$(tail -c 1 modules/nixos/shared/services/ai-agent.nix)" ]; then
  echo "ERROR: File still missing newline at EOF"
  exit 1
else
  echo "OK: File has proper newline at EOF"
fi

Repository: DaRacci/nix-config

Length of output: 161

---

🏁 Script executed:

#!/bin/bash

# Check the file's last few bytes to see if newline is present
echo "=== Checking last 20 bytes of file ==="
tail -c 20 modules/nixos/shared/services/ai-agent.nix | od -c

echo ""
echo "=== Checking if file ends with newline ==="
if [ -z "$(tail -c 1 modules/nixos/shared/services/ai-agent.nix)" ]; then
  echo "File ends with newline (OK)"
else
  echo "File does NOT end with newline (missing)"
fi

echo ""
echo "=== File size and last line ==="
wc -l modules/nixos/shared/services/ai-agent.nix
tail -n 3 modules/nixos/shared/services/ai-agent.nix | od -c

Repository: DaRacci/nix-config

Length of output: 367

---

🏁 Script executed:

# View the actual end of file content
echo "=== Last 10 lines of file ==="
tail -n 10 modules/nixos/shared/services/ai-agent.nix

echo ""
echo "=== Checking line count vs file position ==="
tail -n 1 modules/nixos/shared/services/ai-agent.nix | cat -A

Repository: DaRacci/nix-config

Length of output: 303

---

Add trailing newline at end of file.

File is missing a newline at EOF. Run nix fmt modules/nixos/shared/services/ai-agent.nix to fix.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/shared/services/ai-agent.nix` at line 277, The file
ai-agent.nix is missing a trailing newline at EOF; add a single newline
character at the end of the file (or run nix fmt to apply formatting) so the
file ends with a newline character and the formatter will pass.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Missing trailing newline at end of file.

The file is missing a trailing newline at the end, which violates Nix formatting standards and will likely fail nix fmt validation.

🔧 Proposed fix

Run nix fmt on this file to automatically add the required trailing newline:

nix fmt modules/nixos/shared/services/metrics.nix

As per coding guidelines: Code MUST pass nix fmt formatting validation, and you should run nix fmt to format code before submitting changes.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/shared/services/metrics.nix` at line 525, Add a single trailing
newline at the end of modules/nixos/shared/services/metrics.nix (ensure the file
ends with a newline character) and then run `nix fmt` to enforce Nix formatting;
verify `nix fmt` passes for metrics.nix before committing.

[coderabbitai]

Actionable comments posted: 62

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (10)

modules/home-manager/programs/list-ephemeral.nix (1)

7-7: 🧹 Nitpick | 🔵 Trivial

Refactor to use explicit inherit instead of with lib;.

The use of with lib; pollutes the scope and hides dependencies. Per coding guidelines, prefer explicit inherit statements to make dependencies clear and avoid potential circular import issues.

♻️ Proposed refactoring

-with lib;
 let
+  inherit (lib)
+    mkEnableOption
+    mkOption
+    mkIf
+    types
+    removePrefix
+    hasPrefix
+    isAttrs
+    concatMap
+    unique
+    getName
+    ;
+
   cfg = config.programs.list-ephemeral;

As per coding guidelines: "Avoid using with at module level as it pollutes scope and hides dependencies" and "Always use inherit to bring functions and values into scope instead of manual assignment".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/home-manager/programs/list-ephemeral.nix` at line 7, Replace the
module-level "with lib;" usage by removing that line and explicitly inheriting
only the lib symbols you actually use; locate references to functions/values
accessed via lib (e.g., functions like mkDerivation, lib.attrName, or other
lib.* usages) and add an explicit "inherit (lib) <name1> <name2> ..." where the
module's arguments/attribute set is defined or directly bind the specific values
from lib into the scope instead of using with; ensure you remove any reliance on
implicit scope from "with lib;" so all lib dependencies are explicit.

.opencode/command/opsx-ff.md (1)

5-95: ⚠️ Potential issue | 🟠 Major

Add a top-level heading and normalise fence spacing to unblock markdownlint.

This file currently violates markdownlint rules (MD041, MD031), which can fail docs CI. Please add an H1 near the top and ensure fenced blocks in list items are surrounded by blank lines consistently.

Suggested patch pattern

+ # /opsx-ff

 Start a new change using the experimental artifact-driven approach.
@@
-3. **Create the change directory**
-   ```bash
+3. **Create the change directory**
+
+   ```bash
    openspec new change "<name>"
    ```
+
    This creates a scaffolded change at `openspec/changes/<name>/`.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.opencode/command/opsx-ff.md around lines 5 - 95, Add a top-level H1 near
the top of .opencode/command/opsx-ff.md and normalize blank lines around fenced
code blocks (fix MD041 and MD031): insert an H1 (e.g., "# Fast-forward artifact
creation") before the existing first paragraph, then ensure every fenced block
used in list items (notably the bash block under "3. **Create the change
directory**" and similar fenced examples) is preceded and followed by a blank
line so the fenced code is isolated; update the fenced block spacing
consistently throughout the file to satisfy markdownlint.

.opencode/command/opsx-new.md (1)

5-67: ⚠️ Potential issue | 🟠 Major

Fix markdownlint violations before merge (missing H1 + fence spacing).

The current formatting triggers MD041 and MD031 warnings. Add a top-level heading and ensure fenced code blocks in numbered steps are separated with blank lines.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.opencode/command/opsx-new.md around lines 5 - 67, The markdown is missing a
top-level heading and has fenced code blocks without surrounding blank lines,
triggering MD041 and MD031; add a single H1 title at the top (e.g., "OpsX: Start
a New Change") and update the numbered steps so every fenced code block (the
bash examples for openspec commands in steps 3 and 4 and the commands in step 5)
is separated from the list text by a blank line before the opening ``` and a
blank line after the closing ```, ensuring proper spacing inside the list; keep
all existing content and guardrails unchanged.

.opencode/command/opsx-continue.md (1)

5-112: ⚠️ Potential issue | 🟠 Major

Fix markdownlint issues (missing H1 and fenced-block spacing).

This file currently violates MD041 and MD031; please add a top-level heading and surround fenced blocks with blank lines consistently.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.opencode/command/opsx-continue.md around lines 5 - 112, The markdown
violates MD041 (missing top-level heading) and MD031 (fenced code block
spacing); fix by adding a single H1 at the very top (e.g., "# Continue working
on a change") and ensure every fenced code block in this file has a blank line
before the opening ``` and a blank line after the closing ```, including the
three example bash blocks under "Steps" and "After creating an artifact"; update
the sections that include fenced blocks (the "Steps" code examples and any other
``` blocks) to follow this spacing consistently so markdownlint no longer flags
MD031/MD041.

.opencode/skills/openspec-continue-change/SKILL.md (1)

12-119: ⚠️ Potential issue | 🟠 Major

Address markdownlint failures in this skill doc (MD041/MD031).

Please add a top-level heading and insert required blank lines around fenced code blocks in step sections.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.opencode/skills/openspec-continue-change/SKILL.md around lines 12 - 119,
The document fails markdownlint rules MD041 (missing top-level heading) and
MD031 (no blank lines around fenced code blocks); add a top-level H1 heading
(e.g., "# Continue working on a change") at the start of SKILL.md, and ensure
every fenced code block in the Steps and later sections has a blank line before
the opening ``` and a blank line after the closing ``` (fix the bash snippets
like the examples for "openspec status --change" and "openspec instructions" and
any other triple-backtick blocks). Do not change the text inside the code
blocks—only insert the required blank lines and the single top-level heading.

.opencode/skills/openspec-onboard/SKILL.md (2)

12-555: 🧹 Nitpick | 🔵 Trivial

Reduce duplication with .opencode/command/opsx-onboard.md to prevent workflow drift.

This file and the command doc carry near-identical onboarding content. Consider extracting shared content or introducing a single source-of-truth to avoid future divergence.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.opencode/skills/openspec-onboard/SKILL.md around lines 12 - 555, The review
points out duplicated onboarding content between
.opencode/skills/openspec-onboard/SKILL.md and
.opencode/command/opsx-onboard.md; consolidate to a single source-of-truth to
avoid drift by extracting the common text into one canonical file (e.g., a new
shared docs file or keep only .opencode/command/opsx-onboard.md) and update the
other to reference/include it (remove duplicated blocks in SKILL.md or replace
them with a short pointer/summary and an include directive), ensuring you modify
occurrences of the onboarding headings/sections in SKILL.md and any references
to opsx-onboard content so they point to the canonical symbol/file you chose.

---

12-555: ⚠️ Potential issue | 🟠 Major

Resolve markdownlint blockers (MD041, MD040, MD031) across this onboarding skill.

Multiple fenced blocks have no language tag and/or missing surrounding blank lines, and the file lacks a top-level heading. This is likely to fail documentation linting.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.opencode/skills/openspec-onboard/SKILL.md around lines 12 - 555, The
markdown fails lint rules MD041/MD040/MD031: add a top-level heading at the very
start (e.g., "# OpenSpec Onboard Skill"), tag every fenced code block with an
appropriate language (e.g., ```bash, ```powershell, ```text) and ensure each
fenced block is preceded and followed by a blank line; update the SKILL.md
content where the welcome text, CLI checks, code snippets, and command reference
blocks are defined (search for the untagged fenced blocks and the file start)
and apply these three fixes consistently across all fenced blocks and the file
header.

.opencode/command/opsx-onboard.md (1)

5-548: ⚠️ Potential issue | 🟠 Major

This onboarding command doc has broad markdownlint failures that should be cleaned up in one pass.

Tool-reported MD041/MD040/MD031 violations are pervasive (missing top-level heading, unlabeled fenced blocks, spacing around fences). Please normalise formatting to keep docs CI green.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.opencode/command/opsx-onboard.md around lines 5 - 548, The doc fails
markdownlint rules (MD041, MD040, MD031): add a top-level H1 (e.g., "# OpenSpec
Onboard"), label all fenced code blocks with a language hint (bash, powershell,
etc.) and ensure a blank line before and after each fenced block, and normalize
spacing around headings and lists (single blank line between sections and
before/after fences) throughout the file; fix unlabeled HTML/inline fences and
any backtick mismatches, then run markdownlint to verify no remaining
MD041/MD040/MD031 violations.

modules/nixos/core/groups.nix (1)

16-35: ⚠️ Potential issue | 🔴 Critical

Critical: option path and cfg lookup are mismatched — defaultGroups will never apply.

The option is declared at options.core.defaultGroups (line 19), but cfg = config.core.groups (line 16) causes the module to read from config.core.groups.defaultGroups, which doesn't exist. All other modules write to core.defaultGroups (e.g., containers.nix, printing.nix, virtualisation.nix, default.nix, gaming.nix), not core.groups.defaultGroups. The mkIf guard at line 25 will never activate because it evaluates an undefined path, preventing user-group injection on all affected hosts.

Change line 16 to cfg = config.core; to match the declared option path.

Proposed fix

-  cfg = config.core.groups;
+  cfg = config.core;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/core/groups.nix` around lines 16 - 35, The module sets cfg =
config.core.groups but declares the option at options.core.defaultGroups, so
cfg.defaultGroups is never found and the mkIf guard around users.users never
runs; change the cfg assignment to use config.core (i.e., set cfg = config.core)
so that cfg.defaultGroups points to options.core.defaultGroups and the
users.users mapping (using nameValuePair and extraGroups) inside the mkIf
activates correctly.

hosts/desktop/nixmi/default.nix (1)

128-158: ⚠️ Potential issue | 🟡 Minor

Stale ALVR firewall ports after removal of programs.alvr config.

Per the PR summary, ALVR was disabled by removing the programs.alvr block, but the corresponding UDP/TCP firewall holes are still present (lines 131-134 and 154-157). These now open ports for a service that is no longer enabled, which violates the least-privilege firewall principle. Either restore the programs.alvr configuration or drop the ALVR-specific port entries (and their comments) from allowedUDPPorts / allowedTCPPorts.

As per coding guidelines, "Enable firewall (networking.firewall.enable = true) and keep only necessary ports open".

🛡️ Proposed change

   networking = {
     firewall = {
       allowedUDPPorts = [
-        # ALVR
-        9942 # OSC
-        9944 # Stream
-        8082 # Web
-
         7860
         11434
         27031
         27036
       ];
       allowedTCPPorts = [
         9999
         22
         5990
         9943
         8080
         7860
         11434
         27036
         27037
         10400
         10401
-
-        # ALVR
-        9942
-        9944
-        8082
       ];
     };

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@hosts/desktop/nixmi/default.nix` around lines 128 - 158, The ALVR-specific
ports remain in the networking.firewall lists even though programs.alvr was
removed; update the allowedUDPPorts and allowedTCPPorts arrays (symbols:
allowedUDPPorts, allowedTCPPorts) to remove the ALVR entries and their comments
(UDP 9942, 9944, 8082 and TCP 9942, 9944, 8082) or alternatively restore the
programs.alvr block if ALVR is intended to be enabled; ensure
networking.firewall.enable remains true and only necessary ports are listed
after the change.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.opencode/command/opsx-bulk-archive.md:
- Around line 121-125: Add a deterministic pre-check before running mv:
construct a target variable (e.g.,
target="openspec/changes/archive/YYYY-MM-DD-<name>"), test existence with [ -e
"$target" ], and if it exists record/mark this change as Failed with a clear
error suggesting renaming the existing archive or choosing a different date and
then continue processing remaining changes; otherwise perform mv
openspec/changes/<name> "$target".

In @.opencode/command/opsx-sync.md:
- Around line 9-20: Update the /opsx-sync flow so that when no change name is
provided it does NOT infer from conversation context; instead always run
`openspec list --json`, filter for active (non-archived) changes with delta
specs under the specs/ directory, and present those options to the user via the
AskUserQuestion tool for explicit selection; ensure the code path that
previously allowed inference is removed or bypassed and that only the
AskUserQuestion-driven selection is used when the change name is missing.

In @.opencode/skills/modules/SKILL.md:
- Line 133: Fix the typo in the SKILL.md table row containing the `core.<name>`
entry: change "Opionioated configurations & features" to "Opinionated
configurations & features" so the column reads correctly; update the string in
the markdown table row where `core.<name>` is defined.

In @.opencode/skills/openspec-bulk-archive-change/SKILL.md:
- Around line 55-58: Add a top-level heading to the SKILL.md (e.g., "# OpenSpec
Bulk Archive Change") and standardize all fenced code blocks by adding a
language identifier (e.g., ```text or ```diff as appropriate) and ensuring there
is a blank line before and after each fenced block; update the example blocks
shown (and the other ranges referenced) so each fenced block has the language
tag and is separated by a blank line from surrounding content to satisfy
MD040/MD031/MD041.
- Around line 128-133: Update Step 8b ("Perform the archive") to add an explicit
pre-check before the mv example (the line showing mv openspec/changes/<name>
openspec/changes/archive/YYYY-MM-DD-<name>): if the destination archive
directory already exists, mark that change as failed (emit an error and skip
this change) and continue processing the batch; otherwise perform the mv. Apply
the same change to the other occurrence referenced (the block around lines
246–247) so both examples show the existence check and failure/continue
behavior.

In @.opencode/skills/openspec-ff-change/SKILL.md:
- Line 12: Add a top-level heading immediately after the YAML frontmatter in
SKILL.md (e.g., "# Fast-forward through artifact creation") and update all
fenced code blocks to include an explicit language tag and blank lines before
and after the fenced block (e.g., use ```bash or ```json and ensure a blank line
above and below each block); apply the same fixes to the other occurrences
referenced in the file (the later fenced blocks that triggered MD031/MD040) so
MD041/MD031/MD040 warnings are resolved.
- Around line 27-32: Update the docs to add an explicit pre-check before running
the "openspec new change \"<name>\"" command: describe checking for an existing
directory at openspec/changes/<name>, and instruct the user to be prompted (or
manually choose) whether to continue the existing change or enter a new name if
it already exists; also adjust the related text that talks about continuing
existing changes (the section referencing continuing on name collision) to point
to this pre-check flow so behavior is deterministic and avoids command failure.

In @.opencode/skills/openspec-new-change/SKILL.md:
- Around line 44-56: Update the example CLI calls so they emit machine-readable
output: add the --json flag to the openspec status invocation and to the
openspec instructions invocation (the examples showing "openspec status --change
\"<name>\"" and "openspec instructions <first-artifact-id> --change
\"<name>\""); ensure both example commands include --json so the status and
instructions commands produce structured JSON for automation.

In @.opencode/skills/openspec-sync-specs/SKILL.md:
- Around line 16-27: Tighten the no-name flow in SKILL.md by removing the "infer
from conversation context" allowance and mandating explicit user selection: when
no change name is provided always run openspec list --json, filter results to
active (non-archived) changes that include a specs/ directory, present those
options (with schema information) via the AskUserQuestion tool, and never
auto-select or guess a change; update the "If no change name provided, prompt
for selection" step and any related wording to reflect this strict behavior.

In @.opencode/skills/openspec-verify-change/SKILL.md:
- Around line 113-123: The fenced example in SKILL.md for "## Verification
Report: <change-name>" uses a plain code fence which triggers markdownlint
MD040; update the opening triple-backtick to include a markdown language
identifier (e.g., change the opening fence to ```md or ```markdown) so the block
is treated as Markdown and the linter warning is resolved for the verification
report example block.
- Around line 18-26: Update the prompt construction that runs "openspec list
--json" and builds AskUserQuestion options so it filters out archived changes
(only include active/non-archived entries) before checking for existence of
tasks artifacts, including schema info, and marking incomplete tasks "(In
Progress)"; keep the AskUserQuestion tool usage (do not auto-select) and ensure
the filtering occurs prior to building option labels so archived changes never
appear.

In @.vscode/settings.json:
- Around line 1-3: The committed workspace setting "git.enabled": false disables
VS Code Git for all contributors; remove that entry from the checked-in
.vscode/settings.json and either move it to your personal/user VS Code settings
or a local-only settings file, or if this is intentionally repo-wide, replace it
with a short explanatory note (e.g., in CONTRIBUTING) clarifying why
"git.enabled" is disabled so others understand the rationale; locate the
"git.enabled" key in .vscode/settings.json to make the change.

In `@docs/src/modules/nixos/core/display-manager.md`:
- Line 1: Rename the documentation file display-manager.md to display_manager.md
and update all references to it (notably in docs/src/SUMMARY.md and any
imports/links) to the new underscore-separated name; search for occurrences of
both display-manager.md and display_manager.md (e.g., links, cross-references,
or include directives) and adjust them to use display_manager.md so all
references remain consistent.

In `@docs/src/modules/nixos/core/remote.md`:
- Line 66: Change the sentence that reads "When both
`core.remote.streaming.enable` and `programs.hyprland.enable` are `true`, module
additionally:" to include the missing article so it reads "When both
`core.remote.streaming.enable` and `programs.hyprland.enable` are `true`, the
module additionally:"; update the text containing the exact phrase
"`core.remote.streaming.enable` and `programs.hyprland.enable` are `true`,
module additionally:" to add "the" before "module".

In `@docs/src/modules/overview.md`:
- Around line 10-12: The overview references
docs/src/modules/nixos/core/default.md which is missing and SUMMARY.md is not
updated; create the new documentation file
docs/src/modules/nixos/core/default.md (and ensure
docs/src/modules/nixos/core/display-manager.md and remote.md exist or are moved
into that directory) and then update docs/src/SUMMARY.md to add entries for
"nixos/core/default.md", "nixos/core/display-manager.md", and
"nixos/core/remote.md" under the appropriate section so the book navigation
includes the three core pages referenced in overview.md.

In `@hosts/server/nixarr/arr/downloader.nix`:
- Around line 55-61: The Transmission settings are split between
services.transmission.settings (snake_case: upload_limit, upload_limit_enabled,
ratio_limit, ratio_limit_enabled) and nixarr.transmission.extraSettings
(kebab-case: speed-limit-up already set to 8192), causing inconsistency and
potential conflicts; consolidate by moving all Transmission config into
nixarr.transmission.extraSettings using kebab-case keys (e.g., speed-limit-up,
speed-limit-up-enabled, ratio-limit, ratio-limit-enabled), remove the
services.transmission.settings block, and resolve the duplicate
upload/speed-limit values by choosing the intended value (align to the existing
8192 in extraSettings or update it to 4096) so there are no conflicting entries.

In `@lib/builders/mkSystem.nix`:
- Line 44: The import of "${self}/modules/nixos/shared" will fail because there
is no modules/nixos/shared/default.nix; either add a default.nix in
modules/nixos/shared that exports the shared module (for example re-exporting or
importing the real implementation from modules/nixos/core/) or change the
importer in mkSystem.nix to point to the actual file (e.g.
"${self}/modules/nixos/core/<actual-file>.nix"); update the export to ensure it
provides the expected attribute set/module so mkSystem.nix's usage of the shared
module continues to work.

In `@modules/home-manager/audio.nix`:
- Around line 9-29: The module inconsistently uses builtins.attrValues at the
call site; update the top-level inherit block to also inherit attrValues from
lib (add "attrValues" to the inherit (lib) ... list) and then replace any
builtins.attrValues usages with attrValues (or alternatively check
cfg.updateDevices != { } as suggested) so that the code consistently references
attrValues via the inherited symbol rather than builtins.attrValues; locate
occurrences around cfg.updateDevices and the builtins.attrValues call and make
the change accordingly.

In `@modules/nixos/core/activation.nix`:
- Around line 18-28: Change the option path to
system.activationScripts.report-changes and wrap the script in mkIf (cfg.enable
&& !config.host.device.isHeadless); fix the array length check to use
${`#LINKS`[@]} instead of echo|wc, and use the defined CURRENT variable in the nvd
call (i.e. call ${getExe pkgs.nvd} diff $CURRENT $NEW instead of $PREVIOUS);
ensure the script still builds LINKS as a bash array (LINKS=($(ls -dv
/nix/var/nix/profiles/system-*-link))) so negative indices and ${`#LINKS`[@]} work
correctly.

In `@modules/nixos/core/boot/secureboot.nix`:
- Around line 9-13: The imports expression is using lib.optional which produces
a nested list; replace it with lib.optionals and ensure it is available via the
inherit list. Update the top-level inherit (lib) to include optionals (in
addition to mkIf mkForce mkEnableOption) and change the imports line from using
optional to optionals, e.g. use lib.optionals importExternals [
inputs.lanzaboote.nixosModules.lanzaboote ] so imports gets either the
single-element list or an empty list as intended.

In `@modules/nixos/core/containers.nix`:
- Line 53: The firewall currently unconditionally exposes Docker's
unauthenticated TCP API by setting networking.firewall.allowedTCPPorts = [2375];
change this to be opt-in: add a boolean option (e.g.
core.containers.exposeRemoteApi default false) and only append 2375 to
networking.firewall.allowedTCPPorts when that option is true (or prefer adding
2376 for TLS), or alternatively scope the port to a trusted-zone interface
instead of the global allowedTCPPorts; update references to
virtualisation.docker.daemon.settings to ensure the TCP listener cannot be
enabled unless the new opt-in is true.

In `@modules/nixos/core/default.nix`:
- Around line 20-44: Remove the duplicate './networking' entry in the imports
list: locate the imports array containing the directory group (first
'./networking') and the later file-group entry (second './networking') and
delete the second occurrence so './networking' appears only once, preserving the
directories-first, files-after alphabetical grouping in the imports list.
- Line 79: The file declares core.defaultGroups but does not import its
definition; add ./groups.nix to the top-level imports list so the option exists
during evaluation. Edit the imports array in this module and include
"./groups.nix" (the file that defines core.defaultGroups) so the assignments to
core.defaultGroups succeed.

In `@modules/nixos/core/display-manager.nix`:
- Around line 19-20: The current implementation builds waylandSessionPaths and
xSessionPaths from config.services.displayManager.sessionPackages and passes
them to tuigreet even when empty, resulting in "--sessions '' --xsessions ''";
change the invocation logic to only add the "--sessions
'${waylandSessionPaths}'" and "--xsessions '${xSessionPaths}' flags when
sessions != [] (or when the resulting strings are non-empty), e.g. use
lib.optionalString (sessions != []) to conditionally append those arguments, or
alternatively add an assertion that
config.services.displayManager.sessionPackages is non-empty when cfg.enable is
true so the flags are never empty.

In `@modules/nixos/core/gaming.nix`:
- Around line 182-200: The inner infinite loop and use of tail --pid inside the
outer while true makes the script never exit and defeats systemd's
Restart=always; remove the outermost while true and let systemd handle restarts
(keep a single run per process lifecycle), and before treating STEAM_PID from
STEAM_PID_FILE as live, validate /proc/$STEAM_PID/comm contains "steam" (or
equivalent expected process name) to avoid PID reuse races; keep the existing
calls to systemctl start/stop decky-loader.service and the tail --pid logic but
ensure the script returns after the Steam process exits so Restart=always +
RestartSec can recover cleanly.
- Around line 53-55: Replace the use of "with pkgs;" in the
environment.systemPackages block by referencing packages explicitly (e.g.
replace the implicit android-tools reference with pkgs.android-tools) so the
module does not pollute scope; update the same pattern at the other spots called
out (the other package lists that use "with pkgs;" or implicit names), ensuring
every package entry is prefixed with pkgs. and remove the "with pkgs;"
statements (refer to environment.systemPackages and android-tools to locate the
first occurrence and mirror that change for the other occurrences).
- Around line 134-141: The ALVR port/protocol mapping is wrong and currently
uses alvrPorts for both allowedUDPPorts and allowedTCPPorts; update the
implementation to separate TCP vs UDP lists: keep config.programs.alvr.enable
gating, create alvrTcpPorts = [ 8082 9943 9944 ] but restrict 8082 to TCP-only,
and create alvrUdpPorts = [ 9943 9944 ] (and add the OSC UDP port as a separate
configurable value, e.g., alvrOscUdpPort defaulting to 41492, included only in
alvrUdpPorts), then set allowedTCPPorts and allowedUDPPorts to those respective
lists instead of the single alvrPorts variable so Dashboard (8082) is TCP-only,
streaming ports 9943/9944 include both where appropriate, and OSC uses the
proper UDP port.
- Line 120: The application field is currently set to the package derivation
pkgs.wayvr which serialises to the package store directory instead of the
executable; update the value to use lib.getExe pkgs.wayvr so
services.wivrn.config.json.application contains the actual binary path
(/nix/store/.../bin/wayvr). Locate the assignment to application (currently
"application = [ pkgs.wayvr ];") and replace the derivation with lib.getExe
pkgs.wayvr (ensuring the JSON serialization now contains the executable path and
not the package folder).
- Line 65: The env value set in pkgs.steam.override extraEnv uses the literal
string "$XDG_RUNTIME_DIR/wivrn/comp_ipc" which will not be shell-expanded by the
Steam wrapper; update the PRESSURE_VESSEL_FILESYSTEMS_RW assignment (in the
extraEnv block) to provide a path that will be interpreted correctly at
runtime—either hardcode the runtime path using /run/user/$UID/wivrn/comp_ipc (so
pressure-vessel can expand $UID) or compute and inject the resolved path into
extraEnv via Nix (so the wrapper receives the actual absolute path); ensure you
update the extraEnv entry and test the resulting wrapper script to confirm
expansion.

In `@modules/nixos/core/generators.nix`:
- Around line 59-133: The formatConfigs.proxmox-lxc block and its
system.activationScripts.query-ssh-private-key are currently unconditional and
reference the wrong cfg paths and an undefined SSH_DIR; wrap the whole config
block with a conditional using mkIf (or mkEnableOption) so it only installs when
core.generators.enable and core.generators.proxmoxLXC.enable are true (use mkIf
cfg.proxmoxLXC.enable), change all cfg.sedPath / cfg.sshKeygenPath /
cfg.clearPath references to cfg.proxmoxLXC.sedPath,
cfg.proxmoxLXC.sshKeygenPath, cfg.proxmoxLXC.clearPath (also correct the
promxoxLXC typo to proxmoxLXC), and replace the undefined $SSH_DIR by using the
defined persistDirectory (e.g., "${persistDirectory}ssh_host_ed25519_key.pub")
or by referencing /etc/ssh/ssh_host_ed25519_key.pub; finally add a TTY guard
around the read loop (e.g., test -t 0 || skip/exit with a clear message) so
activation does not block when no controlling terminal is present.
- Around line 30-56: Rename the top-level attribute promxoxLXC to proxmoxLXC
(the option block containing enable, sedPath, sshKeygenPath, clearPath) so the
public API spelling is correct, and update every read/use site that references
promxoxLXC to proxmoxLXC across the repo (including the places that access these
options via config...promxoxLXC). Ensure the option block name is changed where
defined and all callers/reads are updated to the new symbol so no consumer
continues to depend on the misspelled promxoxLXC.
- Around line 39-54: The defaultText strings for the sed and clear options are
incorrect and reference nonexistent attributes (e.g., "pkgs.busybox.sed");
update the defaultText values to match the actual defaults produced by getExe'
(use 'getExe' pkgs.busybox "sed"' for the sed option and 'getExe' pkgs.busybox
"clear"' for the clear option) so documentation rendered by nix-doc matches the
real defaults; locate the options named where getExe' is used (the sed option
block and clearPath block) and change only the defaultText literals to the
corrected forms without altering the default expressions or other fields (also
verify sshKeygenPath defaultText already matches its default).

In `@modules/nixos/core/hardware/default.nix`:
- Around line 18-20: The module currently forces
hardware.enableRedistributableFirmware = true which prevents sensible per-host
overrides; change it to use lib.mkDefault so hosts can override it. Update the
module function signature to include lib in its arguments, then replace the hard
assignment of hardware.enableRedistributableFirmware with lib.mkDefault true
(using the symbol hardware.enableRedistributableFirmware) so downstream
configurations can set it as needed.

In `@modules/nixos/core/host/persistence.nix`:
- Line 219: The imports list currently uses lib.optional which wraps its
argument in a singleton list and so produces a nested list for imports; replace
lib.optional with lib.optionals and pass the list [
inputs.impermanence.nixosModules.impermanence ] so the expression becomes
lib.optionals (condition) [ inputs.impermanence.nixosModules.impermanence ]
(i.e. use optionals instead of optional for the imports field used with
importExternals) to ensure a flat imports list that will actually include the
impermanence module.

In `@modules/nixos/core/locale.nix`:
- Around line 21-24: The time configuration sets hardwareClockInLocalTime = true
which forces the RTC to local time (only appropriate for Windows dual-boot);
change hardwareClockInLocalTime to false (or remove it) unless these hosts
dual-boot Windows, and wrap timeZone and hardwareClockInLocalTime with
lib.mkDefault so per-host overrides are possible; locate the time attribute
block (time, timeZone, hardwareClockInLocalTime) and replace the forced true
with false/omit and apply lib.mkDefault to both timeZone and
hardwareClockInLocalTime.

In `@modules/nixos/core/networking/tailscale.nix`:
- Around line 65-92: tailscale-check currently duplicates the login-state logic
already enforced by tailscaled-autoconnect's ExecCondition; replace the complex
ExecStart script in the tailscale-check service with a simple unconditional
start of tailscaled-autoconnect.service (i.e., change tailscale-check's
ExecStart to run "systemctl start tailscaled-autoconnect.service") and remove
unnecessary runtimeInputs (pkgs.tailscale and pkgs.jq) so the timer just
triggers and the ExecCondition on tailscaled-autoconnect remains the single
source of truth.
- Around line 16-22: The sops.secrets.TAILSCALE_AUTH_KEY block lacks explicit
owner/group/mode; update the sops.secrets.TAILSCALE_AUTH_KEY declaration to
include owner = "root", group = "root" and a restrictive mode like "0400" (or
numeric 0o400 if your nix style uses that) alongside the existing sopsFile and
restartUnits so the secret is documented and protected against future default
changes.
- Around line 30-33: The flags in the extraUpFlags array are inconsistent (one
uses =value, the other is a bare flag); update the extraUpFlags definition to
use a consistent style — for example replace "--accept-dns=true" with the bare
flag "--accept-dns" so both entries in extraUpFlags use the same form
("--accept-dns" and "--accept-routes"), ensuring readability and consistency.

In `@modules/nixos/core/nix.nix`:
- Line 33: The current assignment sets system.stateVersion using
builtins.readFile which preserves trailing newlines and can yield invalid
release strings; update the expression that assigns system.stateVersion to strip
trailing whitespace by replacing builtins.readFile with lib.fileContents (or
wrap builtins.readFile with lib.strings.trim) so system.stateVersion contains a
clean release string; locate the assignment to system.stateVersion in the nix
module and change the call accordingly (referencing system.stateVersion,
builtins.readFile, lib.fileContents, or lib.strings.trim).

In `@modules/nixos/core/openssh.nix`:
- Line 28: Fix the typo in the option description string passed to
mkEnableOption for the OpenSSH module: change "OpenSSH server and client
opionated configuration" to "OpenSSH server and client opinionated
configuration" where the enable attribute uses mkEnableOption (symbol: enable,
function: mkEnableOption).

In `@modules/nixos/core/printing.nix`:
- Around line 17-26: Move the computed default for printing into the option
declaration: instead of setting core.printing.enable via mkDefault in the
mkMerge config block, add a default (or a computed default expression) and a
defaultText on options.core.printing so the option itself documents and owns the
default value; use the same expression referencing config.host.device.role and
config.host.device.isVirtual for the default logic and set defaultText to
explain the computed behavior, then remove the separate mkMerge entry that
merely applied mkDefault to core.printing.enable.

In `@modules/nixos/core/remote.nix`:
- Around line 67-113: Remove the large commented-out systemd.user configuration
block (the commented sockets.sunshine-proxy, services.sunshine-proxy and
services.sunshine definitions and related ExecStart/ListenStream lines) so the
module no longer contains dead/commented-out code; locate the commented block
inside the systemd.user stanza around the sockets.sunshine-proxy and services
entries and delete those commented lines, leaving only active configuration; if
the content needs to be retained for future reference, create a tracked issue or
design doc and remove the inline comments from the file.
- Around line 145-185: The current do/undo use "sh -c '${getExe ...}'" which is
fragile if store paths contain a single quote; remove the unnecessary sh -c
wrapper and assign the executable directly using getExe for both do and undo
(e.g. set do = getExe doScript and undo = getExe undoScript or interpolate as
"${getExe doScript}" / "${getExe undoScript}") so the scripts (doScript,
undoScript) are invoked directly without single-quoted shell wrapping.
- Around line 124-201: The review points out an off-by-one monitor name: the
exec-once in home-manager.sharedModules creates a headless output (Hyprland
names it HEADLESS-1) but the sunshine prep/undo commands and scripts reference
"HEADLESS-2" (seen in services.sunshine.settings.output_name and the prep-cmd
entries and the doScript/undoScript blocks). Fix by replacing all hardcoded
"HEADLESS-2" occurrences with "HEADLESS-1" (or better: extract a new variable
like headlessName and use it in services.sunshine.settings.output_name, in the
prep-cmd do/undo strings, and in the doScript/undoScript logic and the
wayland.windowManager.hyprland.settings.monitor entry) so the created output
name matches the names used across prep/undo and restore scripts.
- Around line 153-179: The scripts written in the hyprland disable/restore
writeShellApplication blocks assume XDG_STATE_HOME is set and fail under set
-euo pipefail; update both text blocks (the disable script for
"hyprland-disabled-monitors-pre-sunshine" and the undoScript
"hyprland-restore-disabled-monitors-post-sunshine") to use a safe fallback such
as ${XDG_STATE_HOME:-/var/lib/sunshine}, ensure the directory exists with mkdir
-p "$XDG_STATE_HOME" (or the chosen fallback) before reading/writing the JSON
file, and keep the rest of the logic the same; also update the documentation in
remote.md to note the new default fallback path.

In `@modules/nixos/core/security.nix`:
- Around line 47-55: Remove the dead commented loginLimits variants and keep the
active rule only (the block using domain = "*", item = "nofile", value =
toString cfg.userLimit) so the file is minimal and self-explanatory; if the
removed variants are aspirational, add a single TODO at the top of the file or
document the intent elsewhere rather than leaving commented examples (reference
the existing loginLimits-like entries and cfg.userLimit to locate the code to
edit).
- Around line 61-63: The sysctl "fs.file-max" is set to a low hardcoded value;
remove or make it scale with cfg.userLimit to avoid capping concurrent file
descriptors. Update the block that sets boot.kernel.sysctl["fs.file-max"] so it
either omits that key entirely (letting the kernel default apply) or computes a
larger value derived from cfg.userLimit (for example multiplying cfg.userLimit
by a safety factor) and assign that computed value instead of 65536; change
references in the Nix expression where boot.kernel.sysctl and cfg.userLimit are
used (and ensure any default for userLimit remains intact).

In `@modules/nixos/core/sops.nix`:
- Around line 49-53: The SSH_PRIVATE_KEY sops secret lacks explicit
ownership/mode and restart hooks; update the secrets declaration for
SSH_PRIVATE_KEY in modules/nixos/core/sops.nix to include owner = "root", group
= "root", mode = "0400" (restrictive file permissions) and add restartUnits = [
"sshd.service" ] so sshd is restarted on key rotation; keep the existing path =
"/etc/ssh/ssh_host_ed25519_key" and ensure the same symbol name SSH_PRIVATE_KEY
is modified.
- Around line 21-23: Remove the concatenation that appends decrypted runtime
host key paths to age.sshKeyPaths: stop adding map getKeyPath keys to
age.sshKeyPaths so the runtime output path (/etc/ssh/ssh_host_ed25519_key) isn't
treated as an input. Update the code that builds age.sshKeyPaths to include only
the persistence root (and any explicit persistence directories) and not the
values derived from keys/getKeyPath/isEd25519/config.services.openssh.hostKeys
to avoid the bootstrap circular dependency.

In `@modules/nixos/core/virtualisation.nix`:
- Around line 444-463: The machines list currently hardcodes guest names
["win11" "win11-gaming"]; make this a configurable option (e.g.
core.virtualisation.isolatedGuests) and use that option when building the
machines variable instead of the literal list so hosts can override it. Update
the module options to declare isolatedGuests (type listOf strings, sensible
default ["win11","win11-gaming"]), then replace the literal list in the machines
fold/map with that option; keep the existing use of getExe and hook names
(win-isolation-start, win-isolation-release, detach-gpu, attach-gpu) unchanged
so only the guest set becomes configurable.
- Around line 117-124: The cgroup_device_acl list in virtualisation.nix has
inconsistent commas and spacing (e.g. '"/dev/rtc","/dev/hpet"') and is missing a
trailing comma after '"/dev/kvmfr0"'; update the cgroup_device_acl array to use
consistent comma+space separators between entries and add a trailing comma after
the last element so the list style matches the surrounding file and remains
consistent (look for the cgroup_device_acl symbol in the diff to locate where to
change).
- Around line 549-555: Duplicate package entry: remove the extra "virtio-win"
from the systemPackages array so each package appears only once; locate the
systemPackages = with pkgs; [...] block and delete the repeated "virtio-win"
entry while preserving the other entries (virt-manager, virtiofsd, win-spice).
- Around line 465-532: The firmware JSON files are being emitted via shell
heredocs inside qemuFirmware; replace that with Nix-native construction by
building Nix attrsets for each descriptor and serialising them with
builtins.toJSON (e.g., add a small mkFirmware helper that uses pkgs.writeText or
pkgs.writeTextDir to write builtins.toJSON attrs into "30-...json" and
"40-...json"), then produce qemuFirmware as a pkgs.symlinkJoin (or similar) over
those generated files instead of using runCommand and cat heredocs; update the
mapping/targets/features/tags keys to be proper Nix attrsets and lists so
builtins.toJSON can validate them.
- Around line 90-95: The block currently hardcodes IOMMUType = "amd" and
specific VFIO device IDs in devices, reducing reuse; add new module options
core.virtualisation.iommuType (defaulting to existing value) and
core.virtualisation.vfioDevices (a list) and replace the literal IOMMUType and
devices usage with those options so gpu.video and gpu.audio remain as-is but
VFIO and IOMMU are configurable; update any references to IOMMUType and devices
in this module to use the new options and validate types in the options
declaration.
- Line 99: The module hardcodes the username "racci" in
virtualisation.sharedMemoryFiles.looking-glass.user and the kvmfr udev OWNER
value; make this a configurable option instead: add a new option (e.g.,
core.virtualisation.user) with a sensible default (or derive it from existing
user options), replace the literal "racci" in
virtualisation.sharedMemoryFiles.looking-glass.user and the OWNER assignment in
the kvmfr udev rule to reference that option (e.g.,
config.core.virtualisation.user), and update any documentation/comments to
mention the new option so other hosts can override it.
- Around line 75-80: The current assignment boot.extraModulePackages = [
config.boot.kernelPackages.kvmfr ]; uses a plain list which can be overwritten
or lose ordering when other modules also add packages; change it to use NixOS
ordering helpers like lib.mkBefore or lib.concatLists so contributions merge
safely, e.g. set boot.extraModulePackages = config.lib.mkBefore [
config.boot.kernelPackages.kvmfr ] (or use config.lib.concatLists to
append/prepend) to ensure proper merge/ordering when other modules modify
boot.extraModulePackages.
- Around line 27-30: The imports list uses a file-extension suffix in the module
attribute—change the attribute reference crtified.modules.virtualisation.nix to
the attribute name without the extension (crtified.modules.virtualisation)
inside the imports array so Nix imports the module attribute set correctly;
update the imports entry that currently references
crtified.modules.virtualisation.nix to crtified.modules.virtualisation.

In `@modules/nixos/core/wsl.nix`:
- Line 35: The use of "with pkgs;" around environment.systemPackages hides
dependencies—replace the implicit scope with explicit references by removing
"with pkgs;" and listing packages as pkgs.wslu (and similarly update the other
occurrences around the block that affect lines 60-67) so
environment.systemPackages = [ pkgs.wslu ] (and update any other package names
in that section to pkgs.<name>); adjust any nearby package entries that relied
on the with-scope to use explicit pkgs.<name> references.
- Around line 45-58: The NVIDIA-specific paths and flags in
environment.sessionVariables (EXTRA_LDFLAGS, EXTRA_CCFLAGS, LD_LIBRARY_PATH,
NIX_LD_LIBRARY_PATH_x86_64_linux) are being added unconditionally; change the
implementation to conditionally append those entries only when GPU support is
enabled by checking config.hardware.graphics.hasNvidia (or a new
core.wsl.gpu.nvidia boolean if you prefer explicit opt-in). Locate the block
setting CUDA_PATH, EXTRA_LDFLAGS, EXTRA_CCFLAGS and the LD_LIBRARY_PATH lists
and wrap/merge the nvidia_x11_latest and /usr/lib/wsl/lib entries into those
variables only when the guard is true so non-NVIDIA hosts do not pull
pkgs.linuxPackages.nvidia_x11_latest into the closure.

In `@modules/nixos/desktop/default.nix`:
- Around line 8-13: The module sets core.display-manager.enable and
core.remote.enable to true at normal priority which prevents hosts from
overriding them; change these assignments to use mkDefault (e.g.,
core.display-manager.enable = mkDefault true and core.remote.enable = mkDefault
true) so they remain defaultable by downstream hosts; if mkDefault isn't in
scope, import it from lib (or destructure via let inherit (lib) mkDefault; in)
and ensure lib is present in the module args.

In `@modules/nixos/hm-helper/default.nix`:
- Around line 17-19: hmUsers currently tests membership by computing attrNames
config.home-manager.users for every user; instead change the filter predicate to
directly test presence using the attribute-existence operator on
config.home-manager.users. Update the hmUsers binding so it filters attrNames
config.users.users with the predicate (user: config.home-manager.users ? user)
(referencing hmUsers, config.home-manager.users and attrNames
config.users.users) to avoid recomputing attrNames and simplify the check.

In `@modules/nixos/services/ai-agent.nix`:
- Line 15: The imports line uses string interpolation for the flake input;
change the use of "${inputs.services-zeroclaw}" to the raw flake input
inputs.services-zeroclaw in the imports expression (keep the surrounding
lib.optional and importExternals call intact) so the module imports the
non-flake input directly instead of coercing it to a string; update the
expression that references inputs.services-zeroclaw accordingly.

---

Outside diff comments:
In @.opencode/command/opsx-continue.md:
- Around line 5-112: The markdown violates MD041 (missing top-level heading) and
MD031 (fenced code block spacing); fix by adding a single H1 at the very top
(e.g., "# Continue working on a change") and ensure every fenced code block in
this file has a blank line before the opening ``` and a blank line after the
closing ```, including the three example bash blocks under "Steps" and "After
creating an artifact"; update the sections that include fenced blocks (the
"Steps" code examples and any other ``` blocks) to follow this spacing
consistently so markdownlint no longer flags MD031/MD041.

In @.opencode/command/opsx-ff.md:
- Around line 5-95: Add a top-level H1 near the top of
.opencode/command/opsx-ff.md and normalize blank lines around fenced code blocks
(fix MD041 and MD031): insert an H1 (e.g., "# Fast-forward artifact creation")
before the existing first paragraph, then ensure every fenced block used in list
items (notably the bash block under "3. **Create the change directory**" and
similar fenced examples) is preceded and followed by a blank line so the fenced
code is isolated; update the fenced block spacing consistently throughout the
file to satisfy markdownlint.

In @.opencode/command/opsx-new.md:
- Around line 5-67: The markdown is missing a top-level heading and has fenced
code blocks without surrounding blank lines, triggering MD041 and MD031; add a
single H1 title at the top (e.g., "OpsX: Start a New Change") and update the
numbered steps so every fenced code block (the bash examples for openspec
commands in steps 3 and 4 and the commands in step 5) is separated from the list
text by a blank line before the opening ``` and a blank line after the closing
```, ensuring proper spacing inside the list; keep all existing content and
guardrails unchanged.

In @.opencode/command/opsx-onboard.md:
- Around line 5-548: The doc fails markdownlint rules (MD041, MD040, MD031): add
a top-level H1 (e.g., "# OpenSpec Onboard"), label all fenced code blocks with a
language hint (bash, powershell, etc.) and ensure a blank line before and after
each fenced block, and normalize spacing around headings and lists (single blank
line between sections and before/after fences) throughout the file; fix
unlabeled HTML/inline fences and any backtick mismatches, then run markdownlint
to verify no remaining MD041/MD040/MD031 violations.

In @.opencode/skills/openspec-continue-change/SKILL.md:
- Around line 12-119: The document fails markdownlint rules MD041 (missing
top-level heading) and MD031 (no blank lines around fenced code blocks); add a
top-level H1 heading (e.g., "# Continue working on a change") at the start of
SKILL.md, and ensure every fenced code block in the Steps and later sections has
a blank line before the opening ``` and a blank line after the closing ``` (fix
the bash snippets like the examples for "openspec status --change" and "openspec
instructions" and any other triple-backtick blocks). Do not change the text
inside the code blocks—only insert the required blank lines and the single
top-level heading.

In @.opencode/skills/openspec-onboard/SKILL.md:
- Around line 12-555: The review points out duplicated onboarding content
between .opencode/skills/openspec-onboard/SKILL.md and
.opencode/command/opsx-onboard.md; consolidate to a single source-of-truth to
avoid drift by extracting the common text into one canonical file (e.g., a new
shared docs file or keep only .opencode/command/opsx-onboard.md) and update the
other to reference/include it (remove duplicated blocks in SKILL.md or replace
them with a short pointer/summary and an include directive), ensuring you modify
occurrences of the onboarding headings/sections in SKILL.md and any references
to opsx-onboard content so they point to the canonical symbol/file you chose.
- Around line 12-555: The markdown fails lint rules MD041/MD040/MD031: add a
top-level heading at the very start (e.g., "# OpenSpec Onboard Skill"), tag
every fenced code block with an appropriate language (e.g., ```bash,
```powershell, ```text) and ensure each fenced block is preceded and followed by
a blank line; update the SKILL.md content where the welcome text, CLI checks,
code snippets, and command reference blocks are defined (search for the untagged
fenced blocks and the file start) and apply these three fixes consistently
across all fenced blocks and the file header.

In `@hosts/desktop/nixmi/default.nix`:
- Around line 128-158: The ALVR-specific ports remain in the networking.firewall
lists even though programs.alvr was removed; update the allowedUDPPorts and
allowedTCPPorts arrays (symbols: allowedUDPPorts, allowedTCPPorts) to remove the
ALVR entries and their comments (UDP 9942, 9944, 8082 and TCP 9942, 9944, 8082)
or alternatively restore the programs.alvr block if ALVR is intended to be
enabled; ensure networking.firewall.enable remains true and only necessary ports
are listed after the change.

In `@modules/home-manager/programs/list-ephemeral.nix`:
- Line 7: Replace the module-level "with lib;" usage by removing that line and
explicitly inheriting only the lib symbols you actually use; locate references
to functions/values accessed via lib (e.g., functions like mkDerivation,
lib.attrName, or other lib.* usages) and add an explicit "inherit (lib) <name1>
<name2> ..." where the module's arguments/attribute set is defined or directly
bind the specific values from lib into the scope instead of using with; ensure
you remove any reliance on implicit scope from "with lib;" so all lib
dependencies are explicit.

In `@modules/nixos/core/groups.nix`:
- Around line 16-35: The module sets cfg = config.core.groups but declares the
option at options.core.defaultGroups, so cfg.defaultGroups is never found and
the mkIf guard around users.users never runs; change the cfg assignment to use
config.core (i.e., set cfg = config.core) so that cfg.defaultGroups points to
options.core.defaultGroups and the users.users mapping (using nameValuePair and
extraGroups) inside the mkIf activates correctly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 4f1aa7a9-a2ff-4cff-87b7-f793e9ab163d

📥 Commits

Reviewing files that changed from the base of the PR and between cce1577 and 4a09fcb.

⛔ Files ignored due to path filters (1)

• openspec/config.yaml is excluded by !openspec/**

📒 Files selected for processing (132)

• .opencode/command/opsx-bulk-archive.md
• .opencode/command/opsx-continue.md
• .opencode/command/opsx-ff.md
• .opencode/command/opsx-new.md
• .opencode/command/opsx-onboard.md
• .opencode/command/opsx-sync.md
• .opencode/command/opsx-verify.md
• .opencode/skills/modules/SKILL.md
• .opencode/skills/openspec-apply-change/SKILL.md
• .opencode/skills/openspec-archive-change/SKILL.md
• .opencode/skills/openspec-bulk-archive-change/SKILL.md
• .opencode/skills/openspec-continue-change/SKILL.md
• .opencode/skills/openspec-explore/SKILL.md
• .opencode/skills/openspec-ff-change/SKILL.md
• .opencode/skills/openspec-new-change/SKILL.md
• .opencode/skills/openspec-onboard/SKILL.md
• .opencode/skills/openspec-propose/SKILL.md
• .opencode/skills/openspec-sync-specs/SKILL.md
• .opencode/skills/openspec-verify-change/SKILL.md
• .vscode/settings.json
• docs/search.nix
• docs/src/hosts/overview.md
• docs/src/modules/nixos/core/display-manager.md
• docs/src/modules/nixos/core/remote.md
• docs/src/modules/overview.md
• flake/dev/devenv.nix
• home/racci/features/desktop/common/default.nix
• home/racci/features/desktop/common/mobile.nix
• home/racci/features/desktop/common/secrets.nix
• home/racci/features/desktop/common/sync.nix
• home/racci/features/desktop/hyprland/default.nix
• home/racci/features/desktop/hyprland/lock-suspend.nix
• home/racci/features/desktop/hyprland/menus/clipboard.nix
• home/racci/features/desktop/hyprland/menus/hyprpanel.nix
• home/racci/nixmi.nix
• home/shared/desktop/common/audio.nix
• hosts/desktop/nixmi/default.nix
• hosts/laptop/shared/default.nix
• hosts/server/nixarr/arr/downloader.nix
• hosts/server/nixio/default.nix
• hosts/shared/global/default.nix
• hosts/shared/global/generators.nix
• hosts/shared/global/locale.nix
• hosts/shared/global/networking.nix
• hosts/shared/global/openssh.nix
• hosts/shared/global/security.nix
• hosts/shared/global/sops.nix
• hosts/shared/global/stylix.nix
• hosts/shared/global/time.nix
• hosts/shared/global/zram.nix
• hosts/shared/optional/containers.nix
• hosts/shared/optional/gaming.nix
• hosts/shared/optional/tailscale.nix
• hosts/shared/optional/virtualisation.nix
• hosts/shared/optional/wsl.nix
• lib/builders/mkSystem.nix
• modules/home-manager/audio.nix
• modules/home-manager/core/default.nix
• modules/home-manager/core/hyprland/bind.nix
• modules/home-manager/core/hyprland/default.nix
• modules/home-manager/core/hyprland/permission.nix
• modules/home-manager/core/hyprland/slideIn.nix
• modules/home-manager/core/hyprland/types.nix
• modules/home-manager/core/hyprland/windowRule.nix
• modules/home-manager/core/theme.nix
• modules/home-manager/core/uwsm.nix
• modules/home-manager/custom/uwsm.nix
• modules/home-manager/default.nix
• modules/home-manager/programs/list-ephemeral.nix
• modules/home-manager/purpose/development/editors/ai/default.nix
• modules/nixos/core/activation.nix
• modules/nixos/core/auto-upgrade.nix
• modules/nixos/core/boot/default.nix
• modules/nixos/core/boot/quietboot.nix
• modules/nixos/core/boot/secureboot.nix
• modules/nixos/core/boot/systemd-boot.nix
• modules/nixos/core/containers.nix
• modules/nixos/core/default.nix
• modules/nixos/core/display-manager.nix
• modules/nixos/core/gaming.nix
• modules/nixos/core/generators.nix
• modules/nixos/core/groups.nix
• modules/nixos/core/hardware/backlight.nix
• modules/nixos/core/hardware/biometrics.nix
• modules/nixos/core/hardware/bluetooth.nix
• modules/nixos/core/hardware/cooling.nix
• modules/nixos/core/hardware/default.nix
• modules/nixos/core/hardware/display.nix
• modules/nixos/core/hardware/graphics.nix
• modules/nixos/core/hardware/memory.nix
• modules/nixos/core/hardware/openrgb.nix
• modules/nixos/core/hardware/storage/default.nix
• modules/nixos/core/hardware/storage/ephemeral.nix
• modules/nixos/core/hardware/storage/maintenance.nix
• modules/nixos/core/hardware/storage/partitions/btrfs.nix
• modules/nixos/core/hardware/storage/partitions/esp.nix
• modules/nixos/core/hardware/storage/partitions/luks.nix
• modules/nixos/core/hardware/storage/partitions/tmpfs.nix
• modules/nixos/core/host/default.nix
• modules/nixos/core/host/device.nix
• modules/nixos/core/host/persistence.nix
• modules/nixos/core/locale.nix
• modules/nixos/core/networking/default.nix
• modules/nixos/core/networking/tailscale.nix
• modules/nixos/core/nix.nix
• modules/nixos/core/openssh.nix
• modules/nixos/core/printing.nix
• modules/nixos/core/remote.nix
• modules/nixos/core/security.nix
• modules/nixos/core/sops.nix
• modules/nixos/core/stylix.nix
• modules/nixos/core/virtualisation.nix
• modules/nixos/core/wsl.nix
• modules/nixos/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/desktop/rgb.nix
• modules/nixos/desktop/vfio.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/encrypted-root.nix
• modules/nixos/hm-helper/1password.nix
• modules/nixos/hm-helper/default.nix
• modules/nixos/hm-helper/kde-connect.nix
• modules/nixos/hm-helper/mpv.nix
• modules/nixos/hm-helper/nautilus.nix
• modules/nixos/laptop/default.nix
• modules/nixos/proxies.nix
• modules/nixos/services/ai-agent.nix
• modules/nixos/shared/core/boot/default.nix
• modules/nixos/shared/core/default.nix
• modules/nixos/shared/core/printing.nix
• modules/nixos/shared/display-manager.nix
• modules/nixos/shared/remote.nix

💤 Files with no reviewable changes (22)

• hosts/shared/global/time.nix
• modules/nixos/proxies.nix
• hosts/shared/global/networking.nix
• modules/nixos/shared/display-manager.nix
• modules/home-manager/custom/uwsm.nix
• hosts/shared/optional/wsl.nix
• hosts/shared/global/default.nix
• hosts/shared/global/security.nix
• hosts/shared/global/zram.nix
• hosts/shared/global/locale.nix
• hosts/shared/global/stylix.nix
• hosts/shared/global/generators.nix
• modules/nixos/shared/remote.nix
• hosts/shared/optional/containers.nix
• hosts/shared/global/openssh.nix
• hosts/shared/global/sops.nix
• hosts/shared/optional/tailscale.nix
• modules/nixos/encrypted-root.nix
• hosts/shared/optional/gaming.nix
• modules/nixos/shared/core/printing.nix
• hosts/shared/optional/virtualisation.nix
• modules/nixos/shared/core/default.nix

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add an explicit target-exists pre-check before mv.

The execution steps currently rely on mv failing implicitly. Add a deterministic check so the per-change outcome is clearly classified as Failed and batch processing continues cleanly.

Proposed doc fix

    b. **Perform the archive**:
       ```bash
       mkdir -p openspec/changes/archive
-      mv openspec/changes/<name> openspec/changes/archive/YYYY-MM-DD-<name>
+      target="openspec/changes/archive/YYYY-MM-DD-<name>"
+      if [ -e "$target" ]; then
+        # mark this change as Failed: archive target already exists
+        # continue with remaining selected changes
+      else
+        mv openspec/changes/<name> "$target"
+      fi
       ```

Based on learnings: "before moving a change to archive, check if the target archive directory already exists. If yes, fail with an error and suggest renaming the existing archive or using a different date".

🧰 Tools

🪛 markdownlint-cli2 (0.22.1)

[warning] 122-122: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.opencode/command/opsx-bulk-archive.md around lines 121 - 125, Add a
deterministic pre-check before running mv: construct a target variable (e.g.,
target="openspec/changes/archive/YYYY-MM-DD-<name>"), test existence with [ -e
"$target" ], and if it exists record/mark this change as Failed with a clear
error suggesting renaming the existing archive or choosing a different date and
then continue processing remaining changes; otherwise perform mv
openspec/changes/<name> "$target".

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Require explicit change selection when no change name is supplied.

Line 9 currently permits inference from conversation context; this can bypass explicit user choice and conflict with the repository’s OpenSpec safety flow. Make no-name handling always go through openspec list --json + AskUserQuestion selection.

Suggested doc fix

-**Input**: Optionally specify a change name after `/opsx-sync` (e.g., `/opsx-sync add-auth`). If omitted, check if it can be inferred from conversation context. If vague or ambiguous you MUST prompt for available changes.
+**Input**: Optionally specify a change name after `/opsx-sync` (e.g., `/opsx-sync add-auth`). If omitted, always prompt from available changes using AskUserQuestion.

Based on learnings: "Always prompt for change selection using AskUserQuestion tool if no change name is provided; run openspec list --json to get available changes and show only active (non-archived) changes with their schema information".

🧰 Tools

🪛 LanguageTool

[uncategorized] ~9-~9: Possible missing comma found.
Context: ... from conversation context. If vague or ambiguous you MUST prompt for available changes. ...

(AI_HYDRA_LEO_MISSING_COMMA)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.opencode/command/opsx-sync.md around lines 9 - 20, Update the /opsx-sync
flow so that when no change name is provided it does NOT infer from conversation
context; instead always run `openspec list --json`, filter for active
(non-archived) changes with delta specs under the specs/ directory, and present
those options to the user via the AskUserQuestion tool for explicit selection;
ensure the code path that previously allowed inference is removed or bypassed
and that only the AskUserQuestion-driven selection is used when the change name
is missing.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Typo: "Opionioated" → "Opinionated".

✏️ Proposed fix

-| `core.<name>`        | Home-Manager/NixOS | Opionioated configurations & features |
+| `core.<name>`        | Home-Manager/NixOS | Opinionated configurations & features |

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	| `core.<name>` | Home-Manager/NixOS | Opionioated configurations & features |
	| `core.<name>` | Home-Manager/NixOS | Opinionated configurations & features |

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.opencode/skills/modules/SKILL.md at line 133, Fix the typo in the SKILL.md
table row containing the `core.<name>` entry: change "Opionioated configurations
& features" to "Opinionated configurations & features" so the column reads
correctly; update the string in the markdown table row where `core.<name>` is
defined.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Resolve markdownlint warnings in fenced examples and heading structure.

This new file has repeated MD040/MD031 plus MD041. Please add a top-level heading and standardise fenced blocks with language identifiers and required blank-line spacing.

Also applies to: 86-93, 96-105, 143-157, 160-163, 168-180, 183-196, 200-210, 214-225, 229-233

🧰 Tools

🪛 markdownlint-cli2 (0.22.1)

[warning] 55-55: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.opencode/skills/openspec-bulk-archive-change/SKILL.md around lines 55 - 58,
Add a top-level heading to the SKILL.md (e.g., "# OpenSpec Bulk Archive Change")
and standardize all fenced code blocks by adding a language identifier (e.g.,
```text or ```diff as appropriate) and ensuring there is a blank line before and
after each fenced block; update the example blocks shown (and the other ranges
referenced) so each fenced block has the language tag and is separated by a
blank line from surrounding content to satisfy MD040/MD031/MD041.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add explicit per-change archive-target existence checks before mv.

Step 8b currently documents a direct mv but does not include the required pre-check flow. Add explicit logic to detect openspec/changes/archive/YYYY-MM-DD-<name> first, mark that change as failed, and continue with the batch.

Suggested doc fix

 b. **Perform the archive**:
-   ```bash
-   mkdir -p openspec/changes/archive
-   mv openspec/changes/<name> openspec/changes/archive/YYYY-MM-DD-<name>
-   ```
+   ```bash
+   mkdir -p openspec/changes/archive
+   # if target exists: mark this change failed and continue
+   # else: mv openspec/changes/<name> openspec/changes/archive/YYYY-MM-DD-<name>
+   ```

Based on learnings: "In the openspec-archive-change workflow, before moving a change to archive, check if the target archive directory already exists. If yes, fail with an error and suggest renaming the existing archive or using a different date".

Also applies to: 246-247

🧰 Tools

🪛 markdownlint-cli2 (0.22.1)

[warning] 129-129: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.opencode/skills/openspec-bulk-archive-change/SKILL.md around lines 128 -
133, Update Step 8b ("Perform the archive") to add an explicit pre-check before
the mv example (the line showing mv openspec/changes/<name>
openspec/changes/archive/YYYY-MM-DD-<name>): if the destination archive
directory already exists, mark that change as failed (emit an error and skip
this change) and continue processing the batch; otherwise perform the mv. Apply
the same change to the other occurrence referenced (the block around lines
246–247) so both examples show the existence check and failure/continue
behavior.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Drop the commented-out loginLimits entries.

Per the project's "prefer minimal comments; code should be self-explanatory" guideline, these dead variants (lines 47–48, 55) should be deleted rather than carried forward. If they're aspirational, capture the intent in a TODO at the top of the file or in docs.

As per coding guidelines: "Prefer minimal comments; code should be self-explanatory, using comments to explain why, not what".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/core/security.nix` around lines 47 - 55, Remove the dead
commented loginLimits variants and keep the active rule only (the block using
domain = "*", item = "nofile", value = toString cfg.userLimit) so the file is
minimal and self-explanatory; if the removed variants are aspirational, add a
single TODO at the top of the file or document the intent elsewhere rather than
leaving commented examples (reference the existing loginLimits-like entries and
cfg.userLimit to locate the code to edit).

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Set explicit mode/owner on the SSH host key secret.

Even though SOPS' default (0400 root:root) is acceptable to sshd, declaring it explicitly documents intent and protects against any future default change. Add restartUnits = [ "sshd.service" ] so a key rotation rolls sshd.

As per coding guidelines: "Configure sops.secrets declarations with proper owner, group, and mode (use restrictive mode like 0400 for secrets) and include restartUnits for services that depend on those secrets".

🛡️ Suggested change

       secrets = {
         SSH_PRIVATE_KEY = {
           path = "/etc/ssh/ssh_host_ed25519_key";
+          mode = "0400";
+          owner = "root";
+          group = "root";
+          restartUnits = [ "sshd.service" ];
         };
       };

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	secrets = {
	SSH_PRIVATE_KEY = {
	path = "/etc/ssh/ssh_host_ed25519_key";
	};
	};
	secrets = {
	SSH_PRIVATE_KEY = {
	path = "/etc/ssh/ssh_host_ed25519_key";
	mode = "0400";
	owner = "root";
	group = "root";
	restartUnits = [ "sshd.service" ];
	};
	};

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/core/sops.nix` around lines 49 - 53, The SSH_PRIVATE_KEY sops
secret lacks explicit ownership/mode and restart hooks; update the secrets
declaration for SSH_PRIVATE_KEY in modules/nixos/core/sops.nix to include owner
= "root", group = "root", mode = "0400" (restrictive file permissions) and add
restartUnits = [ "sshd.service" ] so sshd is restarted on key rotation; keep the
existing path = "/etc/ssh/ssh_host_ed25519_key" and ensure the same symbol name
SSH_PRIVATE_KEY is modified.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Avoid with pkgs; per repo style.

The repo guideline says to avoid with because it pollutes scope and hides dependencies. Spell out pkgs.<name> references explicitly here.

As per coding guidelines: "Avoid using with at module level as it pollutes scope and hides dependencies".

♻️ Suggested change

-      environment.systemPackages = with pkgs; [ wslu ];
+      environment.systemPackages = [ pkgs.wslu ];
@@
       hardware.graphics = {
         enable = true;
-        extraPackages = with pkgs; [
+        extraPackages = [
           config.hardware.graphics.package
           config.hardware.graphics.package32
-          libvdpau-va-gl
+          pkgs.libvdpau-va-gl
         ];
       };

Also applies to: 60-67

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/core/wsl.nix` at line 35, The use of "with pkgs;" around
environment.systemPackages hides dependencies—replace the implicit scope with
explicit references by removing "with pkgs;" and listing packages as pkgs.wslu
(and similarly update the other occurrences around the block that affect lines
60-67) so environment.systemPackages = [ pkgs.wslu ] (and update any other
package names in that section to pkgs.<name>); adjust any nearby package entries
that relied on the with-scope to use explicit pkgs.<name> references.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Consider wrapping the enables with mkDefault to preserve override-ability.

Setting core.display-manager.enable = true; and core.remote.enable = true; at standard priority means any desktop host that imports this module can no longer simply set them to false. That is fine if the intent is hard-coded behaviour, but note that modules/nixos/core/display-manager.nix already provides mkDefault (!config.host.device.isHeadless), so this hard-set is a higher priority override. A mkDefault here would let hosts (e.g., a VM or kiosk variant) opt out without resorting to mkForce.

♻️ Proposed refactor

   config = {
     core = {
-      display-manager.enable = true;
-      remote.enable = true;
+      display-manager.enable = lib.mkDefault true;
+      remote.enable = lib.mkDefault true;
     };
   };

(or destructure mkDefault via let inherit (lib) mkDefault; in and add lib to the module arguments)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	config = {
	core = {
	display-manager.enable = true;
	remote.enable = true;
	};
	};
	config = {
	core = {
	display-manager.enable = lib.mkDefault true;
	remote.enable = lib.mkDefault true;
	};
	};

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/desktop/default.nix` around lines 8 - 13, The module sets
core.display-manager.enable and core.remote.enable to true at normal priority
which prevents hosts from overriding them; change these assignments to use
mkDefault (e.g., core.display-manager.enable = mkDefault true and
core.remote.enable = mkDefault true) so they remain defaultable by downstream
hosts; if mkDefault isn't in scope, import it from lib (or destructure via let
inherit (lib) mkDefault; in) and ensure lib is present in the module args.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify how services-zeroclaw flake input is structured to know the correct import form.
fd -t f 'flake\.nix' --max-depth 3 | head -5
rg -nP --type=nix -C2 '\bservices-zeroclaw\b'

Repository: DaRacci/nix-config

Length of output: 848

---

Prefer the raw flake input over string interpolation.

"${inputs.services-zeroclaw}" unnecessarily coerces the input to a string. Since services-zeroclaw is configured as a non-flake input pointing directly to the .nix module file, importing it directly is more idiomatic:

♻️ Suggested refactor

-  imports = lib.optional importExternals "${inputs.services-zeroclaw}";
+  imports = lib.optional importExternals inputs.services-zeroclaw;

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	imports = lib.optional importExternals "${inputs.services-zeroclaw}";
	imports = lib.optional importExternals inputs.services-zeroclaw;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/services/ai-agent.nix` at line 15, The imports line uses string
interpolation for the flake input; change the use of
"${inputs.services-zeroclaw}" to the raw flake input inputs.services-zeroclaw in
the imports expression (keep the surrounding lib.optional and importExternals
call intact) so the module imports the non-flake input directly instead of
coercing it to a string; update the expression that references
inputs.services-zeroclaw accordingly.

[coderabbitai]

Review continued from previous batch...

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Avoid with pkgs; in favour of explicit references.

The repository guidelines call out with usage as scope-polluting and recommend explicit references. Several spots in this module reach for with pkgs; to build small package lists; these can be flattened easily.

♻️ Example refactor

-      environment.systemPackages = with pkgs; [
-        android-tools
-      ];
+      environment.systemPackages = [ pkgs.android-tools ];

-          extraPackages = with pkgs; [
-            xwayland-run
-            # Steam logs errors about missing these, not sure for what though.
-            xwininfo
-          ];
+          extraPackages = [
+            pkgs.xwayland-run
+            # Steam logs errors about missing these, not sure for what though.
+            pkgs.xwininfo
+          ];

As per coding guidelines: "Avoid using with at module level as it pollutes scope and hides dependencies".

Also applies to: 69-74, 167-167, 209-209, 225-225, 238-244, 358-363

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/core/gaming.nix` around lines 53 - 55, Replace the use of "with
pkgs;" in the environment.systemPackages block by referencing packages
explicitly (e.g. replace the implicit android-tools reference with
pkgs.android-tools) so the module does not pollute scope; update the same
pattern at the other spots called out (the other package lists that use "with
pkgs;" or implicit names), ensuring every package entry is prefixed with pkgs.
and remove the "with pkgs;" statements (refer to environment.systemPackages and
android-tools to locate the first occurrence and mirror that change for the
other occurrences).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

$XDG_RUNTIME_DIR will not be expanded inside extraEnv.

pkgs.steam.override { extraEnv = { ... }; } writes these values into the Steam wrapper as literal environment values; the string "$XDG_RUNTIME_DIR/wivrn/comp_ipc" is set verbatim, not shell-expanded. Pressure-vessel will then receive a literal $XDG_RUNTIME_DIR/... path, which Steam/pressure-vessel does not interpolate. Consider either:

• using /run/user/$UID/wivrn/comp_ipc (still literal, but may be evaluated by pressure-vessel which does support $UID/$XDG_RUNTIME_DIR), or
• verifying the steam wrapper actually expands shell variables for extraEnv values.

#!/bin/bash
# Inspect how steam.override writes extraEnv into the wrapper script.
fd -i 'steam.nix' | head -5
fd -i 'fhsenv-steam.nix|fhsenv\.nix|steam-fhsenv-without-steam' | head -5

Does pressure-vessel expand $XDG_RUNTIME_DIR in PRESSURE_VESSEL_FILESYSTEMS_RW?

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/core/gaming.nix` at line 65, The env value set in
pkgs.steam.override extraEnv uses the literal string
"$XDG_RUNTIME_DIR/wivrn/comp_ipc" which will not be shell-expanded by the Steam
wrapper; update the PRESSURE_VESSEL_FILESYSTEMS_RW assignment (in the extraEnv
block) to provide a path that will be interpreted correctly at runtime—either
hardcode the runtime path using /run/user/$UID/wivrn/comp_ipc (so
pressure-vessel can expand $UID) or compute and inject the resolved path into
extraEnv via Nix (so the wrapper receives the actual absolute path); ensure you
update the extraEnv entry and test the resulting wrapper script to confirm
expansion.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Confirm wivrn module application option type and check upstream wayvr binary name.
rg -nP -C3 '\bapplication\b' | rg -nP --type=nix -C2 'wivrn'

Repository: DaRacci/nix-config

Length of output: 44

---

🏁 Script executed:

cd /root/repo && find . -name "gaming.nix" -type f

Repository: DaRacci/nix-config

Length of output: 123

---

🏁 Script executed:

cd /root/repo && sed -n '110,130p' modules/nixos/core/gaming.nix

Repository: DaRacci/nix-config

Length of output: 123

---

🏁 Script executed:

cd /root/repo && rg -n "services\.wivrn" --type nix | head -20

Repository: DaRacci/nix-config

Length of output: 123

---

🏁 Script executed:

cd /root/repo && rg -n "wivrn" --type nix | grep -E "(options|config|mkOption)" | head -20

Repository: DaRacci/nix-config

Length of output: 123

---

🏁 Script executed:

cd /root/repo && fd -n "wivrn" --type f

Repository: DaRacci/nix-config

Length of output: 123

---

🏁 Script executed:

sed -n '110,130p' modules/nixos/core/gaming.nix

Repository: DaRacci/nix-config

Length of output: 863

---

🏁 Script executed:

rg -n 'wivrn' --type nix -A 5 -B 5

Repository: DaRacci/nix-config

Length of output: 3027

---

🏁 Script executed:

fd 'wayvr' --type f

Repository: DaRacci/nix-config

Length of output: 44

---

🏁 Script executed:

fd 'wivrn' --type f

Repository: DaRacci/nix-config

Length of output: 44

---

🏁 Script executed:

sed -n '83,130p' modules/nixos/core/gaming.nix

Repository: DaRacci/nix-config

Length of output: 1612

---

🏁 Script executed:

rg -n "application.*=" modules/nixos/core/gaming.nix -B2 -A2

Repository: DaRacci/nix-config

Length of output: 189

---

🏁 Script executed:

rg -n "\.wayvr" --type nix

Repository: DaRacci/nix-config

Length of output: 140

---

🏁 Script executed:

rg -n "getExe" --type nix | head -20

Repository: DaRacci/nix-config

Length of output: 1727

---

🏁 Script executed:

rg -n "/bin/" modules/nixos/core/gaming.nix

Repository: DaRacci/nix-config

Length of output: 44

---

🏁 Script executed:

rg -n "builtins.toJSON" modules/nixos/core/gaming.nix

Repository: DaRacci/nix-config

Length of output: 44

---

🌐 Web query:

wivrn nixpkgs module application option type json

💡 Result:

In the nixpkgs NixOS module for WiVRn, the module option services.wivrn.config.json is implemented as services.wivrn.config.json = mkOption { type = configFormat.type; default = { }; ... }. So, the option’s “application option type” is not a raw JSON string type; it is a NixOS module option typed as the module’s JSON format type (configFormat.type), with default {} (empty attrset). The WiVRn module documentation explicitly states that “Configuration for WiVRn” is serialized to JSON in config.json, and that the application attribute in that configuration is “a list including the application and it's flags”, with the NixOS module requiring the first element to be a package/derivation. Evidence from the module source shows: - the option definition of config.json uses type = configFormat.type and default = { } - the option description states it will be serialized to JSON and that application is a list where the first element must be a package; it’s passed to lib.toList. Also, upstream Nix builtins include toJSON/fromJSON facilities, and NixOS module option “types” (e.g., types.attrs, types.listOf, etc.) are what constrain/merge module values; the WiVRn module leverages a JSON-format type rather than directly typing it as types.attrs in this specific option declaration.

Citations:

• 1: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/video/wivrn.nix
• 2: https://mynixos.com/nixpkgs/option/services.wivrn.config.json
• 3: https://releases.nixos.org/nix/nix-2.13.5/manual/language/builtins.html
• 4: https://nlewo.github.io/nixos-manual-sphinx/development/option-types.xml.html

---

🌐 Web query:

wayvr nixpkgs package binary executable

💡 Result:

WayVR is packaged in nixpkgs as the "wayvr" package, providing a binary executable for accessing Wayland/X11 desktops in VR environments like SteamVR, Monado, WiVRn (OpenVR + OpenXR support). The current version in nixos-unstable is 26.2.1. Install via nixpkgs by adding pkgs.wayvr to environment.systemPackages or using nix shell nixpkgs#wayvr. The main executable is /nix/store/...-wayvr/bin/wayvr (mainProgram = "wayvr"). It supports features like openxr, osc, x11, wayland, and optionally openvr. Official WayVR docs also reference the nixpkgs package.

Citations:

• 1: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/wa/wayvr/package.nix
• 2: https://mynixos.com/nixpkgs/package/wayvr
• 3: https://wayvr.org/docs/basics/installation/
• 4: https://github.com/wlx-team/wayvr
• 5: https://github.com/wayvr-org/wayvr

---

Use lib.getExe pkgs.wayvr to reference the executable path, not the package derivation.

When services.wivrn.config.json.application is serialised to JSON, passing a bare package derivation pkgs.wayvr coerces to the store path of the package directory (e.g. /nix/store/...-wayvr), not the executable binary at /nix/store/...-wayvr/bin/wayvr. This would cause wivrn to fail launching the application. Use lib.getExe pkgs.wayvr to get the full path to the wayvr executable.

🐛 Suggested fix

-              application = [ pkgs.wayvr ];
+              application = [ (lib.getExe pkgs.wayvr) ];

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	application = [ pkgs.wayvr ];
	application = [ (lib.getExe pkgs.wayvr) ];

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/core/gaming.nix` at line 120, The application field is
currently set to the package derivation pkgs.wayvr which serialises to the
package store directory instead of the executable; update the value to use
lib.getExe pkgs.wayvr so services.wivrn.config.json.application contains the
actual binary path (/nix/store/.../bin/wayvr). Locate the assignment to
application (currently "application = [ pkgs.wayvr ];") and replace the
derivation with lib.getExe pkgs.wayvr (ensuring the JSON serialization now
contains the executable path and not the package folder).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

What ports and protocols does ALVR use for its dashboard, OSC, and streaming traffic?

💡 Result:

ALVR uses the following ports and protocols: Dashboard: TCP port 8082 (HTTP/WebSocket API at http://localhost:8082, used for configuration, events, and management). OSC: UDP, configurable port (e.g., for VRChat body/eye tracking; defaults like 41492 (0xA1F7 hex) for VRCFT, user-set for VrchatEyeOsc/BodyOsc). Streaming traffic: - Discovery: UDP/TCP port 9943 (broadcast for device discovery, control socket). - Data streaming: TCP/UDP port 9944 (configurable stream port for video/audio/control data; UDP preferred for performance).

Citations:

• 1: https://github.com/alvr-org/ALVR/wiki/Headset-and-ALVR-streamer-on-separate-networks
• 2: https://github.com/alvr-org/ALVR/wiki/Troubleshooting
• 3: https://deepwiki.com/alvr-org/ALVR/4.1-dashboard
• 4: ALVR Never opens Dashboard alvr-org/ALVR#1194
• 5: https://github.com/korejan/ALVR/wiki/Usage
• 6: https://deepwiki.com/alvr-org/ALVR/2.4-communication-protocol
• 7: https://github.com/alvr-org/ALVR/wiki/How-ALVR-works
• 8: https://github.com/alvr-org/ALVR/blob/master/wiki/How-ALVR-works.md
• 9: https://github.com/alvr-org/ALVR/blob/dc3abf3b/alvr/server_core/src/tracking/body.rs
• 10: https://github.com/alvr-org/ALVR/blob/dc3abf3b/alvr/server_core/src/tracking/face.rs

---

Correct the ALVR port and protocol configuration.

Based on ALVR's official documentation, the port configuration is incorrect:

• Port 8082 (Dashboard): TCP only (HTTP/WebSocket API), not both UDP and TCP
• Port 9942 (OSC): Not documented as an ALVR port. ALVR's OSC uses configurable UDP ports (e.g., 41492 for VRCFT)
• Streaming: Should use documented ports 9943 (discovery, UDP/TCP) and 9944 (data streaming, TCP/UDP with UDP preferred), not 9942

The current code incorrectly applies the same port list to both allowedUDPPorts and allowedTCPPorts. Separate the ports by protocol: Dashboard on TCP 8082, streaming on 9943/9944 with appropriate protocols, and configure OSC separately with the actual UDP port being used.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/core/gaming.nix` around lines 134 - 141, The ALVR port/protocol
mapping is wrong and currently uses alvrPorts for both allowedUDPPorts and
allowedTCPPorts; update the implementation to separate TCP vs UDP lists: keep
config.programs.alvr.enable gating, create alvrTcpPorts = [ 8082 9943 9944 ] but
restrict 8082 to TCP-only, and create alvrUdpPorts = [ 9943 9944 ] (and add the
OSC UDP port as a separate configurable value, e.g., alvrOscUdpPort defaulting
to 41492, included only in alvrUdpPorts), then set allowedTCPPorts and
allowedUDPPorts to those respective lists instead of the single alvrPorts
variable so Dashboard (8082) is TCP-only, streaming ports 9943/9944 include both
where appropriate, and OSC uses the proper UDP port.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Inner while true loop is unbounded and never exits — Restart=always cannot recover from a stuck state.

Combined with Restart = "always", the script's outermost while true plus tail --pid means systemd has no way to observe a "completed" run. If tail --pid ever returns immediately (e.g. PID reuse or /proc race), the loop will tight-spin between systemctl start/systemctl stop until sleep 2 kicks in. Consider:

• Removing the outermost while true and relying solely on Restart = "always" + RestartSec, so each invocation waits for one Steam lifecycle then exits.
• Validating that /proc/$STEAM_PID/comm actually contains steam (defending against PID reuse) before treating the file as live.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/core/gaming.nix` around lines 182 - 200, The inner infinite
loop and use of tail --pid inside the outer while true makes the script never
exit and defeats systemd's Restart=always; remove the outermost while true and
let systemd handle restarts (keep a single run per process lifecycle), and
before treating STEAM_PID from STEAM_PID_FILE as live, validate
/proc/$STEAM_PID/comm contains "steam" (or equivalent expected process name) to
avoid PID reuse races; keep the existing calls to systemctl start/stop
decky-loader.service and the tail --pid logic but ensure the script returns
after the Steam process exits so Restart=always + RestartSec can recover
cleanly.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Hardcoded guest names win11 / win11-gaming should be configurable.

The hook tmpfiles list iterates over a fixed [ "win11" "win11-gaming" ]. Expose this as an option (e.g. core.virtualisation.isolatedGuests) so other hosts can use a different guest set without forking the module.

As per coding guidelines: "Avoid hardcoded paths that should be configurable options".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/core/virtualisation.nix` around lines 444 - 463, The machines
list currently hardcodes guest names ["win11" "win11-gaming"]; make this a
configurable option (e.g. core.virtualisation.isolatedGuests) and use that
option when building the machines variable instead of the literal list so hosts
can override it. Update the module options to declare isolatedGuests (type
listOf strings, sensible default ["win11","win11-gaming"]), then replace the
literal list in the machines fold/map with that option; keep the existing use of
getExe and hook names (win-isolation-start, win-isolation-release, detach-gpu,
attach-gpu) unchanged so only the guest set becomes configurable.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Generate firmware JSON via builtins.toJSON rather than heredoc strings.

The two firmware descriptors are emitted as inline JSON string literals through cat <<EOF. Per repo guidelines, structured output should be assembled as a Nix attrset and serialised with builtins.toJSON, which gives compile-time validation, free escaping, and avoids a runCommand shell step.

♻️ Suggested fix sketch

let
  mkFirmware = name: attrs: pkgs.writeTextDir "share/firmware/${name}" (builtins.toJSON attrs);
  enrolled = mkFirmware "30-edk2-ovmf-x64-sb-enrolled.json" {
    description = "OVMF with SB+SMM, SB enabled, MS certs enrolled";
    interface-types = [ "uefi" ];
    mapping = {
      device = "flash";
      mode = "split";
      executable  = { filename = "/run/libvirt/nix-ovmf/OVMF_CODE.ms.fd"; format = "raw"; };
      nvram-template = { filename = "/run/libvirt/nix-ovmf/OVMF_VARS.ms.fd"; format = "raw"; };
    };
    targets  = [ { architecture = "x86_64"; machines = [ "pc-q35-*" ]; } ];
    features = [ "acpi-s3" "enrolled-keys" "requires-smm" "secure-boot" "verbose-dynamic" ];
    tags     = [ ];
  };
  signed = mkFirmware "40-edk2-ovmf-x64-sb.json" { /* ... */ };
  qemuFirmware = pkgs.symlinkJoin { name = "qemu-firmware"; paths = [ enrolled signed ]; };
in
...

As per coding guidelines: "When generating JSON, YAML, or other structured formats, define as Nix attribute sets and convert using builtins functions (e.g., builtins.toJSON), rather than using inline string literals".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/core/virtualisation.nix` around lines 465 - 532, The firmware
JSON files are being emitted via shell heredocs inside qemuFirmware; replace
that with Nix-native construction by building Nix attrsets for each descriptor
and serialising them with builtins.toJSON (e.g., add a small mkFirmware helper
that uses pkgs.writeText or pkgs.writeTextDir to write builtins.toJSON attrs
into "30-...json" and "40-...json"), then produce qemuFirmware as a
pkgs.symlinkJoin (or similar) over those generated files instead of using
runCommand and cat heredocs; update the mapping/targets/features/tags keys to be
proper Nix attrsets and lists so builtins.toJSON can validate them.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Duplicate virtio-win entry in systemPackages.

virtio-win is listed twice (lines 552 and 554). Drop the duplicate.

🐛 Suggested fix

       systemPackages = with pkgs; [
         virt-manager
         virtiofsd
         virtio-win
         win-spice
-        virtio-win
       ];

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	systemPackages = with pkgs; [
	virt-manager
	virtiofsd
	virtio-win
	win-spice
	virtio-win
	];
	systemPackages = with pkgs; [
	virt-manager
	virtiofsd
	virtio-win
	win-spice
	];

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/core/virtualisation.nix` around lines 549 - 555, Duplicate
package entry: remove the extra "virtio-win" from the systemPackages array so
each package appears only once; locate the systemPackages = with pkgs; [...]
block and delete the repeated "virtio-win" entry while preserving the other
entries (virt-manager, virtiofsd, win-spice).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify whether linuxPackages.nvidia_x11_latest exists on the input nixpkgs.
rg -nP '\bnvidia_x11_latest\b' -C2
fd -t f 'wsl.nix' modules hosts 2>/dev/null | xargs -I{} rg -nP -H 'nvidia|wsl/lib' {} 2>/dev/null

Repository: DaRacci/nix-config

Length of output: 1084

---

🏁 Script executed:

cat -n modules/nixos/core/wsl.nix

Repository: DaRacci/nix-config

Length of output: 3631

---

🏁 Script executed:

rg -n 'hardware\.nvidia' modules/ hosts/ 2>/dev/null | head -20

Repository: DaRacci/nix-config

Length of output: 44

---

🏁 Script executed:

rg -n 'nvidia' modules/ hosts/ 2>/dev/null | head -30

Repository: DaRacci/nix-config

Length of output: 2668

---

🏁 Script executed:

cat -n modules/nixos/core/hardware/graphics.nix

Repository: DaRacci/nix-config

Length of output: 5894

---

Guard NVIDIA paths behind GPU configuration check.

pkgs.linuxPackages.nvidia_x11_latest and /usr/lib/wsl/lib are injected unconditionally into LD_LIBRARY_PATH, EXTRA_LDFLAGS, and NIX_LD_LIBRARY_PATH_x86_64_linux whenever WSL is enabled. This pulls NVIDIA packages into the system closure even on AMD or Intel WSL hosts, causing unnecessary bloat and potential runtime mismatches.

Use config.hardware.graphics.hasNvidia (already available in this codebase) to gate these paths conditionally, or create a dedicated core.wsl.gpu.nvidia sub-option for explicit control.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/core/wsl.nix` around lines 45 - 58, The NVIDIA-specific paths
and flags in environment.sessionVariables (EXTRA_LDFLAGS, EXTRA_CCFLAGS,
LD_LIBRARY_PATH, NIX_LD_LIBRARY_PATH_x86_64_linux) are being added
unconditionally; change the implementation to conditionally append those entries
only when GPU support is enabled by checking config.hardware.graphics.hasNvidia
(or a new core.wsl.gpu.nvidia boolean if you prefer explicit opt-in). Locate the
block setting CUDA_PATH, EXTRA_LDFLAGS, EXTRA_CCFLAGS and the LD_LIBRARY_PATH
lists and wrap/merge the nvidia_x11_latest and /usr/lib/wsl/lib entries into
those variables only when the guard is true so non-NVIDIA hosts do not pull
pkgs.linuxPackages.nvidia_x11_latest into the closure.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Simplify hmUsers membership check.

attrNames config.home-manager.users is recomputed for every user. Use the ? operator to test attribute presence directly.

♻️ Suggested simplification

-  hmUsers = filter (user: elem user (attrNames config.home-manager.users)) (
-    attrNames config.users.users
-  );
+  hmUsers = filter (user: config.home-manager.users ? ${user}) (
+    attrNames config.users.users
+  );

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	hmUsers = filter (user: elem user (attrNames config.home-manager.users)) (
	attrNames config.users.users
	);
	hmUsers = filter (user: builtins.hasAttr user config.home-manager.users) (
	attrNames config.users.users
	);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/hm-helper/default.nix` around lines 17 - 19, hmUsers currently
tests membership by computing attrNames config.home-manager.users for every
user; instead change the filter predicate to directly test presence using the
attribute-existence operator on config.home-manager.users. Update the hmUsers
binding so it filters attrNames config.users.users with the predicate (user:
config.home-manager.users ? user) (referencing hmUsers,
config.home-manager.users and attrNames config.users.users) to avoid recomputing
attrNames and simplify the check.