feat: cluster test framework

[DaRacci]

Based off #544

Summary by CodeRabbit

Release Notes

• New Features

  • Added RGB lighting support for desktop systems
  • Enabled VFIO passthrough capabilities for desktop hardware virtualisation
  • Introduced VM guest configuration option for desktop hosts

• Documentation

  • Updated service and desktop module documentation with current file locations

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request reorganises NixOS modules by relocating display manager and remote access components to a features subdirectory, moving service modules to shared/services/, and refactoring the core module into a dedicated directory with expanded functionality. It adds new desktop features for RGB lighting and VFIO passthrough, introduces infrastructure for cluster testing, and updates corresponding documentation references.

Changes

Cohort / File(s)	Summary
Documentation Reference Updates docs/src/modules/nixos/desktop.md, docs/src/modules/nixos/services.md	Updated module entry-point paths to reflect reorganised locations under shared/features/ and shared/services/ directories.
Service Module Relocations modules/home-manager/services/mcpo.nix, lib/builders/mkSystem.nix	Updated import paths for service modules moved from modules/nixos/services/ to modules/nixos/shared/services/.
Display Manager & Remote Access Migration modules/nixos/desktop/default.nix, modules/nixos/laptop/default.nix	Updated imports to reference feature-scoped modules at ../shared/features/display-manager.nix and ../shared/features/remote.nix.
Desktop Feature Additions modules/nixos/desktop/default.nix, modules/nixos/desktop/virtual-machine.nix	Added RGB lighting (./rgb.nix) and VFIO passthrough (./vfio.nix) to desktop imports; changed mounts option type to types.attrsOf types.anything.
Core Module Reorganisation modules/nixos/shared/core.nix, modules/nixos/shared/core/default.nix	Relocated core module into dedicated directory with expanded configuration logic including audio, Bluetooth, network, and non-headless conditional blocks; moved from modules/nixos/ exports.
Core Printing Reconfiguration modules/nixos/shared/core/printing.nix	Updated conditional gate to require both cfg.enable and cfg.printing.enable flags; changed cfg binding to reference core config rather than printing subconfig.
Module Exports Restructure modules/nixos/default.nix, modules/nixos/shared/default.nix	Removed top-level exports (boot, hardware, vfio, host, services, virtual-machine); retained only shared export; updated shared imports to include ./services.
Module Deletion modules/nixos/encrypted-root.nix, modules/nixos/proxies.nix	Removed encrypted-root module with LUKS device configuration and proxies stub module.
Server Test Infrastructure modules/nixos/server/default.nix, modules/nixos/server/tests.nix	Added tests module import; introduced new server.tests options defining cluster test configuration with enable flag, units subtree, and testScript support for Python test code.
CI & Flake Infrastructure flake/ci/flake-module.nix, flake/default.nix	Extended CI module with config parameter and new perSystem function for cluster checks; mapped checks attribute to "ci" partition and removed it from lib.genAttrs.
Test Framework tests/default.nix, tests/lib.nix, tests/mkNode.nix	Added new test infrastructure: cluster test runner, node configuration builder, and utility for running code on all nodes.

Sequence Diagram(s)

sequenceDiagram
    participant Test as Test Runner<br/>(tests/default.nix)
    participant Nodes as Node Factory<br/>(tests/mkNode.nix)
    participant System as System Module<br/>(modules/flake/apply/system.nix)
    participant TestLib as Test Utilities<br/>(tests/lib.nix)
    participant Scripts as Test Scripts

    Test->>Nodes: For each clusterHost, create node config
    Nodes->>System: Import system module with allocations & hostName
    System-->>Nodes: Return configured node
    Nodes-->>Test: Collect configured nodes
    Test->>Scripts: Start all nodes, initialize test context
    Scripts->>TestLib: Use runOnAllNodes utility
    TestLib->>Scripts: Generate per-node subtest blocks
    Scripts->>Scripts: Wait for multi-user.target on each node
    Scripts-->>Test: Test execution complete

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~30 minutes

Poem

🐰 Hop, hop! The modules reorganise,
Features nestled, services comprise,
Tests dance between the nodes with glee,
A cluster chorus—one, two, three!
The core expands with logic bright,
All paths aligned, the structure's right! 🌟

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'feat: cluster test framework' directly aligns with the main objective, as evidenced by commit messages mentioning 'feat: added the cluster test framework' and the addition of comprehensive test infrastructure (tests/default.nix, tests/lib.nix, tests/mkNode.nix, modules/nixos/server/tests.nix).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch push-xvsqsqnwmrup

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🔴 Enforce conventional commit

This rule is failing.

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

• title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert)(?:\(.+\))?:

🔴 Do not merge outdated PRs

This rule is failing.

Make sure PRs are almost up to date before merging

• #commits-behind <= 10

[mergify]

🧪 CI Insights

Here's what we observed from your CI run for 072e115.

🟢 All jobs passed!

But CI Insights is watching 👀

[coderabbitai]

Actionable comments posted: 6

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

flake/ci/flake-module.nix (1)

12-29: ⚠️ Potential issue | 🟠 Major

checks.cluster never consults the new server.tests.enable flag.

clusterHosts is derived only from getHostsByType self, and tests/default.nix:17-19 turns every entry in that list into a VM node. As written, flipping server.tests.enable in modules/nixos/server/tests.nix cannot change which hosts participate in the cluster test, so the new opt-in flag is ineffective for membership.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@flake/ci/flake-module.nix` around lines 12 - 29, The cluster test currently
uses clusterHosts = (getHostsByType self).server or [] which ignores the new
server.tests.enable flag; update the clusterHosts computation so it filters the
hosts list to only include hosts whose server.tests.enable is true (i.e.,
evaluate each host's module/config and keep it only when server.tests.enable is
truthy) before passing clusterHosts into checks.cluster (references:
clusterHosts, getHostsByType, checks.cluster, server.tests.enable,
tests/default.nix).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/src/modules/nixos/desktop.md`:
- Around line 7-8: The docs currently imply RGB and VFIO are enabled by default;
update the desktop.md wording to state these are opt-in features and are only
enabled when their config flag is set (they are gated with mkIf cfg.enable in
the rgb.nix and vfio.nix modules), and clarify how
modules/nixos/desktop/default.nix composes those modules rather than enabling
them globally; change the two spots called out to mention "opt-in via
cfg.enable" and mirror the suggested wording.

In `@modules/nixos/desktop/virtual-machine.nix`:
- Around line 92-96: The mounts option currently uses mkOption with type =
types.attrsOf types.anything which removes validation; update the description
for the mounts option (the mkOption named "mounts") to document the expected
attribute structure and provide a concrete example showing host-path keys
mapping to attrs including target and readonly (e.g. host path -> { target =
"/guest/path"; readonly = false; }) so users know the required fields and shape;
keep the existing type but make the description clear and copyable for users.

In `@modules/nixos/server/tests.nix`:
- Around line 10-11: The module is incorrectly inheriting type helpers from lib
(which has no .type); update the inherits to pull from lib.types so the NixOS
module type helpers are resolved: change the first inherit to reference
lib.types when bringing in type, mkOption and mkEnableOption, and change the
second inherit to reference lib.types for submodule, attrsOf, either, listOf,
str, bool, functionTo (or alternatively only import type once and then inherit
(type) ...), ensuring mkOption, mkEnableOption, submodule, attrsOf, either,
listOf, str, bool, and functionTo come from lib.types.
- Around line 17-38: The options declaration for server.tests.units currently
assigns a raw attrsOf (submodule ...) value instead of an option; wrap the whole
attrsOf (submodule ({ name, ... }: { ... })) expression in mkOption so
server.tests.units is an actual Nix option. Specifically, replace the bare units
= attrsOf (...) with units = mkOption (attrsOf (submodule ({ name, ... }: {
options = { ... } }))) (or equivalent mkOption form), keeping the same inner
options (name, testScript) to match other modules (metrics.nix, mcpo.nix,
virtual-machine.nix, dashboard.nix) that use mkOption for units.

In `@tests/lib.nix`:
- Around line 6-9: The helper runOnAllNodes is passing the literal string
"node.name" to the callback so callers receive a string instead of the node
object; change the interpolation so the callback is invoked with the node object
(not node.name) inside the for-loop/subtest, i.e. pass node into ${f(...)} so
callers can call methods like wait_for_unit on the actual node object; update
any related docs/tests to expect the node object argument and keep using
subtest(node.name) as the subtest label.

In `@tests/mkNode.nix`:
- Around line 7-11: The test node import currently uses only
modules/flake/apply/system.nix causing tests to build minimal VMs; update the
imports to build test nodes with the full production module stack by either
reusing the existing builder lib/builders/mkSystem.nix or by expanding the
imports to include the NixOS modules, device-type modules, host directory and
shared config modules (preserve existing attributes like allocations, hostName
and deviceType). Locate the imports block that references
modules/flake/apply/system.nix and replace it with a call to
lib/builders/mkSystem.nix (or mirror its module list) so test VMs are built the
same way as production.

---

Outside diff comments:
In `@flake/ci/flake-module.nix`:
- Around line 12-29: The cluster test currently uses clusterHosts =
(getHostsByType self).server or [] which ignores the new server.tests.enable
flag; update the clusterHosts computation so it filters the hosts list to only
include hosts whose server.tests.enable is true (i.e., evaluate each host's
module/config and keep it only when server.tests.enable is truthy) before
passing clusterHosts into checks.cluster (references: clusterHosts,
getHostsByType, checks.cluster, server.tests.enable, tests/default.nix).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 4df9fa6f-3aca-4579-86f4-9a365402645c

📥 Commits

Reviewing files that changed from the base of the PR and between baec492 and 072e115.

📒 Files selected for processing (60)

• docs/src/modules/nixos/desktop.md
• docs/src/modules/nixos/services.md
• flake/ci/flake-module.nix
• flake/default.nix
• home/shared/applications/media.nix
• home/shared/desktop/gnome/default.nix
• lib/builders/mkSystem.nix
• modules/home-manager/services/mcpo.nix
• modules/nixos/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/desktop/rgb.nix
• modules/nixos/desktop/vfio.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/encrypted-root.nix
• modules/nixos/laptop/default.nix
• modules/nixos/proxies.nix
• modules/nixos/server/default.nix
• modules/nixos/server/proxy/kanidm.nix
• modules/nixos/server/tests.nix
• modules/nixos/shared/core.nix
• modules/nixos/shared/core/auto-upgrade.nix
• modules/nixos/shared/core/boot/default.nix
• modules/nixos/shared/core/boot/quietboot.nix
• modules/nixos/shared/core/boot/secureboot.nix
• modules/nixos/shared/core/boot/systemd-boot.nix
• modules/nixos/shared/core/default.nix
• modules/nixos/shared/core/hardware/backlight.nix
• modules/nixos/shared/core/hardware/biometrics.nix
• modules/nixos/shared/core/hardware/bluetooth.nix
• modules/nixos/shared/core/hardware/cooling.nix
• modules/nixos/shared/core/hardware/default.nix
• modules/nixos/shared/core/hardware/display.nix
• modules/nixos/shared/core/hardware/graphics.nix
• modules/nixos/shared/core/hardware/openrgb.nix
• modules/nixos/shared/core/hardware/storage/default.nix
• modules/nixos/shared/core/hardware/storage/ephemeral.nix
• modules/nixos/shared/core/hardware/storage/maintenance.nix
• modules/nixos/shared/core/hardware/storage/partitions/btrfs.nix
• modules/nixos/shared/core/hardware/storage/partitions/esp.nix
• modules/nixos/shared/core/hardware/storage/partitions/luks.nix
• modules/nixos/shared/core/hardware/storage/partitions/tmpfs.nix
• modules/nixos/shared/core/host/default.nix
• modules/nixos/shared/core/host/device.nix
• modules/nixos/shared/core/host/persistence.nix
• modules/nixos/shared/default.nix
• modules/nixos/shared/features/display-manager.nix
• modules/nixos/shared/features/hm-helper/1password.nix
• modules/nixos/shared/features/hm-helper/default.nix
• modules/nixos/shared/features/hm-helper/kde-connect.nix
• modules/nixos/shared/features/hm-helper/mpv.nix
• modules/nixos/shared/features/hm-helper/nautilus.nix
• modules/nixos/shared/features/remote.nix
• modules/nixos/shared/services/default.nix
• modules/nixos/shared/services/huntress.nix
• modules/nixos/shared/services/mcpo.nix
• modules/nixos/shared/services/metrics.nix
• modules/nixos/shared/services/tailscale.nix
• tests/default.nix
• tests/lib.nix
• tests/mkNode.nix

💤 Files with no reviewable changes (4)

• modules/nixos/default.nix
• modules/nixos/encrypted-root.nix
• modules/nixos/proxies.nix
• modules/nixos/shared/core.nix

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)

• GitHub Check: Build nixosConfigurations.nixmi.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixarr.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixdev.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixcloud.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixio.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build homeConfigurations.racci.activationPackage on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixmon.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixserv.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixai.config.system.build.toplevel on x86_64-linux
• GitHub Check: Mergify Merge Protections
• GitHub Check: Summary

🧰 Additional context used

📓 Path-based instructions (15)

**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/building/SKILL.md)

Use nix fmt to format Nix code and check syntax

**/*.nix: Run nix fmt <paths...> after making any changes to ensure consistent formatting
Use 2 spaces for indentation in Nix files
Use kebab-case for Nix file and directory names
Use camelCase for Nix attributes (e.g., myOption, enableFeature)
Use camelCase for Nix option paths (e.g., services.myService.enable)
Prefer minimal comments; code should be self-explanatory, using comments to explain why, not what
Prefer relative imports over absolute imports (e.g., ./modules/foo.nix)
Group imports at the top of the Nix file and use list format for multiple imports
When generating JSON, YAML, or other structured formats, define as Nix attribute sets and convert using builtins functions (e.g., builtins.toJSON), rather than using inline string literals
Follow the standard module structure pattern with config, lib, pkgs destructuring, let bindings for module configuration, and options/config sections
Use let bindings with inherit for importing functions from libraries (e.g., inherit (lib) mkIf mkEnableOption)

Run nix fmt to format code before submitting changes

**/*.nix: Use builtins.trace to add trace statements for seeing values during Nix evaluation, with builtins.toJSON for complex attribute sets
Check for circular dependencies in imports or option definitions as the root cause of infinite recursion errors in Nix
Verify attribute names, imports, and option paths to resolve 'attribute missing' errors in Nix configurations

Run nix fmt on changed Nix files after modifying modules

**/*.nix: Declare secrets in Nix using sops.secrets with the secret path as the key
Specify custom permissions for secrets using owner, group, and mode attributes in sops.secrets declarations
Use sops.templates to combine multiple secrets into configuration files with placeholders
Add restartUnits to secret declarations to automatically restart services when secrets change
Use empty `k...

Files:

• modules/nixos/shared/default.nix
• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• tests/lib.nix
• modules/nixos/server/proxy/kanidm.nix
• modules/nixos/desktop/default.nix
• modules/nixos/desktop/virtual-machine.nix
• home/shared/desktop/gnome/default.nix
• home/shared/applications/media.nix
• modules/nixos/server/default.nix
• flake/ci/flake-module.nix
• modules/nixos/laptop/default.nix
• flake/default.nix
• tests/mkNode.nix
• modules/nixos/server/tests.nix
• modules/nixos/shared/core/default.nix
• tests/default.nix

modules/nixos/**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/modules/SKILL.md)

Create NixOS modules at modules/nixos/<category>/<name>.nix with standard pattern including options definition, lib imports (mkEnableOption, mkOption, mkIf, types), config variable binding, and conditional config application using mkIf

Files:

• modules/nixos/shared/default.nix
• modules/nixos/server/proxy/kanidm.nix
• modules/nixos/desktop/default.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/server/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/server/tests.nix
• modules/nixos/shared/core/default.nix

modules/nixos/*/default.nix

📄 CodeRabbit inference engine (.opencode/skills/modules/SKILL.md)

Register NixOS modules in parent default.nix using imports list pattern: _: { imports = [ ./module-a.nix ./module-b.nix ]; }

Files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/server/default.nix
• modules/nixos/laptop/default.nix

modules/nixos/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Reusable NixOS module fragments should be placed in modules/nixos/ directory

Files:

• modules/nixos/shared/default.nix
• modules/nixos/server/proxy/kanidm.nix
• modules/nixos/desktop/default.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/server/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/server/tests.nix
• modules/nixos/shared/core/default.nix

modules/home-manager/**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/modules/SKILL.md)

modules/home-manager/**/*.nix: Create Home-Manager modules at modules/home-manager/<category>/<name>.nix with osConfig parameter support and conditional config application using mkIf
Use purpose.<category> namespace for use-case modules in Home-Manager modules
Use custom.<name> namespace for custom extensions in Home-Manager modules
Use user.<name> namespace for user-specific options in Home-Manager modules

Files:

• modules/home-manager/services/mcpo.nix

modules/home-manager/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Reusable Home-Manager module fragments should be placed in modules/home-manager/ directory

Files:

• modules/home-manager/services/mcpo.nix

lib/builders/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Custom system and home builders should be implemented in lib/builders/ directory with mkSystem.nix and mkHome.nix as entry points

Files:

• lib/builders/mkSystem.nix

modules/nixos/server/**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/modules/SKILL.md)

Use server.<name> namespace for server cluster options in NixOS modules

Files:

• modules/nixos/server/proxy/kanidm.nix
• modules/nixos/server/default.nix
• modules/nixos/server/tests.nix

home/**/*.nix

📄 CodeRabbit inference engine (.opencode/skills/contributing/SKILL.md)

Test at least one affected home configuration before submitting changes

Files:

• home/shared/desktop/gnome/default.nix
• home/shared/applications/media.nix

home/shared/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Shared Home-Manager configurations across all users should be placed in home/shared/ directory

Files:

• home/shared/desktop/gnome/default.nix
• home/shared/applications/media.nix

home/shared/desktop/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Shared desktop environment configurations should be in home/shared/desktop/

Files:

• home/shared/desktop/gnome/default.nix

home/shared/applications/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Shared application-specific Home-Manager configurations should be in home/shared/applications/

Files:

• home/shared/applications/media.nix

flake/ci/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

CI-specific flake definitions and scripts should be located in the flake/ci/ directory

Files:

• flake/ci/flake-module.nix

docs/src/**/*.md

📄 CodeRabbit inference engine (.opencode/skills/docs/SKILL.md)

docs/src/**/*.md: Create or update Markdown files in docs/src following the documentation workflow: analyze changes, identify impact on documentation files, draft content with underscore filenames, update docs/src/SUMMARY.md, and verify Nix code examples are valid
Keep documentation explanations concise and focus on why something is configured a certain way rather than just what the code does

Files:

• docs/src/modules/nixos/services.md
• docs/src/modules/nixos/desktop.md

docs/**

📄 CodeRabbit inference engine (.opencode/skills/project-structure/SKILL.md)

Project documentation should be maintained in the docs/ directory

Files:

• docs/src/modules/nixos/services.md
• docs/src/modules/nixos/desktop.md

🧠 Learnings (85)

📓 Common learnings

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/features/**/*.nix : User's feature modules should be organized in a `features/` directory within the user directory (`home/<username>/features/`)

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/** : Reusable NixOS module fragments should be placed in `modules/nixos/` directory

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Follow the standard module structure pattern with `config`, `lib`, `pkgs` destructuring, `let` bindings for module configuration, and `options`/`config` sections

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to hosts/shared/optional/** : Optional NixOS features (gaming, containers, etc.) should be organized in `hosts/shared/optional/`

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/**/*.nix : Create NixOS modules at `modules/nixos/<category>/<name>.nix` with standard pattern including options definition, lib imports (mkEnableOption, mkOption, mkIf, types), config variable binding, and conditional config application using mkIf

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to home/shared/features/** : Shared feature modules (CLI tools, features, etc.) should be in `home/shared/features/`

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/default.nix : Export module categories from top-level `modules/nixos/default.nix` as attribute set with structure: `{ boot = import ./boot; hardware = import ./hardware; services = import ./services; }`

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/default.nix : NixOS modules should be exported through `modules/nixos/default.nix`

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to flake/nixos/** : NixOS flake modules should be organized in the `flake/nixos/` directory

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/server/**/*.nix : Use `server.<name>` namespace for server cluster options in NixOS modules

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/*/default.nix : Register NixOS modules in parent `default.nix` using imports list pattern: `_: { imports = [ ./module-a.nix ./module-b.nix ]; }`

Applied to files:

• modules/nixos/shared/default.nix
• lib/builders/mkSystem.nix
• modules/nixos/desktop/default.nix
• modules/nixos/server/default.nix
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/default.nix : NixOS modules should be exported through `modules/nixos/default.nix`

Applied to files:

• modules/nixos/shared/default.nix
• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• modules/nixos/desktop/default.nix
• modules/nixos/server/default.nix
• docs/src/modules/nixos/services.md
• modules/nixos/laptop/default.nix
• tests/mkNode.nix
• modules/nixos/shared/core/default.nix
• docs/src/modules/nixos/desktop.md
• tests/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/default.nix : Export module categories from top-level `modules/nixos/default.nix` as attribute set with structure: `{ boot = import ./boot; hardware = import ./hardware; services = import ./services; }`

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/server/default.nix
• docs/src/modules/nixos/services.md
• modules/nixos/laptop/default.nix
• tests/mkNode.nix
• modules/nixos/server/tests.nix
• modules/nixos/shared/core/default.nix
• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/home-manager/*/default.nix : Register Home-Manager modules in parent `default.nix` using imports list pattern

Applied to files:

• modules/nixos/shared/default.nix
• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• modules/nixos/desktop/default.nix
• modules/nixos/server/default.nix
• docs/src/modules/nixos/services.md
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix
• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Prefer relative imports over absolute imports (e.g., `./modules/foo.nix`)

Applied to files:

• modules/nixos/shared/default.nix
• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• modules/nixos/desktop/default.nix
• modules/nixos/server/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/home-manager/default.nix : Home-Manager modules should be exported through `modules/home-manager/default.nix`

Applied to files:

• modules/nixos/shared/default.nix
• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• modules/nixos/desktop/default.nix
• docs/src/modules/nixos/services.md
• modules/nixos/laptop/default.nix
• tests/mkNode.nix
• modules/nixos/shared/core/default.nix
• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Prefer relative imports (e.g., `./modules/foo.nix`) over absolute paths

Applied to files:

• modules/nixos/shared/default.nix
• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{server,desktop,laptop}/*/default.nix : Host `default.nix` files must import `${modulesPath}/virtualisation/proxmox-lxc.nix` for LXC containers or `./hardware.nix` for physical machines

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix
• tests/mkNode.nix
• docs/src/modules/nixos/desktop.md
• tests/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/services/**/*.nix : Use `services.<name>` namespace for system services in NixOS modules

Applied to files:

• modules/nixos/shared/default.nix
• modules/home-manager/services/mcpo.nix
• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:26:51.425Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to **/*.nix : Check for infinite recursion by examining recent changes for circular imports between modules or option definitions that reference themselves

Applied to files:

• modules/nixos/shared/default.nix
• lib/builders/mkSystem.nix
• modules/nixos/server/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Avoid hardcoded paths that should be configurable options

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/virtual-machine.nix
• home/shared/applications/media.nix
• modules/nixos/server/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Group imports at the top of the file and use list format for multiple imports

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Ensure all used functions are properly inherited to avoid circular imports and hidden dependencies

Applied to files:

• modules/nixos/shared/default.nix
• tests/lib.nix
• modules/nixos/desktop/default.nix
• home/shared/desktop/gnome/default.nix
• home/shared/applications/media.nix
• modules/nixos/server/default.nix
• modules/nixos/laptop/default.nix
• tests/mkNode.nix

📚 Learning: 2026-03-01T12:26:01.611Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/packages/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:01.611Z
Learning: Applies to overlays/default.nix : Expose custom packages via overlays/default.nix by importing the pkgs directory with inputs, lib, and pkgs parameters

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Group imports at the top of the Nix file and use list format for multiple imports

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Follow the standard module structure pattern with `config`, `lib`, `pkgs` destructuring, `let` bindings for module configuration, and `options`/`config` sections

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/server/default.nix
• docs/src/modules/nixos/services.md
• modules/nixos/server/tests.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Use camelCase for Nix option paths (e.g., `services.myService.enable`)

Applied to files:

• modules/nixos/shared/default.nix
• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Ensure all required options are defined before use in configuration blocks

Applied to files:

• modules/nixos/shared/default.nix
• modules/nixos/server/default.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:41.504Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/hm-config.nix : Import shared user configurations from `home/shared/` directories in user configs: use `../shared/global/` for configs applied to all users, `../shared/applications/` for application configs, `../shared/desktop/` for desktop environment configs, and `../shared/features/cli/` for CLI tool configurations

Applied to files:

• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• modules/nixos/desktop/default.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Use `let` bindings with `inherit` for importing functions from libraries (e.g., `inherit (lib) mkIf mkEnableOption`)

Applied to files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:01.611Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/packages/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:01.611Z
Learning: Applies to pkgs/*/default.nix : For multi-output packages, use a let binding to define multiple outputs and register them with inherit syntax in pkgs/default.nix

Applied to files:

• modules/home-manager/services/mcpo.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Always use `inherit` to bring functions and values into scope instead of manual assignment

Applied to files:

• modules/home-manager/services/mcpo.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Physical hardware configurations should import appropriate modules from `inputs.nixos-hardware` (e.g., CPU, SSD, GPU modules) in `hardware.nix`

Applied to files:

• modules/home-manager/services/mcpo.nix
• lib/builders/mkSystem.nix
• modules/nixos/desktop/default.nix
• modules/nixos/desktop/virtual-machine.nix
• flake/ci/flake-module.nix
• modules/nixos/laptop/default.nix
• tests/mkNode.nix
• modules/nixos/shared/core/default.nix
• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Follow the standard NixOS module structure pattern with config, lib, pkgs parameters and proper `let`/`in` blocks

Applied to files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/host/**/*.nix : Use `host.<name>` namespace for host-specific options in NixOS modules

Applied to files:

• modules/home-manager/services/mcpo.nix
• modules/nixos/desktop/virtual-machine.nix
• docs/src/modules/nixos/services.md
• tests/mkNode.nix
• modules/nixos/server/tests.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to lib/builders/** : Custom system and home builders should be implemented in `lib/builders/` directory with `mkSystem.nix` and `mkHome.nix` as entry points

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:27:25.837Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/test.md:0-0
Timestamp: 2026-03-01T12:27:25.837Z
Learning: For changes affecting only hosts, build at least one affected host configuration using 'nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel'

Applied to files:

• lib/builders/mkSystem.nix
• flake/ci/flake-module.nix

📚 Learning: 2026-03-01T12:26:41.504Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/hm-config.nix : Create `hm-config.nix` in `home/<username>/` as the main Home-Manager entry point containing shared configuration across all hosts for that user

Applied to files:

• lib/builders/mkSystem.nix
• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/home-manager/**/*.nix : Use `user.<name>` namespace for user-specific options in Home-Manager modules

Applied to files:

• lib/builders/mkSystem.nix
• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:26:41.504Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/features/**/*.nix : User's feature modules should be organized in a `features/` directory within the user directory (`home/<username>/features/`)

Applied to files:

• lib/builders/mkSystem.nix
• modules/nixos/laptop/default.nix

📚 Learning: 2026-03-01T12:26:41.504Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/users/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:41.504Z
Learning: Applies to home/*/[!.]*@(hm-config|os-config|secrets).nix : Create host-specific configuration files named `<hostname>.nix` in the user directory (`home/<username>/<hostname>.nix`), containing Home-Manager configuration with user-specific git settings, imports of shared features, and host-specific customizations

Applied to files:

• lib/builders/mkSystem.nix
• flake/default.nix

📚 Learning: 2026-03-01T12:26:25.327Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/secrets/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:25.327Z
Learning: Applies to **/*.nix : Declare secrets in Nix using `sops.secrets` with the secret path as the key

Applied to files:

• lib/builders/mkSystem.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Hardware configurations must define filesystem mount points with device labels and filesystem types (e.g., `fileSystems./`)

Applied to files:

• modules/nixos/desktop/virtual-machine.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Verify option type definitions match their usage and configuration values

Applied to files:

• modules/nixos/desktop/virtual-machine.nix
• flake/default.nix

📚 Learning: 2026-03-01T12:26:51.425Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to **/*.nix : Verify type mismatches by checking option type definitions and the value being provided in NixOS options

Applied to files:

• modules/nixos/desktop/virtual-machine.nix

📚 Learning: 2026-03-01T12:24:38.213Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/debugging/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:38.213Z
Learning: Applies to **/*.nix : Verify attribute names, imports, and option paths to resolve 'attribute missing' errors in Nix configurations

Applied to files:

• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/server/default.nix
• flake/default.nix
• tests/mkNode.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to hosts/{desktop,laptop,server}/** : Per-machine NixOS configurations should be organized in `hosts/<type>/<hostname>/` where type is desktop, laptop, or server

Applied to files:

• modules/nixos/desktop/virtual-machine.nix
• flake/ci/flake-module.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to hosts/{desktop,laptop,server}/*/default.nix : Host system configurations should follow the pattern `hosts/<type>/<hostname>/default.nix`

Applied to files:

• modules/nixos/desktop/virtual-machine.nix
• flake/ci/flake-module.nix
• tests/mkNode.nix
• docs/src/modules/nixos/desktop.md
• tests/default.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Use camelCase for Nix attributes (e.g., `myOption`, `enableFeature`)

Applied to files:

• modules/nixos/desktop/virtual-machine.nix

📚 Learning: 2026-03-01T12:24:29.910Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/contributing/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:29.910Z
Learning: Applies to **/*.nix : Run `nix fmt` to format code before submitting changes

Applied to files:

• home/shared/desktop/gnome/default.nix
• home/shared/applications/media.nix

📚 Learning: 2026-03-01T12:27:25.837Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/test.md:0-0
Timestamp: 2026-03-01T12:27:25.837Z
Learning: Applies to **/*.nix : Always ensure formatting is correct by running 'nix fmt' on changed files

Applied to files:

• home/shared/desktop/gnome/default.nix
• home/shared/applications/media.nix

📚 Learning: 2026-03-01T12:26:51.425Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to **/*.nix : Run `nix fmt <changed-files>` to fix Nix formatting failures in CI checks

Applied to files:

• home/shared/desktop/gnome/default.nix
• home/shared/applications/media.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to **/*.nix : Run `nix fmt` on changed Nix files after modifying modules

Applied to files:

• home/shared/desktop/gnome/default.nix
• home/shared/applications/media.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Code MUST pass `nix fmt` formatting validation

Applied to files:

• home/shared/desktop/gnome/default.nix
• home/shared/applications/media.nix
• modules/nixos/server/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Remove unused let bindings

Applied to files:

• home/shared/desktop/gnome/default.nix
• home/shared/applications/media.nix

📚 Learning: 2026-03-01T12:24:22.881Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/code-style/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:22.881Z
Learning: Applies to **/*.nix : Run `nix fmt <paths...>` after making any changes to ensure consistent formatting

Applied to files:

• home/shared/desktop/gnome/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Use intermediate bindings instead of deeply nested attribute access for improved readability

Applied to files:

• home/shared/desktop/gnome/default.nix
• home/shared/applications/media.nix
• modules/nixos/server/default.nix

📚 Learning: 2026-03-01T12:24:29.910Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/contributing/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:29.910Z
Learning: Applies to home/**/*.nix : Test at least one affected home configuration before submitting changes

Applied to files:

• home/shared/desktop/gnome/default.nix
• home/shared/applications/media.nix
• modules/nixos/server/default.nix
• flake/ci/flake-module.nix
• flake/default.nix
• tests/mkNode.nix
• tests/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/server/**/*.nix : Use `server.<name>` namespace for server cluster options in NixOS modules

Applied to files:

• modules/nixos/server/default.nix
• docs/src/modules/nixos/services.md
• tests/mkNode.nix
• modules/nixos/server/tests.nix
• tests/default.nix

📚 Learning: 2026-03-01T12:26:31.937Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/testing/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:31.937Z
Learning: Run `nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel` to test a host configuration

Applied to files:

• modules/nixos/server/default.nix
• flake/ci/flake-module.nix
• tests/mkNode.nix
• tests/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{server,desktop,laptop}/*/default.nix : Each host requires a `default.nix` file as the main configuration entry point

Applied to files:

• modules/nixos/server/default.nix
• tests/mkNode.nix
• docs/src/modules/nixos/desktop.md
• tests/default.nix

📚 Learning: 2026-03-01T12:27:29.965Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-03-01T12:27:29.965Z
Learning: Applies to **/*.nix : All affected configurations MUST be tested before completing any task, using the test agent and testing skill to identify affected configurations

Applied to files:

• modules/nixos/server/default.nix
• flake/ci/flake-module.nix
• tests/default.nix

📚 Learning: 2026-03-01T12:24:29.910Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/contributing/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:29.910Z
Learning: Applies to hosts/**/*.nix : Test at least one affected host configuration before submitting changes

Applied to files:

• modules/nixos/server/default.nix
• flake/ci/flake-module.nix
• tests/default.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to flake.nix : Top-level flake definitions and inputs/outputs configuration should be placed in `flake.nix`

Applied to files:

• flake/ci/flake-module.nix
• flake/default.nix

📚 Learning: 2026-03-01T12:27:25.837Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/test.md:0-0
Timestamp: 2026-03-01T12:27:25.837Z
Learning: For flake.nix or flake.lock changes, run a full flake check in addition to building representative configs

Applied to files:

• flake/ci/flake-module.nix
• flake/default.nix

📚 Learning: 2026-03-01T12:24:29.910Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/contributing/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:29.910Z
Learning: Applies to {flake.nix,flake.lock} : Run `nix flake check` (with devenv-root override) before submitting changes

Applied to files:

• flake/ci/flake-module.nix
• flake/default.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to flake/nixos/** : NixOS flake modules should be organized in the `flake/nixos/` directory

Applied to files:

• flake/ci/flake-module.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to flake/nixos/flake-module.nix : For CUDA or ROCm hardware acceleration support, register the host in `flake/nixos/flake-module.nix` under the appropriate `accelerationHosts` category

Applied to files:

• flake/ci/flake-module.nix

📚 Learning: 2026-03-01T12:26:51.425Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to flake.nix : Use `./flake/ci/detect-affected-outputs.nu nixosConfigurations --json` and `./flake/ci/detect-affected-outputs.nu homeConfigurations --json` to identify which outputs are affected by dirty files in CI

Applied to files:

• flake/ci/flake-module.nix
• flake/default.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Host auto-discovery scans `hosts/` for subdirectories, filters out `shared/` and `secrets.yaml`, and automatically registers each as a nixosConfiguration

Applied to files:

• flake/ci/flake-module.nix

📚 Learning: 2026-03-01T12:26:51.425Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to **/*.nix : Use `nix eval .#nixosConfigurations.<host>.config.system.build.toplevel --apply 'x: "ok"'` to check if Nix expressions evaluate correctly

Applied to files:

• flake/ci/flake-module.nix
• flake/default.nix
• tests/default.nix

📚 Learning: 2026-03-01T12:24:15.388Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/building/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:15.388Z
Learning: Build a host's NixOS system using `nix build .#nixosConfigurations.<host>.config.system.build.toplevel`

Applied to files:

• flake/ci/flake-module.nix
• tests/mkNode.nix

📚 Learning: 2026-03-01T12:27:16.409Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/security.md:0-0
Timestamp: 2026-03-01T12:27:16.409Z
Learning: Applies to **/*.nix : Apply systemd hardening options (DynamicUser, ProtectSystem, ProtectHome, PrivateTmp, NoNewPrivileges, CapabilityBoundingSet, RestrictNamespaces, RestrictRealtime, RestrictSUIDSGID, MemoryDenyWriteExecute, LockPersonality) to service definitions

Applied to files:

• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to hosts/shared/optional/** : Optional NixOS features (gaming, containers, etc.) should be organized in `hosts/shared/optional/`

Applied to files:

• docs/src/modules/nixos/services.md
• modules/nixos/laptop/default.nix
• modules/nixos/shared/core/default.nix
• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/home-manager/**/*.nix : Create Home-Manager modules at `modules/home-manager/<category>/<name>.nix` with osConfig parameter support and conditional config application using mkIf

Applied to files:

• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/home-manager/**/*.nix : Use `custom.<name>` namespace for custom extensions in Home-Manager modules

Applied to files:

• docs/src/modules/nixos/services.md

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/**/*.nix : Create NixOS modules at `modules/nixos/<category>/<name>.nix` with standard pattern including options definition, lib imports (mkEnableOption, mkOption, mkIf, types), config variable binding, and conditional config application using mkIf

Applied to files:

• docs/src/modules/nixos/services.md
• tests/mkNode.nix
• modules/nixos/server/tests.nix
• modules/nixos/shared/core/default.nix

📚 Learning: 2026-03-01T12:26:51.425Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to flake.{nix,lock} : Verify `flake.lock` conflicts by checking if inputs were updated and ensuring compatibility between updated inputs

Applied to files:

• flake/default.nix

📚 Learning: 2026-03-01T12:24:38.213Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/debugging/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:38.213Z
Learning: Use `nix flake check --no-build` to verify flake syntax validity without building

Applied to files:

• flake/default.nix

📚 Learning: 2026-03-01T12:26:31.937Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/testing/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:31.937Z
Learning: Run `nix flake check --override-input devenv-root "file+file://$PWD/.devenv/root"` to perform a full flake check

Applied to files:

• flake/default.nix

📚 Learning: 2026-03-01T12:24:15.388Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/building/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:15.388Z
Learning: Use `nix flake check` to evaluate all configurations and run linters

Applied to files:

• flake/default.nix

📚 Learning: 2026-03-01T12:27:25.837Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/test.md:0-0
Timestamp: 2026-03-01T12:27:25.837Z
Learning: Use 'nix eval .#homeConfigurations --apply "builtins.attrNames"' to list available home configurations

Applied to files:

• flake/default.nix

📚 Learning: 2026-03-01T12:27:25.837Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/test.md:0-0
Timestamp: 2026-03-01T12:27:25.837Z
Learning: Use 'nix eval .#nixosConfigurations --apply "builtins.attrNames"' to list available host configurations

Applied to files:

• flake/default.nix
• tests/mkNode.nix

📚 Learning: 2026-03-01T12:26:51.425Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to **/*.nix : Use `nix eval .#nixosConfigurations.<host>.config.services --apply 'builtins.attrNames'` to diagnose 'attribute not found' errors by listing available attributes

Applied to files:

• flake/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Always use `mkIf` guards on config sections that are conditionally applied

Applied to files:

• flake/default.nix

📚 Learning: 2026-03-01T12:26:51.425Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/ci-failure.md:0-0
Timestamp: 2026-03-01T12:26:51.425Z
Learning: Applies to **/*.nix : When a new module isn't being found, verify the imports list in the parent module, check that the file path is correct (use kebab-case), and ensure the module is syntactically valid

Applied to files:

• tests/mkNode.nix

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/server/*/default.nix : Server hosts must set `host.device.isHeadless = true` in their configuration

Applied to files:

• tests/mkNode.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to modules/nixos/** : Reusable NixOS module fragments should be placed in `modules/nixos/` directory

Applied to files:

• modules/nixos/server/tests.nix

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to pkgs/default.nix : Custom packages should export their definitions through `pkgs/default.nix`

Applied to files:

• modules/nixos/shared/core/default.nix
• tests/default.nix

📚 Learning: 2026-03-01T12:27:02.914Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/agent/nix-review.md:0-0
Timestamp: 2026-03-01T12:27:02.914Z
Learning: Applies to **/*.nix : Use `mkDefault`, `mkForce`, and `mkOverride` correctly to control option priority

Applied to files:

• modules/nixos/shared/core/default.nix
• tests/default.nix

📚 Learning: 2026-03-01T12:25:06.603Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/modules/SKILL.md:0-0
Timestamp: 2026-03-01T12:25:06.603Z
Learning: Applies to modules/nixos/hardware/**/*.nix : Use `hardware.<name>` namespace for hardware configuration in NixOS modules

Applied to files:

• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:24:57.319Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/hosts/SKILL.md:0-0
Timestamp: 2026-03-01T12:24:57.319Z
Learning: Applies to hosts/{desktop,laptop}/*/hardware.nix : Physical host machines (desktops/laptops) must include a `hardware.nix` file with hardware-specific configuration

Applied to files:

• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:26:14.740Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/project-structure/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:14.740Z
Learning: Applies to home/shared/desktop/** : Shared desktop environment configurations should be in `home/shared/desktop/`

Applied to files:

• docs/src/modules/nixos/desktop.md

📚 Learning: 2026-03-01T12:26:01.610Z

Learnt from: CR
Repo: DaRacci/nix-config PR: 0
File: .opencode/skills/packages/SKILL.md:0-0
Timestamp: 2026-03-01T12:26:01.610Z
Learning: Applies to pkgs/*/default.nix : Each package should have its own directory under pkgs/ with a default.nix file containing the package definition

Applied to files:

• tests/default.nix

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Describe RGB and VFIO as opt-in features.

modules/nixos/desktop/rgb.nix:25-42 and modules/nixos/desktop/vfio.nix:50-91 both gate their config behind mkIf cfg.enable. The current wording reads as if every desktop gets those features by default, which misstates what modules/nixos/desktop/default.nix actually does.

✏️ Suggested wording

-The primary purpose of this module is to bundle common desktop-related services and configurations that should be present on all workstations, such as display managers, remote access tools, and hardware features like RGB lighting and VFIO passthrough.
+The primary purpose of this module is to bundle common desktop-related services and configurations for workstations, and to expose optional hardware features such as RGB lighting and VFIO passthrough.

-- **RGB Lighting**: Configured via `./rgb.nix` — OpenRGB-based hardware lighting control.
-- **VFIO Passthrough**: Configured via `./vfio.nix` — GPU/device passthrough for virtual machines.
+- **RGB Lighting**: Optional via `./rgb.nix` — OpenRGB-based hardware lighting control.
+- **VFIO Passthrough**: Optional via `./vfio.nix` — GPU/device passthrough for virtual machines.

Also applies to: 17-18

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/src/modules/nixos/desktop.md` around lines 7 - 8, The docs currently
imply RGB and VFIO are enabled by default; update the desktop.md wording to
state these are opt-in features and are only enabled when their config flag is
set (they are gated with mkIf cfg.enable in the rgb.nix and vfio.nix modules),
and clarify how modules/nixos/desktop/default.nix composes those modules rather
than enabling them globally; change the two spots called out to mention "opt-in
via cfg.enable" and mirror the suggested wording.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Type change is reasonable, but consider documenting expected structure.

Using types.attrsOf types.anything provides flexibility for arbitrary mount configurations, but it bypasses type validation entirely. Consider adding documentation or examples in the description to clarify the expected attribute structure for mounts.

📝 Suggested improvement for documentation

         mounts = mkOption {
           type = types.attrsOf types.anything;
           default = { };
-          description = "The mounts to attach to the guest.";
+          description = ''
+            The mounts to attach to the guest.
+
+            Example:
+            ```nix
+            {
+              "/host/path" = { target = "/guest/path"; readonly = false; };
+            }
+            ```
+          '';
         };

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	mounts = mkOption {
	type = types;
	type = types.attrsOf types.anything;
	default = { };
	description = "The mounts to attach to the guest.";
	};
	mounts = mkOption {
	type = types.attrsOf types.anything;
	default = { };
	description = ''
	The mounts to attach to the guest.
	Example:

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/desktop/virtual-machine.nix` around lines 92 - 96, The mounts
option currently uses mkOption with type = types.attrsOf types.anything which
removes validation; update the description for the mounts option (the mkOption
named "mounts") to document the expected attribute structure and provide a
concrete example showing host-path keys mapping to attrs including target and
readonly (e.g. host path -> { target = "/guest/path"; readonly = false; }) so
users know the required fields and shape; keep the existing type but make the
description clear and copyable for users.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify whether the repo defines a non-standard `lib.type` alias.
rg -n -C2 --type=nix '\binherit\s+\(lib\)\s+type\b|\blib\.type\b|\btype\s*=\s*types\b'

Repository: DaRacci/nix-config

Length of output: 11299

---

Import the module types from lib.types.

The NixOS module type helpers live under lib.types. The pattern inherit (lib) type will fail because lib.type does not exist in the standard NixOS library, leaving submodule, attrsOf, either, and other type helpers unresolved. This module will fail during evaluation.

Suggested fix

 let
-  inherit (lib) type mkOption mkEnableOption;
-  inherit (type) submodule attrsOf either listOf str bool functionTo;
+  inherit (lib) mkEnableOption mkOption;
+  inherit (lib.types) attrsOf bool either functionTo listOf str submodule;
 in {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/server/tests.nix` around lines 10 - 11, The module is
incorrectly inheriting type helpers from lib (which has no .type); update the
inherits to pull from lib.types so the NixOS module type helpers are resolved:
change the first inherit to reference lib.types when bringing in type, mkOption
and mkEnableOption, and change the second inherit to reference lib.types for
submodule, attrsOf, either, listOf, str, bool, functionTo (or alternatively only
import type once and then inherit (type) ...), ensuring mkOption,
mkEnableOption, submodule, attrsOf, either, listOf, str, bool, and functionTo
come from lib.types.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Inspect how `attrsOf (submodule ...)` options are declared elsewhere in the repo.
rg -n -C4 --type=nix 'attrsOf\s*\(submodule'

Repository: DaRacci/nix-config

Length of output: 5820

---

Wrap server.tests.units in mkOption.

Inside options, this assigns a raw type instead of an option declaration. The module system requires mkOption/mkEnableOption values, and all other similar attrsOf (submodule ...) declarations in the codebase (metrics.nix, mcpo.nix, virtual-machine.nix, dashboard.nix, etc.) follow this pattern. The units option will not evaluate correctly without wrapping it in mkOption with the type as an argument.

Suggested fix

-      units = attrsOf (submodule ({ name, ... }: {
-        options = {
-          name = mkOption {
-            type = str;
-            default = name;
-            description = ''
-              The name to give to this unit test.
-              This is used to enter into a subtest within the testScript of the cluster test.
-            '';
-          };
-
-          testScript = mkOption {
-            type = either str (functionTo str);
-            description = ''
-              Python code to be ran within the subtest for this unit.
-
-              If this is a function with one argument of this nodes config.
-              If this is a function with two arguments, the second argument is the entire cluster configuration.
-            '';
-          };
-        };
-      }));
+      units = mkOption {
+        type = attrsOf (submodule ({ name, ... }: {
+          options = {
+            name = mkOption {
+              type = str;
+              default = name;
+              description = ''
+                The name to give to this unit test.
+                This is used to enter into a subtest within the testScript of the cluster test.
+              '';
+            };
+
+            testScript = mkOption {
+              type = either str (functionTo str);
+              description = ''
+                Python code to be ran within the subtest for this unit.
+
+                If this is a function with one argument of this nodes config.
+                If this is a function with two arguments, the second argument is the entire cluster configuration.
+              '';
+            };
+          };
+        }));
+        default = { };
+      };

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	units = attrsOf (submodule ({ name, ... }: {
	options = {
	name = mkOption {
	type = str;
	default = name;
	description = ''
	The name to give to this unit test.
	This is used to enter into a subtest within the testScript of the cluster test.
	'';
	};
	testScript = mkOption {
	type = either str (functionTo str);
	description = ''
	Python code to be ran within the subtest for this unit.
	If this is a function with one argument of this nodes config.
	If this is a function with two arguments, the second argument is the entire cluster configuration.
	'';
	};
	};
	}));
	units = mkOption {
	type = attrsOf (submodule ({ name, ... }: {
	options = {
	name = mkOption {
	type = str;
	default = name;
	description = ''
	The name to give to this unit test.
	This is used to enter into a subtest within the testScript of the cluster test.
	'';
	};
	testScript = mkOption {
	type = either str (functionTo str);
	description = ''
	Python code to be ran within the subtest for this unit.
	If this is a function with one argument of this nodes config.
	If this is a function with two arguments, the second argument is the entire cluster configuration.
	'';
	};
	};
	}));
	default = { };
	};

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/server/tests.nix` around lines 17 - 38, The options declaration
for server.tests.units currently assigns a raw attrsOf (submodule ...) value
instead of an option; wrap the whole attrsOf (submodule ({ name, ... }: { ...
})) expression in mkOption so server.tests.units is an actual Nix option.
Specifically, replace the bare units = attrsOf (...) with units = mkOption
(attrsOf (submodule ({ name, ... }: { options = { ... } }))) (or equivalent
mkOption form), keeping the same inner options (name, testScript) to match other
modules (metrics.nix, mcpo.nix, virtual-machine.nix, dashboard.nix) that use
mkOption for units.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -e
echo '== tests/mkNode.nix =='
sed -n '1,80p' tests/mkNode.nix
echo
echo '== lib/builders/mkSystem.nix =='
sed -n '30,70p' lib/builders/mkSystem.nix

Repository: DaRacci/nix-config

Length of output: 1518

---

Build each test node from the real host module stack.

The test node only imports modules/flake/apply/system.nix, whilst the production builder (lib/builders/mkSystem.nix) includes all nixos modules, device-type modules, the host directory, and shared configuration modules. The cluster test will pass with near-empty VMs, failing to validate actual server configurations.

Either include the full module stack or reuse lib/builders/mkSystem.nix to ensure test parity with production builds.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/mkNode.nix` around lines 7 - 11, The test node import currently uses
only modules/flake/apply/system.nix causing tests to build minimal VMs; update
the imports to build test nodes with the full production module stack by either
reusing the existing builder lib/builders/mkSystem.nix or by expanding the
imports to include the NixOS modules, device-type modules, host directory and
shared config modules (preserve existing attributes like allocations, hostName
and deviceType). Locate the imports block that references
modules/flake/apply/system.nix and replace it with a call to
lib/builders/mkSystem.nix (or mirror its module list) so test VMs are built the
same way as production.

[coderabbitai]

Actionable comments posted: 6

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

modules/nixos/desktop/virtual-machine.nix (1)

74-74: ⚠️ Potential issue | 🔴 Critical

mkDoc is not a standard lib function — this will cause evaluation failure.

The mkDoc function used here does not exist in nixpkgs.lib. This will throw an "attribute 'mkDoc' missing" error during evaluation. Use a plain string instead.

🐛 Proposed fix

-            description = mkDoc "The percentage of maxMemory to reserve for the host.";
+            description = "The percentage of maxMemory to reserve for the host.";

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/desktop/virtual-machine.nix` at line 74, The description
attribute for the virtual machine option uses a non-existent mkDoc function
which will break evaluation; replace the use of mkDoc in the description
assignment (the line containing description = mkDoc "The percentage of maxMemory
to reserve for the host."; ) with a plain string literal (e.g. description =
"The percentage of maxMemory to reserve for the host.";), ensuring no mkDoc
references remain in the virtual-machine.nix option definition.

modules/nixos/shared/core/printing.nix (1)

16-21: ⚠️ Potential issue | 🟠 Major

Wrap the enable assignment with lib.mkDefault for consistency with other custom.core toggles.

The custom.core.audio, custom.core.bluetooth, and custom.core.network options in default.nix define their defaults at the option level (lines 34–53). However, custom.core.printing.enable lacks a default in its option definition and instead assigns its value in the config section (line 18) without mkDefault. This creates an inconsistency: if a host-level configuration sets custom.core.printing.enable without using mkDefault, both the module and host assignment would be at priority 100, causing a merge conflict. Wrap the assignment in lib.mkDefault to allow host-level overrides to take precedence and align with NixOS module conventions.

Suggested fix

  config = mkMerge [
    {
-      custom.core.printing.enable = config.host.device.role != "server" && !config.host.device.isVirtual;
+      custom.core.printing.enable = lib.mkDefault (
+        config.host.device.role != "server" && !config.host.device.isVirtual
+      );
    }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/shared/core/printing.nix` around lines 16 - 21, The
config-level assignment for custom.core.printing.enable should be wrapped with
lib.mkDefault to match other custom.core toggles; update the config = mkMerge
block where custom.core.printing.enable is set (currently using
config.host.device.role != "server" && !config.host.device.isVirtual) to instead
call lib.mkDefault(...) so host-level overrides win and avoid merge-priority
conflicts with option-level defaults (see related symbols:
custom.core.printing.enable, lib.mkDefault, config = mkMerge, cfg.enable).

♻️ Duplicate comments (2)

modules/nixos/server/tests.nix (2)

10-11: ⚠️ Potential issue | 🔴 Critical

Import type helpers from lib.types, not lib.type.

Line 10 and Line 11 currently pull types from lib.type, which will fail evaluation in standard NixOS modules.

Proposed fix

 let
-  inherit (lib) type mkOption mkEnableOption;
-  inherit (type) submodule attrsOf either listOf str bool functionTo;
+  inherit (lib) mkEnableOption mkOption;
+  inherit (lib.types) attrsOf bool either functionTo listOf str submodule;
 in {

#!/bin/bash
# Verify current type-helper imports and whether any custom lib.type alias exists.
rg -n -C2 --type=nix '\binherit\s+\(lib\)\s+type\b|\blib\.type\b|\blib\.types\b'

Based on learnings: Verify attribute names, imports, and option paths to resolve attribute-missing errors in Nix configurations.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/server/tests.nix` around lines 10 - 11, The module is importing
type helpers from lib.type which is incorrect; change the imports to use
lib.types so the type helpers (mkOption, mkEnableOption, submodule, attrsOf,
either, listOf, str, bool, functionTo) are pulled from lib.types instead of
lib.type and update both inherit statements accordingly to reference lib.types.

---

17-38: ⚠️ Potential issue | 🔴 Critical

Wrap server.tests.units in mkOption.

Line 17 assigns a raw type under options; this needs to be an option declaration to evaluate correctly in the module system.

Proposed fix

-      units = attrsOf (submodule ({ name, ... }: {
-        options = {
-          name = mkOption {
-            type = str;
-            default = name;
-            description = ''
-              The name to give to this unit test.
-              This is used to enter into a subtest within the testScript of the cluster test.
-            '';
-          };
-
-          testScript = mkOption {
-            type = either str (functionTo str);
-            description = ''
-              Python code to be ran within the subtest for this unit.
-
-              If this is a function with one argument of this nodes config.
-              If this is a function with two arguments, the second argument is the entire cluster configuration.
-            '';
-          };
-        };
-      }));
+      units = mkOption {
+        type = attrsOf (submodule ({ name, ... }: {
+          options = {
+            name = mkOption {
+              type = str;
+              default = name;
+              description = ''
+                The name to give to this unit test.
+                This is used to enter into a subtest within the testScript of the cluster test.
+              '';
+            };
+
+            testScript = mkOption {
+              type = either str (functionTo str);
+              description = ''
+                Python code to be ran within the subtest for this unit.
+
+                If this is a function with one argument of this nodes config.
+                If this is a function with two arguments, the second argument is the entire cluster configuration.
+              '';
+            };
+          };
+        }));
+        default = { };
+      };

#!/bin/bash
# Verify how attrsOf/submodule options are declared in this repo and in this file.
rg -n -C3 --type=nix 'attrsOf\s*\(submodule|units\s*=\s*mkOption|units\s*=\s*attrsOf'

As per coding guidelines, follow the standard NixOS module structure pattern with proper options declarations.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/server/tests.nix` around lines 17 - 38, The block assigning
server.tests.units uses attrsOf(submodule(...)) directly under options instead
of declaring it as an option; wrap the entire units value in a mkOption so it
becomes a proper NixOS option declaration. Specifically, change the declaration
of server.tests.units (the attrsOf(submodule({...}) value that defines options
name and testScript) to be returned from mkOption with appropriate type (e.g.,
attrsOf _ or an attributeset of submodules) and include its existing nested
options (name, testScript) as the option's documentation/type; ensure references
to attrsOf, submodule, and the nested options name and testScript remain intact
while replacing the raw value with mkOption(...) so the module system evaluates
it correctly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@flake/ci/flake-module.nix`:
- Line 28: The partition allocations accessor is incorrect: change the inherited
path from config.partitions.nixos.module.allocations to
config.partitions.nixos.allocations; locate the inherit statement that
references (config.partitions.nixos.module) allocations and update it to inherit
from (config.partitions.nixos) allocations so it matches how the flake module is
merged and aligns with other accessors like config.partitions.docs.extraInputs.

In `@modules/home-manager/services/mcpo.nix`:
- Line 11: The import in modules/home-manager/services/mcpo.nix currently uses
the `${self}`-style absolute path in the expression `(import
"${self}/modules/nixos/shared/services/mcpo.nix" {` — replace that with a
file-relative import (e.g., `./modules/nixos/shared/services/mcpo.nix`) to
follow repo conventions; update the import expression in the same file by
changing the path string to the relative path so the module is loaded relative
to modules/home-manager/services/mcpo.nix rather than via `${self}`.

In `@modules/nixos/server/tests.nix`:
- Around line 13-42: The server.tests options are declared but never used;
update the test harness (tests/default.nix) to read the evaluated host config's
server.tests.* and build a composite testScript passed to runNixOSTest: iterate
over server.tests.units, call each unit's testScript (handling both string and
function signatures—1-arg node config or 2-arg node+cluster config) to produce
the per-host subtests, and respect server.tests.enable to skip wiring when
disabled; ensure the evaluated host config is threaded into the harness so
testScript functions receive the proper node/cluster args before invoking
runNixOSTest.

In `@modules/nixos/shared/core/default.nix`:
- Around line 58-62: Update the custom.defaultGroups list to use the correct
NetworkManager group name and avoid adding non-existent PipeWire group: replace
any occurrence of "network" in custom.defaultGroups with "networkmanager", and
only append "pipewire" to custom.defaultGroups when services.pipewire.systemWide
is true (guard the addition with that condition); apply the same change for the
other occurrence of custom.defaultGroups later in the file (the second block
around lines referenced in the review).

In `@tests/default.nix`:
- Line 24: Fix the typo in the comment string "Wait for all nodes to each
multi-user.target" by changing "each" to "reach" so it reads "Wait for all nodes
to reach multi-user.target"; update the comment where that exact phrase appears
to correct the wording.
- Line 12: The import binding testLib in tests/default.nix is unused; remove the
unused import statement (the line defining testLib = import ./lib.nix;) so the
file no longer creates an unused symbol and to avoid lint warnings.

---

Outside diff comments:
In `@modules/nixos/desktop/virtual-machine.nix`:
- Line 74: The description attribute for the virtual machine option uses a
non-existent mkDoc function which will break evaluation; replace the use of
mkDoc in the description assignment (the line containing description = mkDoc
"The percentage of maxMemory to reserve for the host."; ) with a plain string
literal (e.g. description = "The percentage of maxMemory to reserve for the
host.";), ensuring no mkDoc references remain in the virtual-machine.nix option
definition.

In `@modules/nixos/shared/core/printing.nix`:
- Around line 16-21: The config-level assignment for custom.core.printing.enable
should be wrapped with lib.mkDefault to match other custom.core toggles; update
the config = mkMerge block where custom.core.printing.enable is set (currently
using config.host.device.role != "server" && !config.host.device.isVirtual) to
instead call lib.mkDefault(...) so host-level overrides win and avoid
merge-priority conflicts with option-level defaults (see related symbols:
custom.core.printing.enable, lib.mkDefault, config = mkMerge, cfg.enable).

---

Duplicate comments:
In `@modules/nixos/server/tests.nix`:
- Around line 10-11: The module is importing type helpers from lib.type which is
incorrect; change the imports to use lib.types so the type helpers (mkOption,
mkEnableOption, submodule, attrsOf, either, listOf, str, bool, functionTo) are
pulled from lib.types instead of lib.type and update both inherit statements
accordingly to reference lib.types.
- Around line 17-38: The block assigning server.tests.units uses
attrsOf(submodule(...)) directly under options instead of declaring it as an
option; wrap the entire units value in a mkOption so it becomes a proper NixOS
option declaration. Specifically, change the declaration of server.tests.units
(the attrsOf(submodule({...}) value that defines options name and testScript) to
be returned from mkOption with appropriate type (e.g., attrsOf _ or an
attributeset of submodules) and include its existing nested options (name,
testScript) as the option's documentation/type; ensure references to attrsOf,
submodule, and the nested options name and testScript remain intact while
replacing the raw value with mkOption(...) so the module system evaluates it
correctly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 56811165-b6e5-477d-a481-a22044ea4ca2

📥 Commits

Reviewing files that changed from the base of the PR and between 072e115 and 2a6a397.

📒 Files selected for processing (58)

• docs/src/modules/nixos/desktop.md
• docs/src/modules/nixos/services.md
• flake/ci/flake-module.nix
• flake/default.nix
• lib/builders/mkSystem.nix
• modules/home-manager/services/mcpo.nix
• modules/nixos/default.nix
• modules/nixos/desktop/default.nix
• modules/nixos/desktop/rgb.nix
• modules/nixos/desktop/vfio.nix
• modules/nixos/desktop/virtual-machine.nix
• modules/nixos/encrypted-root.nix
• modules/nixos/laptop/default.nix
• modules/nixos/proxies.nix
• modules/nixos/server/default.nix
• modules/nixos/server/tests.nix
• modules/nixos/shared/core.nix
• modules/nixos/shared/core/auto-upgrade.nix
• modules/nixos/shared/core/boot/default.nix
• modules/nixos/shared/core/boot/quietboot.nix
• modules/nixos/shared/core/boot/secureboot.nix
• modules/nixos/shared/core/boot/systemd-boot.nix
• modules/nixos/shared/core/default.nix
• modules/nixos/shared/core/hardware/backlight.nix
• modules/nixos/shared/core/hardware/biometrics.nix
• modules/nixos/shared/core/hardware/bluetooth.nix
• modules/nixos/shared/core/hardware/cooling.nix
• modules/nixos/shared/core/hardware/default.nix
• modules/nixos/shared/core/hardware/display.nix
• modules/nixos/shared/core/hardware/graphics.nix
• modules/nixos/shared/core/hardware/openrgb.nix
• modules/nixos/shared/core/hardware/storage/default.nix
• modules/nixos/shared/core/hardware/storage/ephemeral.nix
• modules/nixos/shared/core/hardware/storage/maintenance.nix
• modules/nixos/shared/core/hardware/storage/partitions/btrfs.nix
• modules/nixos/shared/core/hardware/storage/partitions/esp.nix
• modules/nixos/shared/core/hardware/storage/partitions/luks.nix
• modules/nixos/shared/core/hardware/storage/partitions/tmpfs.nix
• modules/nixos/shared/core/host/default.nix
• modules/nixos/shared/core/host/device.nix
• modules/nixos/shared/core/host/persistence.nix
• modules/nixos/shared/core/printing.nix
• modules/nixos/shared/default.nix
• modules/nixos/shared/features/display-manager.nix
• modules/nixos/shared/features/hm-helper/1password.nix
• modules/nixos/shared/features/hm-helper/default.nix
• modules/nixos/shared/features/hm-helper/kde-connect.nix
• modules/nixos/shared/features/hm-helper/mpv.nix
• modules/nixos/shared/features/hm-helper/nautilus.nix
• modules/nixos/shared/features/remote.nix
• modules/nixos/shared/services/default.nix
• modules/nixos/shared/services/huntress.nix
• modules/nixos/shared/services/mcpo.nix
• modules/nixos/shared/services/metrics.nix
• modules/nixos/shared/services/tailscale.nix
• tests/default.nix
• tests/lib.nix
• tests/mkNode.nix

💤 Files with no reviewable changes (4)

• modules/nixos/proxies.nix
• modules/nixos/default.nix
• modules/nixos/encrypted-root.nix
• modules/nixos/shared/core.nix

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify allocations is defined in the nixos partition's flake module
echo "=== Checking allocations option definition ==="
rg -n 'options\.allocations' modules/flake/

echo ""
echo "=== Checking how nixos partition is defined ==="
rg -n -A5 'nixos.*=' flake/default.nix | head -20

echo ""
echo "=== Checking nixos flake-module structure ==="
cat flake/nixos/flake-module.nix 2>/dev/null || echo "File not found"

Repository: DaRacci/nix-config

Length of output: 1973

---

🏁 Script executed:

# Check the context around line 28 in flake/ci/flake-module.nix
sed -n '20,40p' flake/ci/flake-module.nix

echo ""
echo "=== Search for other config.partitions usage patterns ==="
rg -n 'config\.partitions\.' flake/ | head -20

echo ""
echo "=== Check if there are any examples of .module access ==="
rg -n '\.module\.' flake/ | head -10

Repository: DaRacci/nix-config

Length of output: 793

---

Correct the partition allocations access path.

The path config.partitions.nixos.module.allocations is incorrect. Based on the flake-modules structure and how the nixos partition is defined (with module = ./nixos/flake-module.nix), the module's outputs are merged directly into the partition config. The correct path is config.partitions.nixos.allocations, which is also consistent with other partition accessors in the codebase (e.g., config.partitions.docs.extraInputs).

Change line 28 to:

inherit (config.partitions.nixos) allocations;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@flake/ci/flake-module.nix` at line 28, The partition allocations accessor is
incorrect: change the inherited path from
config.partitions.nixos.module.allocations to
config.partitions.nixos.allocations; locate the inherit statement that
references (config.partitions.nixos.module) allocations and update it to inherit
from (config.partitions.nixos) allocations so it matches how the flake module is
merged and aligns with other accessors like config.partitions.docs.extraInputs.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Use a relative import for the moved module path

Line 11 uses an absolute-style ${self} path. Prefer a file-relative import here to match repo conventions and keep modules less coupled to flake root pathing.

Suggested change

-    (import "${self}/modules/nixos/shared/services/mcpo.nix" {
+    (import ../../nixos/shared/services/mcpo.nix {

As per coding guidelines, "Prefer relative imports over absolute imports (e.g., ./modules/foo.nix)."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/home-manager/services/mcpo.nix` at line 11, The import in
modules/home-manager/services/mcpo.nix currently uses the `${self}`-style
absolute path in the expression `(import
"${self}/modules/nixos/shared/services/mcpo.nix" {` — replace that with a
file-relative import (e.g., `./modules/nixos/shared/services/mcpo.nix`) to
follow repo conventions; update the import expression in the same file by
changing the path string to the relative path so the module is loaded relative
to modules/home-manager/services/mcpo.nix rather than via `${self}`.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

server.tests is declared but not wired into test execution.

This module only defines options (Line 13–Line 42), but tests/default.nix Line 14–Line 29 still runs a static script and does not consume server.tests.enable or server.tests.units.*.testScript. That leaves the new framework inert in CI.

You should thread evaluated host test config into the harness and generate testScript from declared units (including function/string handling) before calling runNixOSTest.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/server/tests.nix` around lines 13 - 42, The server.tests
options are declared but never used; update the test harness (tests/default.nix)
to read the evaluated host config's server.tests.* and build a composite
testScript passed to runNixOSTest: iterate over server.tests.units, call each
unit's testScript (handling both string and function signatures—1-arg node
config or 2-arg node+cluster config) to produce the per-host subtests, and
respect server.tests.enable to skip wiring when disabled; ensure the evaluated
host config is threaded into the harness so testScript functions receive the
proper node/cluster args before invoking runNixOSTest.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Find and read the file in question
find . -name "default.nix" -path "*/modules/nixos/shared/core/*" -type f

Repository: DaRacci/nix-config

Length of output: 297

---

🏁 Script executed:

# Read the relevant sections of the file
if [ -f "modules/nixos/shared/core/default.nix" ]; then
  echo "=== Lines 50-80 (around lines 58-62) ===" && sed -n '50,80p' modules/nixos/shared/core/default.nix && \
  echo -e "\n=== Lines 120-140 (around lines 129-131) ===" && sed -n '120,140p' modules/nixos/shared/core/default.nix
fi

Repository: DaRacci/nix-config

Length of output: 1321

---

🌐 Web query:

NixOS NetworkManager module users.groups networkmanager access control

💡 Result:

In NixOS, the NetworkManager module handles access control for users via the 'networkmanager' group. When networking.networkmanager.enable = true is set, the module automatically creates the 'networkmanager' group with a dedicated GID and adds a Polkit rule granting users in that group permission to perform NetworkManager actions (org.freedesktop.NetworkManager.*) without root privileges. Users must be explicitly added to this group using users.users.<name>.extraGroups = [ "networkmanager" ]; to manage networks via nmcli, nmtui, or graphical tools. There is no direct 'users.groups' option within the NetworkManager module itself for customizing group membership or Polkit rules; access is controlled solely through membership in the auto-created 'networkmanager' group. The Polkit configuration is hardcoded in the module as: security.polkit.extraConfig = '' polkit.addRule(function(action, subject) { if (subject.isInGroup("networkmanager") && action.id.indexOf("org.freedesktop.NetworkManager.") == 0) { return polkit.Result.YES; } }); ''; This is NixOS-specific behavior, differing from some other distributions where local session users may have broader default access. Example configuration: networking.networkmanager.enable = true; users.users.alice = { isNormalUser = true; extraGroups = [ "networkmanager" ]; }; After nixos-rebuild switch, user 'alice' can manage networks without sudo.

Citations:

• 1: https://nlewo.github.io/nixos-manual-sphinx/configuration/network-manager.xml.html
• 2: https://wiki.nixos.org/wiki/NetworkManager
• 3: Documentation: About the networkmanager group NixOS/nixpkgs#222943
• 4: https://nlewo.github.io/nixos-manual-sphinx/configuration/user-mgmt.xml.html
• 5: https://mynixos.com/nixpkgs/option/networking.networkmanager.enable
• 6: https://github.com/NixOS/nixpkgs/blob/5b7cd5c39befee629be284970415b6eb3b0ff000/nixos/modules/services/networking/networkmanager.nix

---

🌐 Web query:

NixOS PipeWire module services.pipewire.systemWide users.groups.pipewire

💡 Result:

The NixOS PipeWire module is configured under services.pipewire. Key options include: services.pipewire.enable: Enables the PipeWire service (default: false). services.pipewire.systemWide: If true, enables a system-wide PipeWire service and socket, allowing all users in the "pipewire" group to use it simultaneously. Default is false (user units only), and system-wide is not recommended per upstream. Declared in nixos/modules/services/desktops/pipewire/pipewire.nix. For system-wide access, add users to the pipewire group, e.g.: users.users.username.extraGroups = [ "pipewire" ]; or for services: systemd.services.myservice.serviceConfig.SupplementaryGroups = [ "pipewire" ]; There is no direct users.groups.pipewire option in the module; the "pipewire" group is created implicitly when systemWide = true, and users/services must be manually assigned to it via extraGroups or SupplementaryGroups. Other common options: - services.pipewire.alsa.enable = true; (ALSA support) - services.pipewire.pulse.enable = true; (PulseAudio compatibility) - security.rtkit.enable = true; (recommended for realtime scheduling)

Citations:

• 1: https://mynixos.com/nixpkgs/option/services.pipewire.systemWide
• 2: https://wiki.nixos.org/wiki/PipeWire
• 3: https://aux-docs.pyrox.pages.gay/NixOS/services/pipewire/
• 4: nixos/pipewire: add systemWide option NixOS/nixpkgs#153426

---

Replace network with networkmanager, and conditionally add pipewire only when system-wide is enabled.

NetworkManager creates the networkmanager group and grants access via Polkit rules; the current network group name won't provide the necessary permissions. PipeWire only creates the pipewire group when services.pipewire.systemWide = true, which isn't set in this configuration (defaults to false). Users will fail to be added to non-existent groups.

Suggested fix

     (mkIf cfg.audio.enable {
       custom.defaultGroups = [
         "audio"
-        "pipewire"
         "rtkit"
       ];
@@
     (mkIf cfg.network.enable {
-      custom.defaultGroups = [ "network" ];
+      custom.defaultGroups = [ "networkmanager" ];
       networking.networkmanager.enable = true;
     })

Also applies to: 129-131

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/nixos/shared/core/default.nix` around lines 58 - 62, Update the
custom.defaultGroups list to use the correct NetworkManager group name and avoid
adding non-existent PipeWire group: replace any occurrence of "network" in
custom.defaultGroups with "networkmanager", and only append "pipewire" to
custom.defaultGroups when services.pipewire.systemWide is true (guard the
addition with that condition); apply the same change for the other occurrence of
custom.defaultGroups later in the file (the second block around lines referenced
in the review).

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Remove unused import.

testLib is imported but never used in this file.

🧹 Proposed fix

 let
   inherit (lib) nameValuePair listToAttrs;
-
-  testLib = import ./lib.nix;
 in

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/default.nix` at line 12, The import binding testLib in
tests/default.nix is unused; remove the unused import statement (the line
defining testLib = import ./lib.nix;) so the file no longer creates an unused
symbol and to avoid lint warnings.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Typo in comment.

"each" should be "reach".

📝 Proposed fix

-    # Wait for all nodes to each multi-user.target
+    # Wait for all nodes to reach multi-user.target

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Wait for all nodes to each multi-user.target
	# Wait for all nodes to reach multi-user.target

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/default.nix` at line 24, Fix the typo in the comment string "Wait for
all nodes to each multi-user.target" by changing "each" to "reach" so it reads
"Wait for all nodes to reach multi-user.target"; update the comment where that
exact phrase appears to correct the wording.