yeah i use some ai lol, sorry

Merge commit 'd835588135'
android support: update udev rules management
2026-03-02 20:35:36 -06:00 · 2026-03-02 18:16:23 -06:00 · 2026-03-02 13:38:57 -06:00 · 2026-02-28 23:19:12 -06:00 · 2026-02-18 19:25:49 -06:00 · 2026-02-18 19:06:23 -06:00
6 changed files with 136 additions and 21 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -0,0 +1,105 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Architecture
+
+This is a unified NixOS and Home Manager configuration using the **trivionomicon doctrine system** as a git subtree.
+
+### Directory Structure
+
+- `home/` - Home Manager user configuration
+  - `modules/` - User-level feature modules (terminal, neovim, firefox, ai, etc.)
+  - `platforms/` - User-specific configs per host (`fabian@t14`, `fabian@posixlycorrect`, `fabian@vps`)
+- `sys/` - NixOS system configuration
+  - `modules/` - System-level feature modules (audio, graphics, networking, etc.)
+  - `platforms/` - Machine-specific configs (`t14`, `posixlycorrect`, `vps`)
+- `pkgs/` - Custom package overlays and nixpkgs configuration
+- `trivionomicon/` - Shared doctrine framework (git subtree)
+  - `doctrine/` - Core library (`mkModule`, `mkSystemFlake`)
+  - `modules/` - Shared modules usable by any host
+
+### Namespace Conventions
+
+- `config.local.*` - Home Manager modules (user level)
+- `config.local.sys.*` - NixOS modules (system level)
+- `config.trivium.*` - Trivionomicon shared modules
+
+### Module Patterns
+
+**Simple module** (single layer):
+```nix
+{config, lib, pkgs, ...}:
+with lib; let
+  cfg = config.local.programs.terminal;
+in {
+  options.local.programs.terminal = { enable = mkEnableOption "..."; };
+  config = mkIf cfg.enable { ... };
+}
+```
+
+### Platform Configuration
+
+Each host has paired directories:
+- `sys/platforms/{hostname}/` - Machine-specific NixOS config
+- `home/platforms/{user}@{hostname}/` - User-specific Home Manager config
+
+The `flake.nix` uses `trivionomicon.lib.mkSystemFlake` to auto-generate configurations from these platform directories.
+
+## Trivionomicon System
+
+The trivionomicon is a shared NixOS/Home Manager module framework maintained collaboratively. It lives as a git subtree at `trivionomicon/` and provides unified modules that work across both NixOS and Home Manager contexts.
+
+### Core Functions
+
+- **`mkDoctrine`** - Creates namespace context with the "trivium" prefix and hm/sys awareness
+- **`mkModule`** - Composes hm.nix + sys.nix + options.nix into a unified module
+- **`mkSystemFlake`** - Auto-generates flake outputs from platform directories
+
+### Module Structure
+
+```
+moduleName/
+├── default.nix    # Entry: calls doctrine.lib.mkModule
+├── options.nix    # Options split by hm/sys keys
+├── hm.nix         # Home Manager implementation (optional)
+└── sys.nix        # NixOS implementation (optional)
+```
+
+### Available Modules
+
+Modules are located at `trivionomicon/modules`.
+
+### Git Subtree Workflow
+
+#### Commit separation (critical):
+Never create commits that include both:
+- Changes inside `trivionomicon/`
+- Changes outside `trivionomicon/` (home/, sys/, pkgs/, flake.nix, etc.)
+
+The trivionomicon is a shared project. Each commit touching `trivionomicon/` must contain only trivionomicon changes so it can be cleanly pushed upstream.
+
+#### Commit message conventions:
+- If a module was modified: `trivionomicon/modules/<module name>: one line summary of changes`
+
+Similar layout if something other than a module was modified.
+
+#### Sync changes with the shared repository:
+```bash
+# Pull updates
+git subtree pull --prefix=trivionomicon forgejo@git.posixlycorrect.com:deepState/trivionomicon.git master
+
+# Push changes back
+git subtree push --prefix=trivionomicon forgejo@git.posixlycorrect.com:deepState/trivionomicon.git master
+```
+
+## Key Files
+
+- `pkgs/config/unfree.nix` - Allowlist for unfree packages (add packages here when needed)
+- `pkgs/default.nix` - Package overlays and overrides
+- `trivionomicon/doctrine/lib/` - Core doctrine functions for module composition
+
+## Restrictions
+
+Never use any `nix`, `home-manager`, `nixos-rebuild` or `nix-collect-garbage` commands.
+Ask before using any `git` commands.
--- a/flake.lock
+++ b/flake.lock
@ -276,11 +276,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770237702,
-        "narHash": "sha256-a2gUeJd7B4KxYSI17MaEjVMJUMS4zRR2Ha2vFplssmc=",
+        "lastModified": 1772342291,
+        "narHash": "sha256-hXlWBR5yBOtxgF/7Vr2tVknh4LxFGheiS7yHD8sWbfs=",
        "ref": "refs/heads/master",
-        "rev": "0de7c28109045758ca5fd032e098a72520eec481",
-        "revCount": 73,
+        "rev": "1ef6d4cd8517855b9aaf7671dccc6f992eea1f6c",
+        "revCount": 74,
        "type": "git",
        "url": "https://git.posixlycorrect.com/fabian/homepage.git"
      },
--- a/sys/modules/android.nix
+++ b/sys/modules/android.nix
@ -11,11 +11,6 @@ in {
    enable = mkEnableOption "androidSupport settings";
  };
  config = mkIf cfg.enable {
-    services.udev.packages = with pkgs; [
-      # android-udev-rules
-      # todo: 'android-udev-rules' has been removed due to being superseded by built-in systemd uaccess rules
-    ];
-
    environment.systemPackages = with pkgs; [
      android-tools
    ];
--- a/trivionomicon/modules/athena-bccr/sys.nix
+++ b/trivionomicon/modules/athena-bccr/sys.nix
@ -19,8 +19,23 @@ in {
    systemPackages = [athena.ase-pkcs11];
  };

-  #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA
-  security.pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"];
+  security = {
+    #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA
+    pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"];
+
+    polkit = {
+      enable = lib.mkDefault true;
+
+      extraConfig = ''
+        polkit.addRule(function(action, subject) {
+            if ((action.id == "org.debian.pcsc-lite.access_pcsc" || action.id == "org.debian.pcsc-lite.access_card") &&
+                subject.isInGroup("users")) {
+                    return polkit.Result.YES;
+            }
+        });
+      '';
+    };
+  };

  services = {
    pcscd.enable = true;
--- a/trivionomicon/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch
+++ b/trivionomicon/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch
@ -8,18 +8,18 @@ Subject: [PATCH] Remove CheckUpdatePlugin from default list
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/src/main/java/cr/libre/firmador/Settings.java b/src/main/java/cr/libre/firmador/Settings.java
-index e5ddf01..a028d6e 100644
+index e392a82..c2ab5e4 100644
 --- a/src/main/java/cr/libre/firmador/Settings.java
 +++ b/src/main/java/cr/libre/firmador/Settings.java
-@@ -81,7 +81,7 @@ public class Settings {
- 
+@@ -160,7 +160,7 @@ public class Settings {
+     @SuppressWarnings("this-escape")
     public Settings() {
         activePlugins.add("cr.libre.firmador.plugins.DummyPlugin");
 -        activePlugins.add("cr.libre.firmador.plugins.CheckUpdatePlugin");
 +        // activePlugins.add("cr.libre.firmador.plugins.CheckUpdatePlugin");
+         // activePlugins.add("cr.libre.firmador.plugins.DocumentSignLogs");
         availablePlugins.add("cr.libre.firmador.plugins.DummyPlugin");
         availablePlugins.add("cr.libre.firmador.plugins.CheckUpdatePlugin");
-     }
 -- 
-2.49.0
+2.51.2

--- a/trivionomicon/pkgs/athena-bccr/firmador.nix
+++ b/trivionomicon/pkgs/athena-bccr/firmador.nix
@ -11,7 +11,7 @@
    enableJavaFX = true;
  };

-  version = "1.9.8";
+  version = "1.9.8+master";
 in
  maven.buildMavenPackage {
    pname = "firmador";
@ -19,15 +19,15 @@ in

    src = fetchgit {
      url = "https://codeberg.org/firmador/firmador";
-      rev = version;
-      hash = "sha256-xdiVPjihRADPK4nG+WQHWsDzVYLCeN6ouQ6SDtjf1qQ=";
+      rev = "676b0e3c0dc5adb0628d4d98efcfccfca3daa8a7";
+      hash = "sha256-f/EKll1csvUCRSt4G1SeDB4gVW+ZtUgJjlmM7PlafyQ=";
    };

    patches = [
      ./0001-Remove-CheckUpdatePlugin-from-default-list.patch
    ];

-    mvnHash = "sha256-m3UaOLNyIlVAOI5tzxMlxg4KZ1N5gT2O2WSka+jBat4=";
+    mvnHash = "sha256-0vwJ1f+0UXxrXRaJ1BHqfOXDU/pxrSPdYYEQ71m4jJQ=";

    nativeBuildInputs = [
      makeWrapper
@ -35,7 +35,7 @@ in
    ];

    postPatch = lib.optionalString (libasep11 != null) ''
-      sed -i 's@/usr/lib/x64-athena/libASEP11.so@${libasep11}@g' src/main/java/cr/libre/firmador/CRSigner.java
+      sed -i 's@/usr/lib/x64-athena/libASEP11.so@${libasep11}@g' src/main/java/cr/libre/firmador/signers/CRSigner.java
    '';

    installPhase = ''
Author	SHA1	Message	Date
Fabian Montero	a0789edb6e	yeah i use some ai lol, sorry	2026-03-02 20:35:36 -06:00
Fabian Montero	34299f5614	Merge commit '`d835588135`'	2026-03-02 18:16:23 -06:00
Fabian Montero	9f1bf71586	android support: update udev rules management	2026-03-02 13:38:57 -06:00
Fabian Montero	39789ad391	flake.lock: Update Flake lock file updates: • Updated input 'homepage': 'git+https://git.posixlycorrect.com/fabian/homepage.git?ref=refs/heads/master&rev=0de7c28109045758ca5fd032e098a72520eec481' (2026-02-04) → 'git+https://git.posixlycorrect.com/fabian/homepage.git?ref=refs/heads/master&rev=1ef6d4cd8517855b9aaf7671dccc6f992eea1f6c' (2026-03-01)	2026-02-28 23:19:12 -06:00
Alejandro Soto	d835588135	trivionomicon: athena-bccr: update 1.9.8 -> latest master	2026-02-18 19:25:49 -06:00
Alejandro Soto	cbc0180d60	trivionomicon: athena-bccr: allow the 'users' group to access any card	2026-02-18 19:06:23 -06:00
Alejandro Soto	f133a894d8	trivionomicon: athena-bccr: fix Polkit authentication failures	2026-02-18 18:56:39 -06:00
Fabian Montero	c01f195d59	update config to new 25.11 options	2026-02-13 00:50:17 -06:00