diff --git a/CLAUDE.md b/CLAUDE.md deleted file mode 100644 index 4d171d4..0000000 --- a/CLAUDE.md +++ /dev/null @@ -1,105 +0,0 @@ -# CLAUDE.md - -This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. - -## Architecture - -This is a unified NixOS and Home Manager configuration using the **trivionomicon doctrine system** as a git subtree. - -### Directory Structure - -- `home/` - Home Manager user configuration - - `modules/` - User-level feature modules (terminal, neovim, firefox, ai, etc.) - - `platforms/` - User-specific configs per host (`fabian@t14`, `fabian@posixlycorrect`, `fabian@vps`) -- `sys/` - NixOS system configuration - - `modules/` - System-level feature modules (audio, graphics, networking, etc.) - - `platforms/` - Machine-specific configs (`t14`, `posixlycorrect`, `vps`) -- `pkgs/` - Custom package overlays and nixpkgs configuration -- `trivionomicon/` - Shared doctrine framework (git subtree) - - `doctrine/` - Core library (`mkModule`, `mkSystemFlake`) - - `modules/` - Shared modules usable by any host - -### Namespace Conventions - -- `config.local.*` - Home Manager modules (user level) -- `config.local.sys.*` - NixOS modules (system level) -- `config.trivium.*` - Trivionomicon shared modules - -### Module Patterns - -**Simple module** (single layer): -```nix -{config, lib, pkgs, ...}: -with lib; let - cfg = config.local.programs.terminal; -in { - options.local.programs.terminal = { enable = mkEnableOption "..."; }; - config = mkIf cfg.enable { ... }; -} -``` - -### Platform Configuration - -Each host has paired directories: -- `sys/platforms/{hostname}/` - Machine-specific NixOS config -- `home/platforms/{user}@{hostname}/` - User-specific Home Manager config - -The `flake.nix` uses `trivionomicon.lib.mkSystemFlake` to auto-generate configurations from these platform directories. - -## Trivionomicon System - -The trivionomicon is a shared NixOS/Home Manager module framework maintained collaboratively. It lives as a git subtree at `trivionomicon/` and provides unified modules that work across both NixOS and Home Manager contexts. - -### Core Functions - -- **`mkDoctrine`** - Creates namespace context with the "trivium" prefix and hm/sys awareness -- **`mkModule`** - Composes hm.nix + sys.nix + options.nix into a unified module -- **`mkSystemFlake`** - Auto-generates flake outputs from platform directories - -### Module Structure - -``` -moduleName/ -├── default.nix # Entry: calls doctrine.lib.mkModule -├── options.nix # Options split by hm/sys keys -├── hm.nix # Home Manager implementation (optional) -└── sys.nix # NixOS implementation (optional) -``` - -### Available Modules - -Modules are located at `trivionomicon/modules`. - -### Git Subtree Workflow - -#### Commit separation (critical): -Never create commits that include both: -- Changes inside `trivionomicon/` -- Changes outside `trivionomicon/` (home/, sys/, pkgs/, flake.nix, etc.) - -The trivionomicon is a shared project. Each commit touching `trivionomicon/` must contain only trivionomicon changes so it can be cleanly pushed upstream. - -#### Commit message conventions: -- If a module was modified: `trivionomicon/modules/: one line summary of changes` - -Similar layout if something other than a module was modified. - -#### Sync changes with the shared repository: -```bash -# Pull updates -git subtree pull --prefix=trivionomicon forgejo@git.posixlycorrect.com:deepState/trivionomicon.git master - -# Push changes back -git subtree push --prefix=trivionomicon forgejo@git.posixlycorrect.com:deepState/trivionomicon.git master -``` - -## Key Files - -- `pkgs/config/unfree.nix` - Allowlist for unfree packages (add packages here when needed) -- `pkgs/default.nix` - Package overlays and overrides -- `trivionomicon/doctrine/lib/` - Core doctrine functions for module composition - -## Restrictions - -Never use any `nix`, `home-manager`, `nixos-rebuild` or `nix-collect-garbage` commands. -Ask before using any `git` commands. diff --git a/flake.lock b/flake.lock index 1efb9fa..3ebc308 100644 --- a/flake.lock +++ b/flake.lock @@ -276,11 +276,11 @@ ] }, "locked": { - "lastModified": 1772342291, - "narHash": "sha256-hXlWBR5yBOtxgF/7Vr2tVknh4LxFGheiS7yHD8sWbfs=", + "lastModified": 1770237702, + "narHash": "sha256-a2gUeJd7B4KxYSI17MaEjVMJUMS4zRR2Ha2vFplssmc=", "ref": "refs/heads/master", - "rev": "1ef6d4cd8517855b9aaf7671dccc6f992eea1f6c", - "revCount": 74, + "rev": "0de7c28109045758ca5fd032e098a72520eec481", + "revCount": 73, "type": "git", "url": "https://git.posixlycorrect.com/fabian/homepage.git" }, diff --git a/sys/modules/android.nix b/sys/modules/android.nix index 0891e97..504a5d4 100644 --- a/sys/modules/android.nix +++ b/sys/modules/android.nix @@ -11,6 +11,11 @@ in { enable = mkEnableOption "androidSupport settings"; }; config = mkIf cfg.enable { + services.udev.packages = with pkgs; [ + # android-udev-rules + # todo: 'android-udev-rules' has been removed due to being superseded by built-in systemd uaccess rules + ]; + environment.systemPackages = with pkgs; [ android-tools ]; diff --git a/trivionomicon/modules/athena-bccr/sys.nix b/trivionomicon/modules/athena-bccr/sys.nix index 2dd56e2..631185d 100644 --- a/trivionomicon/modules/athena-bccr/sys.nix +++ b/trivionomicon/modules/athena-bccr/sys.nix @@ -19,23 +19,8 @@ in { systemPackages = [athena.ase-pkcs11]; }; - security = { - #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA - pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"]; - - polkit = { - enable = lib.mkDefault true; - - extraConfig = '' - polkit.addRule(function(action, subject) { - if ((action.id == "org.debian.pcsc-lite.access_pcsc" || action.id == "org.debian.pcsc-lite.access_card") && - subject.isInGroup("users")) { - return polkit.Result.YES; - } - }); - ''; - }; - }; + #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA + security.pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"]; services = { pcscd.enable = true; diff --git a/trivionomicon/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch b/trivionomicon/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch index a15896a..e7fc5d5 100644 --- a/trivionomicon/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch +++ b/trivionomicon/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch @@ -8,18 +8,18 @@ Subject: [PATCH] Remove CheckUpdatePlugin from default list 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/cr/libre/firmador/Settings.java b/src/main/java/cr/libre/firmador/Settings.java -index e392a82..c2ab5e4 100644 +index e5ddf01..a028d6e 100644 --- a/src/main/java/cr/libre/firmador/Settings.java +++ b/src/main/java/cr/libre/firmador/Settings.java -@@ -160,7 +160,7 @@ public class Settings { - @SuppressWarnings("this-escape") +@@ -81,7 +81,7 @@ public class Settings { + public Settings() { activePlugins.add("cr.libre.firmador.plugins.DummyPlugin"); - activePlugins.add("cr.libre.firmador.plugins.CheckUpdatePlugin"); + // activePlugins.add("cr.libre.firmador.plugins.CheckUpdatePlugin"); - // activePlugins.add("cr.libre.firmador.plugins.DocumentSignLogs"); availablePlugins.add("cr.libre.firmador.plugins.DummyPlugin"); availablePlugins.add("cr.libre.firmador.plugins.CheckUpdatePlugin"); + } -- -2.51.2 +2.49.0 diff --git a/trivionomicon/pkgs/athena-bccr/firmador.nix b/trivionomicon/pkgs/athena-bccr/firmador.nix index e07235b..8ae8750 100644 --- a/trivionomicon/pkgs/athena-bccr/firmador.nix +++ b/trivionomicon/pkgs/athena-bccr/firmador.nix @@ -11,7 +11,7 @@ enableJavaFX = true; }; - version = "1.9.8+master"; + version = "1.9.8"; in maven.buildMavenPackage { pname = "firmador"; @@ -19,15 +19,15 @@ in src = fetchgit { url = "https://codeberg.org/firmador/firmador"; - rev = "676b0e3c0dc5adb0628d4d98efcfccfca3daa8a7"; - hash = "sha256-f/EKll1csvUCRSt4G1SeDB4gVW+ZtUgJjlmM7PlafyQ="; + rev = version; + hash = "sha256-xdiVPjihRADPK4nG+WQHWsDzVYLCeN6ouQ6SDtjf1qQ="; }; patches = [ ./0001-Remove-CheckUpdatePlugin-from-default-list.patch ]; - mvnHash = "sha256-0vwJ1f+0UXxrXRaJ1BHqfOXDU/pxrSPdYYEQ71m4jJQ="; + mvnHash = "sha256-m3UaOLNyIlVAOI5tzxMlxg4KZ1N5gT2O2WSka+jBat4="; nativeBuildInputs = [ makeWrapper @@ -35,7 +35,7 @@ in ]; postPatch = lib.optionalString (libasep11 != null) '' - sed -i 's@/usr/lib/x64-athena/libASEP11.so@${libasep11}@g' src/main/java/cr/libre/firmador/signers/CRSigner.java + sed -i 's@/usr/lib/x64-athena/libASEP11.so@${libasep11}@g' src/main/java/cr/libre/firmador/CRSigner.java ''; installPhase = ''