evan/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(cleanup): sops, opencode, etc

Browse Source
This commit is contained in:
Evan Reichard
2026-01-11 22:19:31 -05:00
parent 1fe9396284
commit c8f5e744d0
32 changed files with 1210 additions and 676 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
modules/home/programs/terminal/nvim/config/lua/llm-config.lua
View File

@@ -3,24 +3,29 @@ local llm_assistant_model = "devstral-small-2-instruct"
local llm_infill_model = "qwen2.5-coder-3b-instruct"
-- Default Llama - Toggle Llama & Copilot
-- vim.g.copilot_filetypes = { ["*"] = false }
local current_mode = "copilot"
local function toggle_llm_fim_provider()
if current_mode == "llama" then
vim.g.copilot_filetypes = { ["*"] = true }
vim.cmd("Copilot enable")
vim.cmd("LlamaDisable")
current_mode = "copilot"
vim.notify("Copilot FIM enabled", vim.log.levels.INFO)
else
local current_fim = "llama"
local function switch_llm_fim_provider(switch_to)
if switch_to == "llama" then
vim.g.copilot_filetypes = { ["*"] = true }
vim.cmd("Copilot disable")
vim.cmd("LlamaEnable")
current_mode = "llama"
current_fim = "llama"
vim.notify("Llama FIM enabled", vim.log.levels.INFO)
else
vim.g.copilot_filetypes = { ["*"] = true }
vim.cmd("Copilot enable")
vim.cmd("LlamaDisable")
current_fim = "copilot"
vim.notify("Copilot FIM enabled", vim.log.levels.INFO)
end
end
vim.api.nvim_create_autocmd("VimEnter", {
callback = function()
switch_llm_fim_provider(current_fim)
end,
})
-- Copilot Configuration
vim.g.copilot_no_tab_map = true
@@ -75,7 +80,13 @@ codecompanion.setup({
-- Create KeyMaps for Code Companion
vim.keymap.set("n", "<leader>aa", codecompanion.actions, { desc = "Actions" })
vim.keymap.set("n", "<leader>af", toggle_llm_fim_provider, { desc = "Toggle FIM (Llama / Copilot)" })
vim.keymap.set("n", "<leader>af", function()
if current_fim == "llama" then
switch_llm_fim_provider("copilot")
else
switch_llm_fim_provider("llama")
end
end, { desc = "Toggle FIM (Llama / Copilot)" })
vim.keymap.set("n", "<leader>ao", function() require("snacks.terminal").toggle("opencode") end,
{ desc = "Toggle OpenCode" })
vim.keymap.set("v", "<leader>ai", ":CodeCompanion<cr>", { desc = "Inline Prompt" })

46
modules/home/programs/terminal/nvim/config/lua/lsp-config.lua
View File

@@ -134,7 +134,13 @@ setup_lsp("cssls", {
setup_lsp("ts_ls", {
on_attach = on_attach_no_formatting,
cmd = { nix_vars.tsls, "--stdio" },
filetypes = { "typescript", "typescriptreact" },
filetypes = { "typescript", "typescriptreact", "javascript" },
})
-- ESLint LSP
setup_lsp("eslint", {
on_attach = on_attach_no_formatting,
cmd = { nix_vars.vscls .. "/bin/vscode-eslint-language-server", "--stdio" },
})
-- C LSP Configuration
@@ -149,6 +155,11 @@ setup_lsp("lua_ls", {
filetypes = { "lua" },
})
-- Lua LSP Configuration
setup_lsp("sqls", {
cmd = { nix_vars.sqls },
})
-- Nix LSP Configuration
setup_lsp("nil_ls", {
filetypes = { "nix" },
@@ -205,44 +216,19 @@ setup_lsp("golangci_lint_ls", {
------------------------------------------------------
local none_ls = require("null-ls")
local eslintFiles = {
".eslintrc",
".eslintrc.js",
".eslintrc.cjs",
".eslintrc.yaml",
".eslintrc.yml",
".eslintrc.json",
"eslint.config.js",
"eslint.config.mjs",
"eslint.config.cjs",
"eslint.config.ts",
"eslint.config.mts",
"eslint.config.cts",
}
local has_eslint_in_parents = function(fname)
local root_file = require("lspconfig").util.insert_package_json(eslintFiles, "eslintConfig", fname)
return require("lspconfig").util.root_pattern(unpack(root_file))(fname)
end
none_ls.setup({
sources = {
-- Prettier Formatting
-- Formatting
none_ls.builtins.formatting.prettier,
none_ls.builtins.formatting.prettier.with({ filetypes = { "template" } }),
require("none-ls.diagnostics.eslint_d").with({
condition = function(utils)
return has_eslint_in_parents(vim.fn.getcwd())
end,
}),
none_ls.builtins.completion.spell,
none_ls.builtins.formatting.nixpkgs_fmt, -- TODO: nixd native LSP?
none_ls.builtins.diagnostics.sqlfluff,
none_ls.builtins.formatting.sqlfluff,
require("none-ls.formatting.autopep8").with({
filetypes = { "starlark", "python" },
extra_args = { "--max-line-length", "100" },
}),
-- Completion
none_ls.builtins.completion.spell,
},
on_attach = function(client, bufnr)
if client:supports_method("textDocument/formatting") then

12
modules/home/programs/terminal/nvim/default.nix
View File

@@ -1,8 +1,9 @@
{ pkgs
, lib
, config
, namespace
, ...
{
pkgs,
lib,
config,
namespace,
...
}:
let
inherit (lib) mkIf;
@@ -178,6 +179,7 @@ in
sveltels = "${pkgs.nodePackages.svelte-language-server}/bin/svelteserver",
tsls = "${pkgs.nodePackages.typescript-language-server}/bin/typescript-language-server",
vscls = "${pkgs.nodePackages.vscode-langservers-extracted}",
sqls = "${pkgs.sqls}/bin/sqls",
}
return nix_vars
'';

65
modules/home/programs/terminal/opencode/config/agents/agent-creator.md Normal file
View File

@@ -0,0 +1,65 @@
---
description: Creates and configures new OpenCode agents based on requirements
mode: subagent
temperature: 0.3
permission:
write: allow
---
You help users create custom OpenCode agents. When asked to create an agent:
1. **Understand the need**: Ask clarifying questions about:
- What tasks should this agent handle?
- Should it be primary or subagent?
- What tools does it need access to?
- Any special permissions or restrictions?
- Should it use a specific model?
2. **Generate the config**: Create a markdown file in the appropriate location:
- Global: `~/.config/opencode/agent/`
- Project: `.opencode/agent/`
3. **Available config options**:
- `description` (required): Brief description of agent purpose
- `mode`: "primary", "subagent", or "all" (defaults to "all")
- `temperature`: 0.0-1.0 (lower = focused, higher = creative)
- `maxSteps`: Limit agentic iterations
- `disable`: Set to true to disable agent
- `tools`: Control tool access (write, edit, bash, etc.)
- `permission`: Set to "ask", "allow", or "deny" for edit/bash/webfetch
- Additional provider-specific options pass through to the model
4. **Tools configuration**:
- Set individual tools: `write: true`, `bash: false`
- Use wildcards: `mymcp_*: false`
- Inherits from global config, agent config overrides
5. **Permissions** (for edit, bash, webfetch):
- `ask`: Prompt before running
- `allow`: Run without approval
- `deny`: Disable completely
- Can set per-command for bash: `"git push": "ask"`
6. **Keep it simple**: Start minimal, users can extend later.
7. **Explain usage**: Tell them how to invoke with `@agent-name`.
Example structure:
```markdown
---
description: [one-line purpose]
mode: subagent
model: anthropic/claude-sonnet-4-20250514
temperature: 0.2
tools:
write: false
bash: false
permission:
edit: deny
---
[Clear instructions for the agent's behavior]
```
Be conversational. Ask questions before generating.

66
modules/home/programs/terminal/opencode/config/agents/architect.md Normal file
View File

@@ -0,0 +1,66 @@
---
description: Discovers relevant code and builds a focused implementation plan with exact file references
mode: subagent
temperature: 0.4
permission:
"*": deny
context7_*: allow
glob: allow
grep: allow
list: allow
lsp: allow
read: allow
todoread: allow
todowrite: allow
---
You analyze requirements and discover the relevant code context needed for implementation.
**Your job:**
1. Read through the codebase to understand what exists
2. Identify specific files and line ranges relevant to the task
3. Create a focused plan with exact references for the @developer agent
4. Describe what needs to change and why
**Deliver a compressed context map:**
For each relevant file section, use this format:
`path/file.py:10-25` - Current behavior. Needed change.
Keep it to ONE sentence per part (what it does, what needs changing).
**Example:**
`auth.py:45-67` - Login function with basic validation. Add rate limiting using existing middleware pattern.
`middleware/rate_limit.py:10-35` - Rate limiter for API endpoints. Reference this implementation.
`config.py:78` - Rate limit config (5 req/min). Use these values.
**Don't include:**
- Full code snippets (developer will read the files)
- Detailed explanations (just pointers)
- Implementation details (that's developer's job)
**Do include:**
- Exact line ranges so developer reads only what's needed
- Key constraints or patterns to follow
- Dependencies between files
**Examples of good references:**
- "`auth.py:45-67` - login function, needs error handling"
- "`db.py:12-30` - connection logic, check timeout handling"
- "`api/routes.py:89` - endpoint definition to modify"
- "`tests/test_auth.py:23-45` - existing tests to update"
**Examples of good plans:**
"Add rate limiting to login:
- `auth.py:45-67` - Current login function with no rate limiting
- `middleware/rate_limit.py:10-35` - Existing rate limiter for API
- Need: Apply same pattern to login endpoint
- Related: `config.py:78` - Rate limit settings"
You're the context scout - provide precise pointers so @developer doesn't waste context searching.

76
modules/home/programs/terminal/opencode/config/agents/developer.md Normal file
View File

@@ -0,0 +1,76 @@
---
description: Implements code based on plans and addresses review feedback
mode: subagent
temperature: 0.3
permission:
"*": deny
bash: allow
context7_*: allow
edit: allow
glob: allow
grep: allow
list: allow
lsp: allow
read: allow
todoread: allow
todowrite: allow
---
You implement code. You are the only agent that modifies files.
**DO NOT re-analyze or re-plan.** @architect already did discovery and planning. You execute.
**When building from a plan:**
- Start with the specific files and lines mentioned in the plan
- Read incrementally if you need to understand:
- Function/class definitions referenced in those lines
- Import sources or dependencies
- Related code that must be updated together
- Stop reading once you understand what to change and how
- Don't search the entire codebase or read files "just in case"
- Trust the plan's pointers as your starting point
**Example workflow:**
1. Plan says: `auth.py:45-67` - Read lines 45-67
2. See it calls `validate_user()` - Read that function definition
3. Realize validate_user is imported from `utils.py` - Read that too
4. Implement changes across both files
5. Done
**When addressing review feedback:**
- **Critical findings** (security, logic errors): Must fix
- **Regular findings** (quality, errors): Must fix
- **Nits** (style, minor): Optional, use judgment
**Your workflow:**
1. Read the specific files mentioned in the plan
2. Implement the changes described
3. **When done, commit your work:**
```bash
git add -A
git commit -m "type: what you implemented"
```
**Conventional commit types:**
- `feat:` - New feature
- `fix:` - Bug fix
- `refactor:` - Code restructuring
- `docs:` - Documentation only
- `test:` - Adding/updating tests
- `chore:` - Maintenance tasks
4. Done
**Do NOT:**
- Re-read the entire codebase
- Search for additional context
- Second-guess the plan
- Do your own discovery phase
Be efficient. Trust @architect's context work. Just code.

46
modules/home/programs/terminal/opencode/config/agents/orchestrator.md Normal file
View File

@@ -0,0 +1,46 @@
---
description: Orchestrates features or bug fixes by delegating to subagents
mode: primary
temperature: 0.2
maxSteps: 50
permission:
"*": deny
task: allow
---
You are a workflow orchestrator. You ONLY call subagents - you never analyze, plan, code, or review yourself. Your high level flow is @architect -> @developer -> @reviewer
**Your subagents:**
- **@architect** - Analyzes requirements and creates plans
- **@developer** - Implements the plan from @architect
- **@reviewer** - Reviews the implementation from @developer
**Your workflow:**
1. Call @architect with user requirements.
2. Present the plan to the user for approval or changes.
3. If the user requests changes:
- Call @architect again with the feedback.
- Repeat step 2.
4. Once the plan is approved, call @developer with the full, unmodified plan.
5. Call @reviewer with the @developer output.
6. If the verdict is NEEDS_WORK:
- Call @developer with the plan + review feedback.
7. Repeat steps 5-6 until the implementation is APPROVED or APPROVED_WITH_NITS.
8. Report completion to the user:
- If APPROVED: "Implementation complete and approved."
- If APPROVED_WITH_NITS: "Implementation complete. Optional improvements available: [list nits]. Address these? (yes/no)"
9. If the user wants nits fixed:
- Call @developer with the plan + nit list.
- Call @reviewer one final time.
10. Done.
**Rules:**
- Never do the work yourself - always delegate
- Pass information between agents clearly, do not leave out context from the previous agent
- On iteration 2+ of develop→review, always include both plan AND review feedback
- Keep user informed of which agent is working
- Nits are optional - don't require fixes
- Stop when code is approved or only nits remain

68
modules/home/programs/terminal/opencode/config/agents/reviewer.md Normal file
View File

@@ -0,0 +1,68 @@
---
description: Expert code reviewer providing structured feedback on implementations
mode: subagent
temperature: 0.2
permission:
"*": deny
bash:
"*": deny
"git diff *": allow
"git log *": allow
"git show *": allow
"git show": allow
"git status *": allow
"git status": allow
glob: allow
grep: allow
list: allow
lsp: allow
read: allow
---
You are an expert code reviewer. Review implementations and provide structured feedback.
**Your process:**
- Check for uncommitted changes first: `git status`
- If there are uncommitted changes, respond:
"ERROR: Found uncommitted changes. @developer must run `git add -A && git commit -m "type: description"` first."
- Otherwise, review the latest commit with `git show`
- Read full files for additional context only if needed
- Focus on the actual changes made by @developer
**You MUST start your response with a verdict line:**
VERDICT: [APPROVED | NEEDS_WORK | APPROVED_WITH_NITS]
**Then categorize all findings:**
**Critical Findings** (must fix):
- Security vulnerabilities
- Logical errors
- Data corruption risks
- Breaking changes
**Regular Findings** (should fix):
- Code quality issues
- Missing error handling
- Performance problems
- Maintainability concerns
**Nits** (optional):
- Style preferences
- Minor optimizations
- Documentation improvements
- Naming suggestions
**Verdict rules:**
- NEEDS_WORK: Any critical or regular findings exist
- APPROVED_WITH_NITS: Only nits remain
- APPROVED: No findings at all
If you list any critical or regular findings, your verdict MUST be NEEDS_WORK.
Be thorough but fair. Don't bikeshed.

130
modules/home/programs/terminal/opencode/default.nix
View File

@@ -14,63 +14,95 @@ in
};
config = mkIf cfg.enable {
# Enable OpenCode
programs.opencode = {
enable = true;
package = pkgs.reichard.opencode;
enableMcpIntegration = true;
settings = {
theme = "catppuccin";
model = "llama-swap/devstral-small-2-instruct";
permission = {
edit = "allow";
bash = "ask";
webfetch = "ask";
doom_loop = "ask";
external_directory = "ask";
};
provider = {
"llama-swap" = {
npm = "@ai-sdk/openai-compatible";
options = {
baseURL = "https://llm-api.va.reichard.io/v1";
};
models = {
nemotron-3-nano-30b-thinking = {
name = "Nemotron 3 Nano (30B) - Thinking";
agents = {
orchestrator = ./config/agents/orchestrator.md;
architect = ./config/agents/architect.md;
developer = ./config/agents/developer.md;
reviewer = ./config/agents/reviewer.md;
agent-creator = ./config/agents/agent-creator.md;
};
};
# Define OpenCode Configuration
sops = {
secrets.context7_apikey = {
sopsFile = lib.snowfall.fs.get-file "secrets/common/evanreichard.yaml";
};
templates."opencode.json" = {
path = ".config/opencode/opencode.json";
content = builtins.toJSON {
"$schema" = "https://opencode.ai/config.json";
theme = "catppuccin";
# model = "llama-swap/devstral-small-2-instruct";
provider = {
"llama-swap" = {
npm = "@ai-sdk/openai-compatible";
options = {
baseURL = "https://llm-api.va.reichard.io/v1";
};
gpt-oss-20b-thinking = {
name = "GPT OSS (20B)";
};
devstral-small-2-instruct = {
name = "Devstral Small 2 (24B)";
};
qwen3-coder-30b-instruct = {
name = "Qwen3 Coder (30B)";
};
qwen3-next-80b-instruct = {
name = "Qwen3 Next (80B) - Instruct";
};
qwen3-30b-2507-thinking = {
name = "Qwen3 2507 (30B) Thinking";
};
qwen3-30b-2507-instruct = {
name = "Qwen3 2507 (30B) Instruct";
};
qwen3-4b-2507-instruct = {
name = "Qwen3 2507 (4B) - Instruct";
models = {
"hf:Qwen/Qwen3-Coder-480B-A35B-Instruct" = {
name = "Qwen3 Coder (480B) Instruct";
};
"hf:zai-org/GLM-4.7" = {
name = "GLM 4.7";
};
"hf:MiniMaxAI/MiniMax-M2.1" = {
name = "MiniMax M2.1";
};
devstral-small-2-instruct = {
name = "Devstral Small 2 (24B)";
};
qwen3-coder-30b-instruct = {
name = "Qwen3 Coder (30B)";
};
nemotron-3-nano-30b-thinking = {
name = "Nemotron 3 Nano (30B) - Thinking";
};
gpt-oss-20b-thinking = {
name = "GPT OSS (20B)";
};
qwen3-next-80b-instruct = {
name = "Qwen3 Next (80B) - Instruct";
};
qwen3-30b-2507-thinking = {
name = "Qwen3 2507 (30B) Thinking";
};
qwen3-30b-2507-instruct = {
name = "Qwen3 2507 (30B) Instruct";
};
qwen3-4b-2507-instruct = {
name = "Qwen3 2507 (4B) - Instruct";
};
};
};
};
};
lsp = {
starlark = {
command = [
"${pkgs.pyright}/bin/pyright-langserver"
"--stdio"
];
extensions = [
".star"
];
lsp = {
biome = {
disabled = true;
};
starlark = {
command = [
"${pkgs.pyright}/bin/pyright-langserver"
"--stdio"
];
extensions = [ ".star" ];
};
};
mcp = {
context7 = {
type = "remote";
url = "https://mcp.context7.com/mcp";
headers = {
CONTEXT7_API_KEY = "${config.sops.placeholder.context7_apikey}";
};
enabled = true;
};
};
};
};

20
modules/home/services/sops/default.nix
View File

@@ -1,15 +1,21 @@
{ config, lib, namespace, pkgs, ... }:
{ config
, lib
, namespace
, pkgs
, ...
}:
let
inherit (lib) mkIf types;
inherit (lib) mkIf mkEnableOption types;
inherit (lib.${namespace}) mkOpt;
getFile = lib.snowfall.fs.get-file;
cfg = config.${namespace}.services.sops;
in
{
options.${namespace}.services.sops = with types; {
enable = lib.mkEnableOption "sops";
defaultSopsFile = mkOpt path null "Default sops file.";
sshKeyPaths = mkOpt (listOf path) [ ] "SSH Key paths to use.";
enable = mkEnableOption "Enable sops";
defaultSopsFile = mkOpt str "secrets/common/evanreichard.yaml" "Default sops file.";
sshKeyPaths = mkOpt (listOf path) [ ] "Additional SSH key paths to use.";
};
config = mkIf cfg.enable {
@@ -20,11 +26,9 @@ in
];
sops = {
inherit (cfg) defaultSopsFile;
defaultSopsFormat = "yaml";
defaultSopsFile = getFile cfg.defaultSopsFile;
age = {
generateKey = true;
keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ] ++ cfg.sshKeyPaths;
};