evan/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: evan:master
Branches Tags
evan:master evan:snowfall
..
compare: evan:67c088835b55a818dbea568e8fef1f0b73e79e91
Branches Tags
evan:master evan:snowfall

3 Commits
master ... 67c088835b

Author SHA1 Message Date
Evan Reichard
67c088835b fix(pi): exclude literal '.pi' from replacement in system prompt 
Use negative lookbehind to avoid replacing '.pi' in paths like '.pi/agent'
 2026-04-16 10:00:34 -04:00
Evan Reichard
27c04e8d96 feat(sketchybar): add blur effect to individual item backgrounds 
Add per-item blur_radius=30 with background.clip=0.5 to create a
frosted-glass effect on each component pill while keeping the bar
itself fully transparent. Bump bg alpha from 0x20 to 0x30 so the
blur is visible through the semi-transparent backgrounds.
 2026-04-16 10:00:34 -04:00
Evan Reichard
3d4c246d64 feat(pi): add address-gh-review skill and enforce title case comments 
- Add new address-gh-review skill with SKILL.md and gh_review.sh script
  for fetching and addressing unresolved GitHub PR review comments
- Update AGENTS.md comment style to require Title Case for block titles
 2026-04-16 10:00:31 -04:00
13 changed files with 20 additions and 236 deletions
Expand all files Collapse all files

70
.agents/skills/update-package-hashes/SKILL.md
View File

@@ -1,70 +0,0 @@
---
name: update-package-hashes
description: Update a package in packages/ to a new version and refresh its hashes (src, vendorHash, npmDepsHash, cargoHash, etc.) WITHOUT compiling the package. Use when the user asks to bump, update, or upgrade a specific package under packages/. Requires package name and target version/rev.
---
# Update Package Hashes (Without Building)
Require the user to supply the **package name** and **target version/rev/tag**. Ask if missing.
## Hard Rules — Read First
1. **Never run `nix build .#<pkg>`** or `.#packages.<system>.<pkg>`. That compiles the package. Only realise **FOD sub-attributes** (`.src`, `.goModules`, `.npmDeps`, `.cargoDeps`) — those are pure downloads, not builds.
2. **Never** use `nix-prefetch-git`, `nix-prefetch-url`, `nix hash path`, `git clone` + manual hashing, `builtins.fetchGit`, or any other ad-hoc method to compute hashes. They produce hashes in formats that don't match what `fetchgit`/`fetchFromGitHub`/etc. expect, and you will waste time chasing mismatches.
3. There are exactly **two** correct ways to get a hash, both listed below. If neither fits, stop and ask the user — don't improvise.
## The Only Two Methods
### Method A — `nurl` (preferred for `src` on any git forge)
`nurl` works for **any git URL**, not just GitHub: `gitea.va.reichard.io`, `gitlab`, `codeberg`, `sourcehut`, plain `https://...git`, all fine. It downloads the source and prints a complete fetcher expression with the correct hash.
```bash
nix run nixpkgs#nurl -- <git-url> <rev-or-tag>
```
Examples:
```bash
nix run nixpkgs#nurl -- https://github.com/owner/repo v1.2.3
nix run nixpkgs#nurl -- https://gitea.va.reichard.io/evan/slack-cli.git 0a9484257a2adc414aa4cdab4fb9539a37e04d1f
```
Copy the `hash = "sha256-..."` line into the package's `src` block.
### Method B — FOD mismatch trick (for everything else)
For `vendorHash`, `npmDepsHash`, `cargoHash`, `cargoLock.outputHashes.<crate>`, or any `src` using a custom fetcher (`leaveDotGit`, `postFetch`, `fetchSubmodules`, etc. — applies to `llama-cpp` and `llama-swap`), realise the **specific FOD sub-attribute** and read the `got:` line from the error.
```bash
nix build .#<name>.src --no-link 2>&1 | tee /tmp/hash.log # for src
nix build .#<name>.goModules --no-link 2>&1 | tee /tmp/hash.log # for vendorHash
nix build .#<name>.npmDeps --no-link 2>&1 | tee /tmp/hash.log # for npmDepsHash
nix build .#<name>.cargoDeps --no-link 2>&1 | tee /tmp/hash.log # for cargoHash
grep -E '^[[:space:]]*got:' /tmp/hash.log | tail -1 | awk '{print $2}'
```
Setting the hash to `sha256-AAAA...` (44 A's) or leaving the old one in place both work — the build will fail at the FOD with `got: sha256-...` which is the correct value.
**Note:** `.src`, `.goModules`, etc. are sub-attributes of the derivation. They download but do not compile. `nix build .#<name>` (without the `.src` suffix) compiles — never do that.
## Flow
1. Edit `packages/<name>/default.nix` — bump `version` / `rev` / `tag`. Check for sibling `.nix` files (e.g. `ui.nix`) that may also need bumping.
2. Get the new `src` hash with **Method A** (`nurl`). If the package uses a custom fetcher, use **Method B** on `.src` instead.
3. For each dependency hash (`vendorHash` / `npmDepsHash` / `cargoHash` / etc.), use **Method B** on the matching sub-attribute.
4. **Opaque `outputHash` FODs** (e.g. opencode's `node_modules` which runs `bun install`) — do NOT attempt locally. Leave as-is and flag for CI in the summary.
5. Show `git diff -- packages/<name>/` and list any hashes left for CI.
## Resolving Tags Without Cloning
```bash
git ls-remote <url> refs/tags/<tag>
```
## Don't Touch What Didn't Change
Skip pinned sub-dependencies whose inputs didn't change — e.g. `slack-cli`'s `python-snappy` / `zstd-python` PyPI tarballs are pinned by the upstream `dfindexeddb`, not by the slack-cli rev.
## Optional Shortcut
`nix-update --flake <name> --version <v>` sometimes handles everything for simple packages. Try it first; fall back to the methods above if it fails.

1
AGENTS.md
View File

@@ -116,4 +116,3 @@ Shared library helpers. `lib/module/default.nix` exports `mkOpt`, `mkBoolOpt`, `
- **Editing Neovim config (Lua):** Modify files under `modules/home/programs/terminal/nvim/config/lua/`.
- **Managing secrets:** Edit `.sops.yaml` for key groups, use `sops` CLI to encrypt/decrypt files in `secrets/`.
- **Building/testing:** `nix build .#packages.<arch>.<name>` for packages, `nix build .#nixosConfigurations.<host>.config.system.build.toplevel` for full system builds.
- **Bumping a package version / refreshing hashes:** Use the `update-package-hashes` skill at `.pi/skills/update-package-hashes/`.

1
homes/aarch64-darwin/evanreichard@mac-va-mbp-work/default.nix
View File

@@ -57,7 +57,6 @@ in
# colima
docker
keycastr
reichard.slack-cli
_1password-cli
];
}

1
modules/home/programs/terminal/git/config/.gitignore vendored
View File

@@ -1,4 +1,3 @@
_scratch
.direnv
.envrc
.agents

20
modules/home/programs/terminal/nvim/config/lua/lsp-config.lua
View File

@@ -138,23 +138,10 @@ setup_lsp("ts_ls", {
filetypes = { "typescript", "typescriptreact", "javascript" },
})
-- Oxlint - Prefer a project-local oxlint from node_modules so the LSP
-- version matches the project's pinned dependency; fall back to PATH.
setup_lsp("oxlint", {
-- ESLint LSP
setup_lsp("eslint", {
on_attach = on_attach_no_formatting,
root_markers = { ".oxlintrc.json", "oxlint.config.json", "package.json", ".git" },
cmd = function(dispatchers, config)
local bin = "oxlint"
if config.root_dir then
local local_bin = config.root_dir .. "/node_modules/.bin/oxlint"
if vim.fn.executable(local_bin) == 1 then
bin = local_bin
end
end
return vim.lsp.rpc.start({ bin, "--lsp" }, dispatchers, {
cwd = config.root_dir,
})
end,
cmd = { nix_vars.vscls .. "/bin/vscode-eslint-language-server", "--stdio" },
})
-- C LSP Configuration
@@ -221,7 +208,6 @@ setup_lsp("gopls", {
})
end,
filetypes = { "go" },
cmd = { "gopls", "-remote=auto" },
settings = {
gopls = {
buildFlags = { "-tags=e2e" },

6
modules/home/programs/terminal/pi/config/skills/address-gh-review/SKILL.md
View File

@@ -35,9 +35,9 @@ Present a numbered list to the user:
```
## Unresolved Review Items
1. **src/auth/login.ts:42** — Add rate limiting to prevent brute force attacks (alice-dev)
2. **src/utils/validators.ts:89** — Use stricter type checking for email validation (bob-coder)
3. **src/api/users.ts:156** — Add error handling for null responses (alice-dev, charlie-reviewer)
1. **backend/collector/siem/query_siem.go:408** — Make `proportionallyLimitEvents` generic `[][]T` and move to `pkg` (connor-prophet)
2. **backend/collector/siem/query_siem.go:417** — Use `slices.Concat` / `sliceutils.FlatMap` (dhaus-prophet)
3. **backend/collector/siem/query_siem.go:427** — Add unit tests for `proportionallyLimitEvents` (copilot-pull-request-reviewer, dhaus-prophet)
```
### 3. Ask User for Selection

17
modules/home/programs/terminal/pi/config/skills/git-commit/SKILL.md
View File

@@ -9,19 +9,12 @@ description: 'Execute git commit with conventional commit message analysis, inte
Create standardized, semantic git commits using the Conventional Commits specification. Analyze the actual diff to determine appropriate type, scope, and message.
## Automatic Execution — CRITICAL
## Automatic Execution
**When this skill is invoked, EXECUTE THE COMMIT IMMEDIATELY. Do NOT ask for confirmation. Do NOT say "I'm ready" or "let me know when you want to proceed." Do NOT wait for further input. Do NOT acknowledge and then wait.**
The skill is invoked when the user says "commit", "do it", "/commit", "make a commit", "create a commit", or any similar phrase. The moment you recognize this intent, analyze the diff and run `git commit`. That's it.
**Zero prompts. Zero confirmation requests. Zero hand-holding.**
Only skip the commit if:
- Nothing is staged or modified (say "Nothing to commit" and stop)
- Secrets appear to be about to be committed (refuse and stop)
For everything else — just commit.
**When invoked, execute the commit immediately without asking for confirmation.** Simply analyze the diff and create the commit. Do not ask "what would you like to do" or wait for further input. Only ask clarifying questions if:
- Nothing is staged or modified
- Changes span multiple unrelated logical groups that should be committed separately
- Secrets appear to be about to be committed
## Conventional Commit Format

8
modules/home/services/sketchybar/default.nix
View File

@@ -10,7 +10,7 @@ let
colors = {
white = "0xddffffff";
white_dim = "0x99ffffff";
bg = "0x1a808080";
bg = "0x30000000";
transparent = "0x00000000";
green = "0xff8ceb34";
yellow = "0xffe8d44d";
@@ -48,12 +48,12 @@ let
sketchybar --default \
icon.font="$NERD_FONT" \
icon.color=$COLOR_WHITE \
icon.padding_left=$(($PADDING + 2)) \
icon.padding_left=$PADDING \
icon.padding_right=2 \
label.font="$FONT_FACE:Medium:13.0" \
label.color=$COLOR_WHITE \
label.padding_left=2 \
label.padding_right=$(($PADDING + 2)) \
label.padding_right=$PADDING \
background.color=$COLOR_BG \
background.corner_radius=6 \
background.clip=0.5 \
@@ -121,7 +121,7 @@ let
elif [ "$VOL" -ge 30 ]; then
ICON="󰖀"
elif [ "$VOL" -gt 0 ]; then
ICON="󰕿"
ICON=""
else
ICON="󰖁"
fi

26
modules/nixos/services/llama-swap/config.nix
View File

@@ -124,32 +124,6 @@ in
};
};
# https://huggingface.co/unsloth/Qwen3.6-35B-A3B-GGUF/tree/main
"qwen3.6-35b-thinking" = {
name = "Qwen3.6 (35B) - Thinking";
macros.ctx = "262144";
cmd = ''
${llama-cpp}/bin/llama-server \
--port ''${PORT} \
-m /mnt/ssd/Models/Qwen3.6/Qwen3.6-35B-A3B-UD-IQ4_XS.gguf \
-c ''${ctx} \
--temp 0.6 \
--top-p 0.95 \
--top-k 20 \
--min-p 0.0 \
--presence-penalty 0.0 \
--repeat-penalty 1.0 \
-dev CUDA0 \
-fit off
'';
metadata = {
type = [
"text-generation"
"coding"
];
};
};
# https://huggingface.co/bartowski/Qwen_Qwen3.5-27B-GGUF/tree/main
"qwen3.5-27b-thinking" = {
name = "Qwen3.5 (27B) - Thinking";

9
packages/llama-cpp/default.nix
View File

@@ -7,12 +7,12 @@
vulkanSupport = true;
}).overrideAttrs
(oldAttrs: rec {
version = "8815";
version = "8680";
src = pkgs.fetchFromGitHub {
owner = "ggml-org";
repo = "llama.cpp";
tag = "b${version}";
hash = "sha256-QJsGBHLdvFfMXZJSk9D76b7v6DP06NaTYztHv41o/CA=";
hash = "sha256-tJCA19BQs0vZc0VjPnbIrh3CJFxyPL6Ne4oIG4gfozw=";
leaveDotGit = true;
postFetch = ''
git -C "$out" rev-parse --short HEAD > $out/COMMIT
@@ -20,11 +20,6 @@
'';
};
# Add SPIR-V Headers for Vulkan Backend
# Newer llama.cpp requires spirv/unified1/spirv.hpp which isn't
# pulled in by vulkan-headers alone.
buildInputs = (oldAttrs.buildInputs or [ ]) ++ [ pkgs.spirv-headers ];
# Auto CPU Optimizations
cmakeFlags = (oldAttrs.cmakeFlags or [ ]) ++ [
"-DGGML_CUDA_ENABLE_UNIFIED_MEMORY=1"

6
packages/pi-coding-agent/default.nix
View File

@@ -14,16 +14,16 @@
buildNpmPackage rec {
pname = "pi-coding-agent";
version = "0.67.5";
version = "0.67.2";
src = fetchFromGitHub {
owner = "badlogic";
repo = "pi-mono";
rev = "v${version}";
hash = "sha256-Pw2f/6rKGWzmSdswungerrGrR6i9tUVFNiA4xaNygsQ=";
hash = "sha256-trZOz+8nkuFq/JoW9BTDyqD5kN8WuL2SaxSgb45JdEY=";
};
npmDepsHash = "sha256-L53UEVQNsLoSkmP9L9AZQ74iThdMFBgtnLaXqZHqBRw=";
npmDepsHash = "sha256-zGCJlF360Neb8OwgjV3VhIlprsoq31p/1fN7VrxGeC8=";
nativeBuildInputs = [ pkg-config ];

90
packages/slack-cli/default.nix
View File

@@ -1,90 +0,0 @@
{ lib
, fetchgit
, fetchurl
, python312
, snappy
,
}:
let
pythonPackages = python312.pkgs;
# ── Python Dependency Overrides ──────────────────────────────
#
# dfindexeddb pins python-snappy==0.6.1 and zstd==1.5.5.1.
# nixpkgs ships newer versions, so we build the exact pins
# from PyPI source tarballs.
python-snappy = pythonPackages.buildPythonPackage rec {
pname = "python-snappy";
version = "0.6.1";
format = "setuptools";
src = fetchurl {
url = "https://files.pythonhosted.org/packages/98/7a/44a24bad98335b2c72e4cadcdecf79f50197d1bab9f22f863a274f104b96/python-snappy-0.6.1.tar.gz";
hash = "sha256-tqEHqwYgasxTWdTFYyvZsi1EhwKnmzFpsMYuD7gIuyo=";
};
buildInputs = [ snappy ];
doCheck = false;
};
zstd-python = pythonPackages.buildPythonPackage rec {
pname = "zstd";
version = "1.5.5.1";
format = "setuptools";
src = fetchurl {
url = "https://files.pythonhosted.org/packages/source/z/zstd/zstd-1.5.5.1.tar.gz";
hash = "sha256-HvmAq/Dh4HKwKNLXbvlbR2YyZRyWIlzzC2Gcbu9iVnI=";
};
doCheck = false;
};
dfindexeddb = pythonPackages.buildPythonPackage rec {
pname = "dfindexeddb";
version = "20260210";
format = "setuptools";
src = fetchurl {
url = "https://files.pythonhosted.org/packages/source/d/dfindexeddb/dfindexeddb-20260210.tar.gz";
hash = "sha256-4ahEe4Lpoh0oqGR6kI7J1HEGfvKVEzu3qQ+3ykgFd/Y=";
};
propagatedBuildInputs = [
python-snappy
zstd-python
];
doCheck = false;
};
in
pythonPackages.buildPythonApplication {
pname = "slack-cli";
version = "0.1.0";
format = "pyproject";
src = fetchgit {
url = "https://gitea.va.reichard.io/evan/slack-cli.git";
rev = "0a9484257a2adc414aa4cdab4fb9539a37e04d1f";
hash = "sha256-FbzE1yRdVIhmhqrxtT3C/Pomqv8iAjI9ydQGBZr+UgY=";
};
build-system = [ pythonPackages.setuptools ];
dependencies = [ dfindexeddb ];
doCheck = false;
meta = {
description = "Read Slack messages from local Chromium IndexedDB cache";
homepage = "https://gitea.va.reichard.io/evan/slack-cli";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ evanreichard ];
mainProgram = "slack-cli";
platforms = lib.platforms.darwin;
};
}

1
systems/aarch64-darwin/mac-va-mbp-work/default.nix
View File

@@ -32,7 +32,6 @@
};
WindowManager = {
HideDesktop = true;
StandardHideDesktopIcons = true;
};
finder = {
CreateDesktop = false;