From 70f48b9f5856efcf1f9a8cd6b36f9451558cfaac Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Tue, 17 Feb 2026 09:59:34 -0800 Subject: [PATCH] Get beads working again --- flake.lock | 192 +++++++++++++++++++++++++++----- flake.nix | 55 +++++++++ hosts/liminal/configuration.nix | 3 +- hosts/ruil/configuration.nix | 55 ++++++++- hosts/ruil/secrets/config.yaml | 5 +- justfile | 12 +- 6 files changed, 286 insertions(+), 36 deletions(-) diff --git a/flake.lock b/flake.lock index 320f748..78a71bf 100644 --- a/flake.lock +++ b/flake.lock @@ -23,14 +23,16 @@ "beads-flake": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2" + "nixpkgs": [ + "nixpkgs-25-11" + ] }, "locked": { - "lastModified": 1770942279, - "narHash": "sha256-pIMRw8uW9uXCP+10CIvxzSorOaxyZWlhG9YiM1XLtrY=", + "lastModified": 1771095939, + "narHash": "sha256-NcvEicAJjEeKaaSsJ4cSIQfr0gQCFfa5g1kLTY1rgRg=", "owner": "steveyegge", "repo": "beads", - "rev": "2d517c60aa8b7734bd19b7718b34b06bb72e131e", + "rev": "ab3e940e7f291a8c32a4b9fce7279095fc87cf03", "type": "github" }, "original": { @@ -73,7 +75,46 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs-25-11" + ] + }, + "locked": { + "lastModified": 1770260404, + "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.11", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "impermanence", @@ -94,10 +135,31 @@ "type": "github" } }, + "home-manager_3": { + "inputs": { + "nixpkgs": [ + "openclaw-flake", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767909183, + "narHash": "sha256-u/bcU0xePi5bgNoRsiqSIwaGBwDilKKFTz3g0hqOBAo=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "cd6e96d56ed4b2a779ac73a1227e0bb1519b3509", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "impermanence": { "inputs": { - "home-manager": "home-manager", - "nixpkgs": "nixpkgs_3" + "home-manager": "home-manager_2", + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1769548169, @@ -115,7 +177,7 @@ }, "niri": { "inputs": { - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -154,6 +216,24 @@ "type": "github" } }, + "nix-steipete-tools": { + "inputs": { + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1771128277, + "narHash": "sha256-wcVJ9uvHx7KZTezCG6IedeRnJFsHF9Oaej+l8XC2wYM=", + "owner": "openclaw", + "repo": "nix-steipete-tools", + "rev": "90516869c19a49f0434787277a9458436867a53b", + "type": "github" + }, + "original": { + "owner": "openclaw", + "repo": "nix-steipete-tools", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1770882871, @@ -218,22 +298,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1770197578, - "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1768564909, "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", @@ -249,7 +313,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1757967192, "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", @@ -265,7 +329,39 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1767364772, + "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_5": { + "locked": { + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1770841267, "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", @@ -281,7 +377,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1770380644, "narHash": "sha256-P7dWMHRUWG5m4G+06jDyThXO7kwSk46C1kgjEWcybkE=", @@ -297,7 +393,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1698318101, "narHash": "sha256-gUihHt3yPD7bVqg+k/UVHgngyaJ3DMEBchbymBMvK1E=", @@ -313,6 +409,27 @@ "type": "github" } }, + "openclaw-flake": { + "inputs": { + "flake-utils": "flake-utils_2", + "home-manager": "home-manager_3", + "nix-steipete-tools": "nix-steipete-tools", + "nixpkgs": "nixpkgs_5" + }, + "locked": { + "lastModified": 1771133668, + "narHash": "sha256-WmGdEuasAVOeXfQ6AbtzcJiDw2hpZ/zNaxcGoADtDoM=", + "owner": "openclaw", + "repo": "nix-openclaw", + "rev": "255e3a6c26fd072744687b5a22e9d17ce37d30b4", + "type": "github" + }, + "original": { + "owner": "openclaw", + "repo": "nix-openclaw", + "type": "github" + } + }, "plover": { "flake": false, "locked": { @@ -331,7 +448,7 @@ }, "plover-flake": { "inputs": { - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "plover": "plover", "plover-stroke": "plover-stroke", "plover2cat": "plover2cat", @@ -404,11 +521,13 @@ "inputs": { "awww": "awww", "beads-flake": "beads-flake", + "home-manager": "home-manager", "impermanence": "impermanence", "niri": "niri", "nixos-hardware": "nixos-hardware", "nixpkgs-25-11": "nixpkgs-25-11", "nixpkgs-unstable": "nixpkgs-unstable", + "openclaw-flake": "openclaw-flake", "plover-flake": "plover-flake", "sops-nix": "sops-nix", "talon-nix": "talon-nix" @@ -474,7 +593,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1770683991, @@ -505,10 +624,25 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "talon-nix": { "inputs": { "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1746431176, diff --git a/flake.nix b/flake.nix index 175f9a4..89ad2d6 100644 --- a/flake.nix +++ b/flake.nix @@ -4,12 +4,16 @@ inputs = { nixpkgs-25-11.url = "github:NixOS/nixpkgs/nixos-25.11"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; + home-manager.url = "github:nix-community/home-manager/release-25.11"; + home-manager.inputs.nixpkgs.follows = "nixpkgs-25-11"; sops-nix.url = "github:Mic92/sops-nix"; nixos-hardware.url = "github:NixOS/nixos-hardware"; impermanence.url = "github:nix-community/impermanence"; talon-nix.url = "github:nix-community/talon-nix"; + openclaw-flake.url = "github:openclaw/nix-openclaw"; plover-flake.url = "github:openstenoproject/plover-flake"; beads-flake.url = "github:steveyegge/beads"; + beads-flake.inputs.nixpkgs.follows = "nixpkgs-25-11"; awww.url = "git+https://codeberg.org/LGFae/awww"; niri.url = "github:hunner/niri/hunner/focus-to-workspace"; #niri.inputs.nixpkgs.follows = "nixpkgs-25-11"; @@ -19,10 +23,12 @@ self, nixpkgs-25-11, nixpkgs-unstable, + home-manager, sops-nix, nixos-hardware, impermanence, talon-nix, + openclaw-flake, plover-flake, beads-flake, awww, @@ -41,6 +47,50 @@ overlay-local = final: prev: { codex = prev.callPackage ./pkgs/codex/package.nix { }; + beads = + let + bdBase = + ( + final.callPackage "${beads-flake}/default.nix" { + pkgs = final; + self = beads-flake; + } + ).overrideAttrs + (old: { + vendorHash = "sha256-s9ELOxDHHk+RyImrPxm9DPos7Wb4AFWaNKsrgU4soow="; + env = (old.env or { }) // { + # Upstream pulls an ICU-backed regex dep; keep Nix build pure-Go. + CGO_ENABLED = "0"; + }; + postPatch = + (old.postPatch or "") + + '' + # Upstream source currently references a removed internal package. + rm -f cmd/bd/integration_test_stubs_test.go + rm -rf examples/monitor-webui + ''; + }); + in + final.stdenv.mkDerivation { + pname = "beads"; + version = bdBase.version; + phases = [ "installPhase" ]; + installPhase = '' + mkdir -p $out/bin + cp ${bdBase}/bin/bd $out/bin/bd + + ln -s bd $out/bin/beads + + mkdir -p $out/share/fish/vendor_completions.d + mkdir -p $out/share/bash-completion/completions + mkdir -p $out/share/zsh/site-functions + + $out/bin/bd completion fish > $out/share/fish/vendor_completions.d/bd.fish + $out/bin/bd completion bash > $out/share/bash-completion/completions/bd + $out/bin/bd completion zsh > $out/share/zsh/site-functions/_bd + ''; + meta = bdBase.meta; + }; }; in { @@ -68,7 +118,12 @@ nixosConfigurations.ruil = nixpkgs-25-11.lib.nixosSystem { inherit system; + specialArgs = { + inherit openclaw-flake; + }; modules = [ + ({ ... }: { nixpkgs.overlays = [ openclaw-flake.overlays.default ]; }) + home-manager.nixosModules.home-manager ./hosts/ruil/configuration.nix sops-nix.nixosModules.sops ]; diff --git a/hosts/liminal/configuration.nix b/hosts/liminal/configuration.nix index 92d8827..e78a737 100644 --- a/hosts/liminal/configuration.nix +++ b/hosts/liminal/configuration.nix @@ -282,6 +282,7 @@ clipse plex-desktop signal-desktop + telegram-desktop flyctl dtach gromit-mpx @@ -295,7 +296,7 @@ socat #plover-flake.packages.${pkgs.stdenv.hostPlatform.system}.plover-full pkgs.unstable.zoom-us - # beads-flake.packages.${pkgs.stdenv.hostPlatform.system}.default + pkgs.beads awww.packages.${pkgs.stdenv.hostPlatform.system}.awww nix-index # for nix-locate sops diff --git a/hosts/ruil/configuration.nix b/hosts/ruil/configuration.nix index a82aba5..d17ae86 100644 --- a/hosts/ruil/configuration.nix +++ b/hosts/ruil/configuration.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ config, pkgs, modulesPath, openclaw-flake, ... }: { imports = [ @@ -19,6 +19,10 @@ sops.secrets.hashedPassword-hunner.neededForUsers = true; sops.secrets.hashedPassword-ruil.neededForUsers = true; sops.secrets.hashedPassword-root.neededForUsers = true; + sops.secrets.openclaw-env = { + owner = "ruil"; + mode = "0400"; + }; # SSH key from DO metadata, shared across all users users.users.root = { @@ -41,12 +45,41 @@ users.users.ruil = { uid = 1001; isNormalUser = true; + linger = true; hashedPasswordFile = config.sops.secrets.hashedPassword-ruil.path; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5+cFZ52qQft4ionKvdHkNM7lmj3x7vSiG/KqGvZ9JP hunter@haugens.org" ]; }; + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.ruil = { ... }: { + imports = [ openclaw-flake.homeManagerModules.openclaw ]; + + home.stateVersion = "25.11"; + + # Keep credentials in ruil-owned files to avoid root-only bot access. + programs.openclaw = { + enable = true; + config = { + gateway.mode = "local"; + channels.discord.enabled = true; + agents.defaults.model.primary = "zai/glm-4.7"; + }; + }; + + # openclaw onboarding can exceed Node's default old-space limit on 1 GiB hosts. + home.sessionVariables.NODE_OPTIONS = "--max-old-space-size=1536"; + + # Environment file is provisioned by sops-nix (`sops.secrets.openclaw-env`). + systemd.user.services.openclaw-gateway = { + Install.WantedBy = [ "default.target" ]; + Service.Environment = [ "NODE_OPTIONS=--max-old-space-size=1536" ]; + Service.EnvironmentFile = [ config.sops.secrets.openclaw-env.path ]; + }; + }; + # Packages environment.systemPackages = with pkgs; [ vim @@ -63,6 +96,26 @@ services.openssh.settings.PasswordAuthentication = false; services.openssh.settings.KbdInteractiveAuthentication = false; + # Tailscale + services.tailscale = { + enable = true; + useRoutingFeatures = "client"; + extraUpFlags = [ + "--accept-dns" + "--accept-routes" + ]; + }; + + programs.zsh.enable = true; + + # Add swap on small VPS instances to avoid OOM-kill loops. + swapDevices = [ + { + device = "/var/lib/swapfile"; + size = 4096; # MiB + } + ]; + # Firewall networking.firewall = { enable = true; diff --git a/hosts/ruil/secrets/config.yaml b/hosts/ruil/secrets/config.yaml index 80e4bf2..294f346 100644 --- a/hosts/ruil/secrets/config.yaml +++ b/hosts/ruil/secrets/config.yaml @@ -1,6 +1,7 @@ hashedPassword-hunner: ENC[AES256_GCM,data:fvgYWStE5XyHF1b9lntEfnml9cFbwaz5YCJRiPglDnLvWCPUY/95WsPAod/+1wYDW/LZl3tcBi9B0jF3OqiPZ8yeiu2DR85IKA==,iv:M0mu3m65L7ObZ9Mv97fvr9Z6qZk268h7AZSuW+ecrEk=,tag:pQKMKdJXToLJ188gkJMuCA==,type:str] hashedPassword-ruil: ENC[AES256_GCM,data:fwBU+24byBOTKljdABTvk2VxR5PGR18R3oozB/wSlORz12oQwjqAtdVBLSR2JZqA7yOWM5V//Ig60GCE4XmYc5pwVsEWqdY8JA==,iv:yuMNzQc+YfPyCFNYgNsh+xEJyLIFRUj0Er5TtYdcG18=,tag:dQpTM937EHEcEDJto4BVog==,type:str] hashedPassword-root: ENC[AES256_GCM,data:E/T3LBreiSZaC/qZ2QNxz3prGHoj47zS3ILsa7lmPzJDfLQ5yALxjWo4GyPHT9+kAU7uGOBG5/Ab5VqWxw+1cyk/YwT2dyMB+Q==,iv:eMav5Lnrm9SmQgHSDFiTKP6n9mADSsunlWyrSrIgA4E=,tag:fcMt6wiOClb30Vfkd9Dxmw==,type:str] +openclaw-env: ENC[AES256_GCM,data:pJq+HdqlNjx0qeVHhPcnZk9FNm7/eMWm8vZ3ROnQ00qR4lXo3f86wL3vH9UQjVtdKSGDQj171b88nCVWqLY/h9YP2ld/1AwI7K06bzCRTjAYXzcpCfLyDEc0x3olSNTwsyKN4avI1x+9xciE36b53VVFpLNhGsRz9pT+jWx1jeVIUNbh6OGu4CGA1I2L4TaAiGEfEh29mDrAzqPLzIkyaSvay3+fun4X0SbpbE0bLnd6NnVUjff0HCgiDDDckc/O33G/k6OcLaN04hDnnCVIfGxPkRQKB02QC33mb35T5N4T,iv:DNNbwHGfQjY9Uvw4QXUz6IqtNQWZKLDD0GtvnoowxB0=,tag:+cu3ZVjo2xUg/wyIlUvD0Q==,type:str] sops: age: - recipient: age17sdp0gguexd88qel74fa4zeckxh93gqpkayz366fz6yvjauw7vcq7w6y45 @@ -21,7 +22,7 @@ sops: VHorQzNrMFJLaFpSalZZdjNraXhlSVUKwWLesTzMxsEB45hWWzhZGWc1cDm/gmvF MAytSLiBcieAkRKZoklyk/llbnq7kycvpZCU/sQrjKqmoHkC+TF3BQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-12T04:52:00Z" - mac: ENC[AES256_GCM,data:nl2ALcLsI0eQJjfZniRxeKl6XV9IMGiSJOlv7fadsaTfE+tFRDZY9WyXTsdnyGXq+wH1jb7quesPQ2cv060A1COCa5cdbxfqPDRj2AacmSQ4YhBfz+SdfJznhpWDupeMyn0LBF7ffHVOqq+dkcWVOVQR/AzBuEPIdJdzs3/ya1k=,iv:PDnfRMBjQMXbB2Upycqqp/TYCC6fPYsh6GQAt9hf4qE=,tag:8riFvSKCx3Hisdxz3HgKdA==,type:str] + lastmodified: "2026-02-14T08:58:11Z" + mac: ENC[AES256_GCM,data:7OTjKMqKjHqJUA67dafkr/Vo2Bvetla10ZSjie1ZL+UXUINEOczop9YY/tTONboZYn0Ihqe1fYapPHied/+q2a2jp9DUSMlvnUj4oDj6IigAzwlOsARPNmtk7p+gV+ROmoAudBalB/M/AI4kfj7h9o+vYfaSpcfBLPYTPVpS8GQ=,iv:sQiBQU0V4oAOxo4UdEkehLJBYhu/kmjOMM+6X/hkWIg=,tag:XYRpDeVpr2MQadKpD62nFA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/justfile b/justfile index 1101d1b..5be2711 100644 --- a/justfile +++ b/justfile @@ -1,18 +1,24 @@ # Deploy config to a host (builds remotely, activates remotely) -deploy host target: +build-deploy-remote host target: nixos-rebuild switch \ --flake .#{{host}} \ --target-host {{target}} \ --build-host {{target}} -# Deploy config to a host +# Deploy config to a host (builds locally, activates remotely) +deploy-remote host target: + nixos-rebuild switch \ + --flake .#{{host}} \ + --target-host {{target}} + +# Deploy config to a host (builds locally, activates locally) deploy-sudo host: sudo nixos-rebuild switch \ --flake .#{{host}} # Shortcut: deploy ruil (remote) deploy-ruil: - just deploy ruil root@ruil.hunnur.com + just deploy-remote ruil root@ruil.hunnur.com # Shortcut: deploy liminal (local) deploy-liminal: