Stefan Junker 443d5fc7d8 steveej-fw13: refresh the device flake lock Changes: - update the nested steveej-fw13 flake lock to newer upstream revisions for home-manager, nixpkgs, nixos-hardware, llm-agents, niri-flake, nixvim, NUR, sops-nix, and related inputs - keep the lockfile refresh isolated from the ryzenadj-profiles CLI change so the dependency churn stays auditable on its own Validation: - nix flake metadata path:/home/steveej/src/steveej/infra/nix/os/devices/steveej-fw13	2026-03-25 20:48:50 +01:00
.git-crypt	Add 1 git-crypt collaborator	2025-04-05 21:42:33 +02:00
.vscode	chore: bump and reconfigure treefmt-nix, include just fmt	2025-02-14 16:49:27 +01:00
benchmarks/rtk	docs(benchmarks): add RTK replay harness and saved results	2026-03-08 20:58:19 +00:00
docs/milestones	feat(bentos): make `stop` PWD aware	2026-03-22 21:05:01 +01:00
misc/x13s_bt_firmware	feat: remove executable bit on x13s bt fw	2024-08-04 14:49:06 +02:00
nix	steveej-fw13: refresh the device flake lock	2026-03-25 20:48:50 +01:00
oci/user-ubuntu	feat(oci): add user-ubuntu with nix user install	2024-10-13 20:30:23 +02:00
rust	ryzenadj-profiles: show the active profile in list and status	2026-03-25 20:48:18 +01:00
scripts	scripts: add codex unknown-session migration tool	2026-03-19 21:38:44 +01:00
secrets	chore: fmt	2026-02-27 22:40:26 +01:00
services/home-ch	chore: bump and reconfigure treefmt-nix, include just fmt	2025-02-14 16:49:27 +01:00
vendor	vendor: restack the zed and codex integrations	2026-03-25 17:33:01 +01:00
.envrc	direnv: use the local wrapper flake for develop	2026-03-17 16:42:06 +01:00
.gitattributes	home-manager: add multi-instance maestral module with keyring bootstrap	2026-02-20 20:38:53 +00:00
.gitignore	git: ignore /target everywhere	2025-12-15 22:27:32 +01:00
.gitmodules	codex: vendor the local ACP debug stack	2026-03-15 17:13:22 +01:00
.sops.yaml	feat(settings): wire authenticated cache and user secret integration	2026-02-27 13:48:49 +00:00
AGENTS.md	chore: nix fmt	2026-02-04 09:55:51 +01:00
codebook.toml	chore: add codebook	2025-12-04 12:10:10 +01:00
default.nix	feat: introduce treefmt and fmt all	2024-11-15 11:45:00 +01:00
flake.lock	feat(home-manager): add denet and local shell tooling	2026-03-08 20:57:07 +00:00
flake.nix	flake: derive nixosConfigurations from infraNodes	2026-03-17 09:59:14 +01:00
Justfile	fix(justfile): use local-dev flake for rebuilding steveej-fw13	2026-03-17 18:50:25 +01:00
README.md	docs(readme): append placeholder marker	2026-03-10 19:58:24 +01:00

README.md

steveej's infra

This repository helps me to manage all computer infrastructure. This is (mostly) achieved with the help of Nix.

In the unlikely case that you actually read this and have any questions please don't hesitate to reach out.

Left over from the initial road map

(Re-)document bootstrap process
- a new machine
- an install media
Design disaster recovery
Automatic synchronization of other state files
container migrations
- ensure DDNS is updated before the containers are started

Bugs

home-manager leaves ~/.gnupg at 0755

Usage

(These are reminders for my future self)

just --list

Niri Workspace Profiles

Profile definitions and add-profile workflow:
- nix/home-manager/profiles/niri-workspace-profiles/README.md
Runtime applier CLI:
- rust/niri-workspace-profiles/README.md

Bootstrap

A new machine

TBD

Post-Install Setup

chmod --recursive g-rwx,o-rwx ~/.gnupg
gpg2 --edit-card; fetch
clone password-manager and infra repositories
gpg2: ultimately trust my own key

Swapping out a disk

TBD

Rebuilding an offline system

TBD

Gotchas

Locking nixpkgs to a cached version

I wanted to lock to a specific version because Zed was failing on the latest unstable.

I looked up the latest successful build on hydra an copied the store path: https://hydra.nixos.org/build/318407157#tabs-buildinputs

Actually locking it for one device:

$ cd nix/os/devices/steveej-fw13
$ nix flake update --override-input nixpkgs-unstable /nix/store/i77jvi0qh4kddj4hraizq1j0c028q05l-source

APPEND