zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity
Files
869b6af7f7a9f16fb46f6dbebdfeeabe6141ffd7
nix-config/CLAUDE.md
Zuckerberg cf71b74d6f Add Incus container support to sandboxed workspaces 
- Add incus.nix module for fully declarative Incus/LXC containers
- Build NixOS LXC images using nixpkgs.lib.nixosSystem
- Ephemeral containers: recreated on each start, cleaned up on stop
- Use flock to serialize concurrent container operations
- Deterministic MAC addresses via lib.mkMac to prevent ARP cache issues
- Add veth* to NetworkManager unmanaged interfaces
- Update CLAUDE.md with coding conventions and shared lib docs
2026-02-08 15:16:40 -08:00

79 lines
2.8 KiB
Markdown
Raw Blame History

# NixOS Configuration
This is a NixOS flake configuration managing multiple machines.
## Adding Packages
**User packages** go in `home/googlebot.nix`:
- Development tools, editors, language-specific tools
- Use `home.packages` for CLI tools
- Use `programs.<name>` for configurable programs (preferred when available)
- Gate dev tools with `thisMachineIsPersonal` so they only install on workstations
**System packages** go in `common/default.nix`:
- Basic utilities needed on every machine (servers and workstations)
- Examples: git, htop, tmux, wget, dnsutils
- Keep this minimal - most packages belong in home/googlebot.nix
**Personal machine system packages** go in `common/pc/default.nix`:
- Packages that must be system-level (not per-user) due to technical limitations
- But only needed on personal/development machines, not servers
- Examples: packages requiring udev rules, system services, or setuid
## Machine Roles
Machines have roles defined in their configuration:
- **personal**: Development workstations (desktops, laptops). Install dev tools, GUI apps, editors here.
- **Non-personal**: Servers and production machines. Keep minimal.
Use `thisMachineIsPersonal` (or `osConfig.thisMachine.hasRole."personal"`) to conditionally include packages:
```nix
home.packages = lib.mkIf thisMachineIsPersonal [
pkgs.some-dev-tool
];
```
## Sandboxed Workspaces
Isolated development environments using VMs or containers. See `skills/create-workspace/SKILL.md`.
- VMs: Full kernel isolation via microvm.nix
- Containers: Lighter weight via systemd-nspawn
Configuration: `common/sandboxed-workspace/`
## Key Directories
- `common/` - Shared NixOS modules for all machines
- `home/` - Home Manager configurations
- `lib/` - Custom lib functions (extends nixpkgs lib, accessible as `lib.*` in modules)
- `machines/` - Per-machine configurations
- `skills/` - Claude Code skills for common tasks
## Shared Library
Custom utility functions go in `lib/default.nix`. The flake extends `nixpkgs.lib` with these functions, so they're accessible as `lib.functionName` in all modules. Add reusable functions here when used in multiple places.
## Code Comments
Only add comments that provide value beyond what the code already shows:
- Explain *why* something is done, not *what* is being done
- Document non-obvious constraints or gotchas
- Never add filler comments that repeat the code (e.g. `# Start the service` before a start command)
## Bash Commands
Do not redirect stderr to stdout (no `2>&1`). This can hide important output and errors.
Do not use `doas` or `sudo` - they will fail. Ask the user to run privileged commands themselves.
## Nix Commands
Use `--no-link` with `nix build` to avoid creating `result` symlinks in the working directory.
## Git Commits
Do not add "Co-Authored-By" lines to commit messages.
Reference in New Issue View Git Blame Copy Permalink