From 0c0c94e4bf23c68db7dfbd6d1493881398fe6156 Mon Sep 17 00:00:00 2001 From: Artem Sheremet Date: Thu, 11 Jun 2026 19:27:46 +0000 Subject: [PATCH] Extract jailed-agy into reusable module --- flake.nix | 2 ++ hosts/deimos/nixos.nix | 48 --------------------------- modules/nixos/jailed-agy.nix | 63 ++++++++++++++++++++++++++++++++++++ 3 files changed, 65 insertions(+), 48 deletions(-) create mode 100644 modules/nixos/jailed-agy.nix diff --git a/flake.nix b/flake.nix index 83d2d66..7426d78 100644 --- a/flake.nix +++ b/flake.nix @@ -62,6 +62,7 @@ nixosModules = { linux-headless = import ./modules/nixos/linux-headless.nix; linux-lxc = import ./modules/nixos/linux-lxc.nix; + jailed-agy = import ./modules/nixos/jailed-agy.nix; }; homeConfigurations."${homeManagerUser}@deimos" = home-manager.lib.homeManagerConfiguration { @@ -120,6 +121,7 @@ inputs.fw_nix.nixosModules.identities self.nixosModules.linux-headless self.nixosModules.linux-lxc + self.nixosModules.jailed-agy inputs.fw_nix.nixosModules.nix-gc inputs.fw_nix.nixosModules.nix-settings inputs.fw_nix.nixosModules.tools diff --git a/hosts/deimos/nixos.nix b/hosts/deimos/nixos.nix index 312e33a..1a5e436 100644 --- a/hosts/deimos/nixos.nix +++ b/hosts/deimos/nixos.nix @@ -2,12 +2,8 @@ pkgs, identities, primaryUser, - jail-nix, ... }: -let - jail = jail-nix.lib.init pkgs; -in { users.users.${primaryUser} = { uid = 1000; @@ -30,50 +26,6 @@ in nixd home-assistant-cli yt-dlp - - # jailed-agy --yolo - (jail "jailed-agy" pkgs.antigravity-cli ( - with jail.combinators; - [ - network - time-zone - no-new-session - mount-cwd - - (readwrite (noescape "~/.gemini")) - # The above is a stow-controlled symlink to the following. - (readwrite (noescape "~/dotfiles/legacy/.gemini")) - - (add-pkg-deps ( - with pkgs; - [ - bashInteractive - curl - wget - jq - git - which - ripgrep - gnugrep - gnused - gawkInteractive - ps - findutils - gzip - unzip - gnutar - diffutils - coreutils - procps - - python3 - esphome - - nix - ] - )) - ] - )) ]; # For building RPi configs. Extra steps are handled by the host (nas). diff --git a/modules/nixos/jailed-agy.nix b/modules/nixos/jailed-agy.nix new file mode 100644 index 0000000..703ece4 --- /dev/null +++ b/modules/nixos/jailed-agy.nix @@ -0,0 +1,63 @@ +{ + pkgs, + jail-nix, + ... +}: +let + jail = jail-nix.lib.init pkgs; +in +{ + environment.systemPackages = [ + # Should be started as "jailed-agy --dangerously-skip-permissions" + (jail "jailed-agy" pkgs.antigravity-cli ( + with jail.combinators; + [ + network + time-zone + no-new-session + mount-cwd + + (readwrite (noescape "~/.gemini")) + # The above is a stow-controlled symlink to the following. + (readwrite (noescape "~/dotfiles/legacy/.gemini")) + + # Enable easy installation of pip packages in the current directory. + (set-env "PYTHONPATH" (noescape "\"$PWD/.pip-packages\"")) + (set-env "PIP_TARGET" (noescape "\"$PWD/.pip-packages\"")) + (set-env "PIP_CACHE_DIR" (noescape "\"$PWD/.pip-cache\"")) + (set-env "PIP_BREAK_SYSTEM_PACKAGES" "1") + (add-path (noescape "\"$PWD/.pip-packages/bin\"")) + + (add-pkg-deps ( + with pkgs; + [ + bashInteractive + curl + wget + jq + git + which + ripgrep + gnugrep + gnused + gawkInteractive + ps + findutils + gzip + unzip + gnutar + diffutils + coreutils + procps + + python3 + python3Packages.pip + esphome + + nix + ] + )) + ] + )) + ]; +}