artem/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Extract jailed-agy into reusable module

Browse Source
This commit is contained in:
Artem Sheremet
2026-06-11 19:27:46 +00:00
parent a659a07637
commit 0c0c94e4bf
3 changed files with 65 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
flake.nix
View File

@@ -62,6 +62,7 @@
nixosModules = { nixosModules = {
linux-headless = import ./modules/nixos/linux-headless.nix; linux-headless = import ./modules/nixos/linux-headless.nix;
linux-lxc = import ./modules/nixos/linux-lxc.nix; linux-lxc = import ./modules/nixos/linux-lxc.nix;
jailed-agy = import ./modules/nixos/jailed-agy.nix;
}; };
homeConfigurations."${homeManagerUser}@deimos" = home-manager.lib.homeManagerConfiguration { homeConfigurations."${homeManagerUser}@deimos" = home-manager.lib.homeManagerConfiguration {
@@ -120,6 +121,7 @@
inputs.fw_nix.nixosModules.identities inputs.fw_nix.nixosModules.identities
self.nixosModules.linux-headless self.nixosModules.linux-headless
self.nixosModules.linux-lxc self.nixosModules.linux-lxc
self.nixosModules.jailed-agy
inputs.fw_nix.nixosModules.nix-gc inputs.fw_nix.nixosModules.nix-gc
inputs.fw_nix.nixosModules.nix-settings inputs.fw_nix.nixosModules.nix-settings
inputs.fw_nix.nixosModules.tools inputs.fw_nix.nixosModules.tools

48
hosts/deimos/nixos.nix
View File

@@ -2,12 +2,8 @@
pkgs, pkgs,
identities, identities,
primaryUser, primaryUser,
jail-nix,
... ...
}: }:
let
jail = jail-nix.lib.init pkgs;
in
{ {
users.users.${primaryUser} = { users.users.${primaryUser} = {
uid = 1000; uid = 1000;
@@ -30,50 +26,6 @@ in
nixd nixd
home-assistant-cli home-assistant-cli
yt-dlp yt-dlp
# jailed-agy --yolo
(jail "jailed-agy" pkgs.antigravity-cli (
with jail.combinators;
[
network
time-zone
no-new-session
mount-cwd
(readwrite (noescape "~/.gemini"))
# The above is a stow-controlled symlink to the following.
(readwrite (noescape "~/dotfiles/legacy/.gemini"))
(add-pkg-deps (
with pkgs;
[
bashInteractive
curl
wget
jq
git
which
ripgrep
gnugrep
gnused
gawkInteractive
ps
findutils
gzip
unzip
gnutar
diffutils
coreutils
procps
python3
esphome
nix
]
))
]
))
]; ];
# For building RPi configs. Extra steps are handled by the host (nas). # For building RPi configs. Extra steps are handled by the host (nas).

63
modules/nixos/jailed-agy.nix Normal file
View File

@@ -0,0 +1,63 @@
{
pkgs,
jail-nix,
...
}:
let
jail = jail-nix.lib.init pkgs;
in
{
environment.systemPackages = [
# Should be started as "jailed-agy --dangerously-skip-permissions"
(jail "jailed-agy" pkgs.antigravity-cli (
with jail.combinators;
[
network
time-zone
no-new-session
mount-cwd
(readwrite (noescape "~/.gemini"))
# The above is a stow-controlled symlink to the following.
(readwrite (noescape "~/dotfiles/legacy/.gemini"))
# Enable easy installation of pip packages in the current directory.
(set-env "PYTHONPATH" (noescape "\"$PWD/.pip-packages\""))
(set-env "PIP_TARGET" (noescape "\"$PWD/.pip-packages\""))
(set-env "PIP_CACHE_DIR" (noescape "\"$PWD/.pip-cache\""))
(set-env "PIP_BREAK_SYSTEM_PACKAGES" "1")
(add-path (noescape "\"$PWD/.pip-packages/bin\""))
(add-pkg-deps (
with pkgs;
[
bashInteractive
curl
wget
jq
git
which
ripgrep
gnugrep
gnused
gawkInteractive
ps
findutils
gzip
unzip
gnutar
diffutils
coreutils
procps
python3
python3Packages.pip
esphome
nix
]
))
]
))
];
}