Extract jailed-agy into reusable module

2026-06-11 19:27:46 +00:00
parent a659a07637
commit 0c0c94e4bf
3 changed files with 65 additions and 48 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -62,6 +62,7 @@
      nixosModules = {
        linux-headless = import ./modules/nixos/linux-headless.nix;
        linux-lxc = import ./modules/nixos/linux-lxc.nix;
+        jailed-agy = import ./modules/nixos/jailed-agy.nix;
      };

      homeConfigurations."${homeManagerUser}@deimos" = home-manager.lib.homeManagerConfiguration {
@@ -120,6 +121,7 @@
          inputs.fw_nix.nixosModules.identities
          self.nixosModules.linux-headless
          self.nixosModules.linux-lxc
+          self.nixosModules.jailed-agy
          inputs.fw_nix.nixosModules.nix-gc
          inputs.fw_nix.nixosModules.nix-settings
          inputs.fw_nix.nixosModules.tools
--- a/hosts/deimos/nixos.nix
+++ b/hosts/deimos/nixos.nix
@@ -2,12 +2,8 @@
  pkgs,
  identities,
  primaryUser,
-  jail-nix,
  ...
 }:
-let
-  jail = jail-nix.lib.init pkgs;
-in
 {
  users.users.${primaryUser} = {
    uid = 1000;
@@ -30,50 +26,6 @@ in
    nixd
    home-assistant-cli
    yt-dlp
-
-    # jailed-agy --yolo
-    (jail "jailed-agy" pkgs.antigravity-cli (
-      with jail.combinators;
-      [
-        network
-        time-zone
-        no-new-session
-        mount-cwd
-
-        (readwrite (noescape "~/.gemini"))
-        # The above is a stow-controlled symlink to the following.
-        (readwrite (noescape "~/dotfiles/legacy/.gemini"))
-
-        (add-pkg-deps (
-          with pkgs;
-          [
-            bashInteractive
-            curl
-            wget
-            jq
-            git
-            which
-            ripgrep
-            gnugrep
-            gnused
-            gawkInteractive
-            ps
-            findutils
-            gzip
-            unzip
-            gnutar
-            diffutils
-            coreutils
-            procps
-
-            python3
-            esphome
-
-            nix
-          ]
-        ))
-      ]
-    ))
  ];

  # For building RPi configs. Extra steps are handled by the host (nas).
--- a/modules/nixos/jailed-agy.nix
+++ b/modules/nixos/jailed-agy.nix
@@ -0,0 +1,63 @@
+{
+  pkgs,
+  jail-nix,
+  ...
+}:
+let
+  jail = jail-nix.lib.init pkgs;
+in
+{
+  environment.systemPackages = [
+    # Should be started as "jailed-agy --dangerously-skip-permissions"
+    (jail "jailed-agy" pkgs.antigravity-cli (
+      with jail.combinators;
+      [
+        network
+        time-zone
+        no-new-session
+        mount-cwd
+
+        (readwrite (noescape "~/.gemini"))
+        # The above is a stow-controlled symlink to the following.
+        (readwrite (noescape "~/dotfiles/legacy/.gemini"))
+
+        # Enable easy installation of pip packages in the current directory.
+        (set-env "PYTHONPATH" (noescape "\"$PWD/.pip-packages\""))
+        (set-env "PIP_TARGET" (noescape "\"$PWD/.pip-packages\""))
+        (set-env "PIP_CACHE_DIR" (noescape "\"$PWD/.pip-cache\""))
+        (set-env "PIP_BREAK_SYSTEM_PACKAGES" "1")
+        (add-path (noescape "\"$PWD/.pip-packages/bin\""))
+
+        (add-pkg-deps (
+          with pkgs;
+          [
+            bashInteractive
+            curl
+            wget
+            jq
+            git
+            which
+            ripgrep
+            gnugrep
+            gnused
+            gawkInteractive
+            ps
+            findutils
+            gzip
+            unzip
+            gnutar
+            diffutils
+            coreutils
+            procps
+
+            python3
+            python3Packages.pip
+            esphome
+
+            nix
+          ]
+        ))
+      ]
+    ))
+  ];
+}