kyle/imladris
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
360 Commits 1 Branch 0 Tags
4c29c7dabfc88ef3ea46ad6742ea4940da057861
Commit Graph

190 Commits

Author SHA1 Message Date
Kyle Isom
2cb9704dac discord 2026-04-07 09:27:29 -07:00
Kyle Isom
2b5a691ecf add chromium to packages 
need for webusb things
 2026-04-06 08:36:42 -07:00
K. Isom
d4963c571a ollama 2026-04-04 16:19:16 -07:00
K. Isom
3b59f3cae4 wireless tools for i3blocks 2026-04-04 16:19:16 -07:00
Kyle Isom
47b4e533ff Document UID 850 as permanent — never change 
Rootless podman deeply caches the UID in storage, subuid mappings,
and systemd sessions. Changing it destroys all container state.
Reference: log/2026-04-03-uid-incident.md

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-03 09:30:37 -07:00
Kyle Isom
5a381d314e Pin mcp user UID/GID to 850 
UID 995 conflicted with sshd on orion. Pin to 850 (the 800-899 range
is unused on all nodes and well below NixOS auto-assign range).
Pin GID to 850 as well for consistency.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-03 01:38:45 -07:00
Kyle Isom
53addc0ed1 Remove pinned UID for mcp user 
UID 995 conflicted with sshd on orion. Let NixOS auto-assign the UID
for the mcp system user. Use systemd's %U specifier for XDG_RUNTIME_DIR
instead of the hardcoded UID.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-03 01:33:37 -07:00
Kyle Isom
6a65e73200 Remove mcp-master systemd unit (now containerized) 
The master runs as an MCP-managed container, deployed via
mcp deploy mcp-master --direct. The systemd unit was a temporary
bootstrap mechanism.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-02 22:56:08 -07:00
Kyle Isom
b26478d47b Add mcp-master systemd service 
Runs the MCP v2 master as a systemd service on rift. Uses
ConditionPathExists so the unit is a no-op on worker nodes
(like orion) that import mcp.nix but don't have the binary.

Starts after mcp-agent.service. Security hardened like the agent
but with ProtectHome=true (master doesn't need /run/user).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-02 20:43:38 -07:00
K. Isom
63bb945506 add opencode to full desktop packages 2026-04-02 17:10:04 -07:00
Kyle Isom
9972422fe6 package cleanup 2026-04-02 12:53:17 -07:00
Kyle Isom
9310dc0041 add new framework config 2026-04-02 12:43:06 -07:00
Kyle Isom
101151cdb8 exfatprogs 2026-03-30 22:12:54 -07:00
Kyle Isom
16f1d0829c add easytag 2026-03-30 20:36:18 -07:00
Kyle Isom
2abcc39539 really undunst 2026-03-30 17:33:26 -07:00
Kyle Isom
194e36c5de ntfy support 2026-03-30 14:59:35 -07:00
Kyle Isom
c268ff48b4 adding gvfs 2026-03-30 13:28:15 -07:00
Kyle Isom
62e56188b2 dumbo 2026-03-30 09:19:19 -07:00
Kyle Isom
e538aa083b moving deja-dup 2026-03-30 09:17:38 -07:00
Kyle Isom
7ac4f2e3f2 enable dconf 2026-03-30 09:16:49 -07:00
Kyle Isom
66900d9ce6 add deja-dup 2026-03-30 08:23:04 -07:00
Kyle Isom
c2882fcd8b allow mcp to read systemd logs 2026-03-29 18:00:48 -07:00
Kyle Isom
34b2a01f1a Use /srv/mcp/mcp-agent binary instead of Nix flake input 
The agent binary is now managed by the operator (scp + install to
/srv/mcp/mcp-agent), not by the Nix flake. This allows agent upgrades
without a full NixOS rebuild.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-28 16:12:51 -07:00
Kyle Isom
a34b3e96f7 dos2unix 2026-03-27 22:39:27 -07:00
Kyle Isom
47f9e48346 add tools for dealing with corrupt (color) text 2026-03-27 22:26:53 -07:00
Kyle Isom
42a503db62 add skopeo 2026-03-27 16:56:50 -07:00
Kyle Isom
83684ddb1c bind dns tools 2026-03-27 13:59:11 -07:00
Kyle Isom
baf09e8b1f Add MCP to Nix packages and wire agent to Nix-managed binary 
- Add mcp flake input (git+ssh://git@git.wntrmute.dev/mc/mcp.git)
- Add mcp CLI to mcpkg.nix system packages (installed on all machines)
- Update mcp.nix to use Nix-managed mcp-agent binary path instead of
  hardcoded /usr/local/bin/mcp-agent

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-26 22:48:40 -07:00
Kyle Isom
e7d244c606 Disable ProtectHome for mcp-agent (blocks /run/user for podman) 2026-03-26 14:40:54 -07:00
Kyle Isom
7f0a978e86 Relax mcp-agent sandbox for rootless podman compatibility 2026-03-26 14:34:50 -07:00
Kyle Isom
bac757c22e Allow mcp-agent access to /run/user for rootless podman 2026-03-26 14:31:33 -07:00
Kyle Isom
57cab0c88a Pin mcp UID, fix XDG_RUNTIME_DIR for podman access 2026-03-26 14:08:57 -07:00
Kyle Isom
71e6907a3c Add PATH to mcp-agent service for podman access 2026-03-26 14:04:52 -07:00
Kyle Isom
f0f15fccb0 Add mcp-agent systemd service to NixOS config 2026-03-26 13:30:06 -07:00
Kyle Isom
417870a85b Add mcp.nix: MCP agent system user with rootless podman 2026-03-26 13:02:25 -07:00
Kyle Isom
184c237335 Use libfido2 udev rules for universal FIDO2 device access. 
Replace vendor-specific hidraw rule (3434) with libfido2 udev
package which covers all FIDO2 devices. Fixes FIDO2 key visibility
on orion.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-26 12:36:41 -07:00
Kyle Isom
28100fc74d switch to sgard-fido2 2026-03-26 12:19:46 -07:00
Kyle Isom
fa0c7b1510 Add mcdeploy to flake inputs and system packages 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-26 00:33:36 -07:00
Kyle Isom
4b0067641d iw 2026-03-25 23:27:04 -07:00
Kyle Isom
a53eb42316 protobuffing 2026-03-25 21:32:21 -07:00
Kyle Isom
f8a53f6f63 protoc 2026-03-25 21:27:15 -07:00
Kyle Isom
71702dfb06 Add metacircular control programs to rift, orion, and vade 
Install mciasctl, mciasgrpcctl, mcrctl, and mcproxyctl via new
configs/mcpkg.nix module. Adds flake inputs for mcias, mcr, and
mc-proxy from git.wntrmute.dev.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 21:11:25 -07:00
Kyle Isom
ea335dbe57 add cert 2026-03-25 20:21:24 -07:00
Kyle Isom
0268a0c721 Disable exo flake input (broken flake.nix upstream) 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 19:20:59 -07:00
Kyle Isom
b49b7ca2e3 let's get exo working 2026-03-25 17:07:09 -07:00
Kyle Isom
8ac8e389c0 add xclip 2026-03-25 11:07:03 -07:00
Kyle Isom
38d782cdf8 add poppler-utils 2026-03-25 10:41:44 -07:00
Kyle Isom
76f1f534d0 add poppler 2026-03-25 10:39:02 -07:00
Kyle Isom
59fd091632 enable FIDO2/U2F PAM authentication 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 00:04:51 -07:00
Kyle Isom
8d36fcc960 ghostscript 2026-03-24 12:13:01 -07:00