AgentSkillsCN

writing-nix-config

适用于此 Nix 配置 Flake 仓库的模式。适用于编辑 .nix 文件、添加软件包、创建模块,或调试 Flake 问题时使用。

SKILL.md
--- frontmatter
name: writing-nix-config
description: Patterns for this nix-config flake repository. Use when editing .nix files, adding packages, creating modules, or debugging flake issues.

Nix Configuration Patterns

Critical Rules

RuleWhy
Run update after changesNothing takes effect until rebuilt
Run git add before nix flake checkFlakes only see git-tracked files
Use lib.fakeHash for unknown hashesNix will tell you the real hash on build failure

Common Mistakes

WrongRight
Running nix flake check on new files without git addgit add <file> first
Editing config and expecting immediate effectRun update to rebuild
Guessing SHA256 hashesUse lib.fakeHash, build, copy real hash from error
Adding package only to overlayAlso add to pkgs/default.nix

Commands

bash
update                              # Rebuild current system
nix flake check                     # Validate flake
nix build .#<package>               # Build package
nix eval .#nixosConfigurations.<host>.config.<option>  # Check config value

Package Pattern

nix
# pkgs/<name>/default.nix
{ lib, stdenv, fetchFromGitHub, ... }:
stdenv.mkDerivation rec {
  pname = "name";
  version = "1.0.0";

  src = fetchFromGitHub {
    owner = "...";
    repo = "...";
    rev = "v${version}";
    hash = "sha256-AAAA...";  # Use lib.fakeHash first, nix will tell you real hash
  };

  meta = with lib; {
    description = "...";
    license = licenses.mit;
    platforms = platforms.all;
  };
}

Then add to pkgs/default.nix and overlays/default.nix.

Home Manager Module Pattern

nix
# home-manager/<app>/default.nix
{ pkgs, lib, ... }: {
  home.packages = [ pkgs.app ];

  # Or use programs.<app> if module exists
  programs.app = {
    enable = true;
    settings = { ... };
  };
}

Then import in home-manager/common.nix or platform-specific file.

Agenix Secret Pattern

nix
# 1. Add to secrets/secrets.nix
"secrets/hosts/<host>/<name>.age".publicKeys = keys.<host>;

# 2. Declare in host config
age.secrets."<name>" = {
  file = ../../secrets/hosts/<host>/<name>.age;
  owner = "<service-user>";
  mode = "0400";
};

# 3. Create the secret
agenix -e secrets/hosts/<host>/<name>.age

This Repo's Systems

HostPlatformNotes
cloudbankmacOSPrimary dev, Aerospace WM
ultravioletNixOSHeadless server
bluedesertNixOSHeadless server
echelonNixOSHeadless server