|
| 1 | +{ |
| 2 | + inputs, |
| 3 | + pkgs, |
| 4 | + pkgs-unstable, |
| 5 | + config, |
| 6 | + ... |
| 7 | +}: |
| 8 | + |
| 9 | +let |
| 10 | + inherit (pkgs.stdenv.hostPlatform) system; |
| 11 | + inherit (config) sops; |
| 12 | + inherit (pkgs-unstable) github-mcp-server; |
| 13 | + |
| 14 | + github-mcp-server-wrapped = pkgs.writeShellScriptBin "github-mcp-server" '' |
| 15 | + source ${config.sops.templates."opencode/env".path} |
| 16 | + exec ${github-mcp-server}/bin/github-mcp-server "$@" |
| 17 | + ''; |
| 18 | + |
| 19 | + opencode = |
| 20 | + let |
| 21 | + pkg = inputs.opencode.packages.${system}.default; |
| 22 | + in |
| 23 | + pkgs.symlinkJoin { |
| 24 | + inherit (pkg) name; |
| 25 | + paths = [ pkg ]; |
| 26 | + nativeBuildInputs = [ pkgs.makeWrapper ]; |
| 27 | + postBuild = '' |
| 28 | + rm $out/bin/opencode |
| 29 | + makeWrapper ${pkgs.firejail}/bin/firejail $out/bin/opencode \ |
| 30 | + --add-flags "--noprofile" \ |
| 31 | + --add-flags "--blacklist=sops" \ |
| 32 | + --add-flags "--blacklist=${pkgs-unstable.sops}/bin/sops" \ |
| 33 | + --add-flags "--blacklist=${pkgs.sops}/bin/sops" \ |
| 34 | + --add-flags "--blacklist=${sops.age.keyFile}" \ |
| 35 | + --add-flags "--" \ |
| 36 | + --add-flags "${pkg}/bin/opencode" |
| 37 | + sed -i 's|${pkgs.firejail}/bin/firejail|/run/wrappers/bin/firejail|' $out/bin/opencode |
| 38 | + ''; |
| 39 | + }; |
| 40 | + |
| 41 | + rime = inputs.rime.packages.${system}.default; |
| 42 | +in |
| 43 | +{ |
| 44 | + sops = { |
| 45 | + secrets."opencode/github-pat" = { }; |
| 46 | + templates."opencode/env" = { |
| 47 | + content = '' |
| 48 | + export GITHUB_PERSONAL_ACCESS_TOKEN="${config.sops.placeholder."opencode/github-pat"}" |
| 49 | + ''; |
| 50 | + }; |
| 51 | + }; |
| 52 | + |
| 53 | + programs.opencode = { |
| 54 | + enable = true; |
| 55 | + package = opencode; |
| 56 | + |
| 57 | + # System prompt |
| 58 | + rules = '' |
| 59 | + # Rules |
| 60 | +
|
| 61 | + - **NEVER** perform commits. |
| 62 | +
|
| 63 | + ## Exploration (CRITICAL) |
| 64 | +
|
| 65 | + - **ALWAYS** explore the codebase: |
| 66 | + - "Where is X?" |
| 67 | + - "Find files matching Y" |
| 68 | + - "How does Z work?" |
| 69 | + - Any search that might need multiple glob/grep/read cycles |
| 70 | +
|
| 71 | + ## Tooling |
| 72 | +
|
| 73 | + - Prefer `rg` / `rg --files` for search. |
| 74 | + - Use `ast-grep` for structural search. |
| 75 | + - If a tool is missing, use `nix run` (e.g., `nix run nixpkgs#ripgrep -- rg ...`). |
| 76 | + - For multi-tool sessions, use `nix shell` to enter a temporary environment. |
| 77 | +
|
| 78 | + ## Scratchpad (Knowledge Cache) |
| 79 | +
|
| 80 | + - `.scratchpad/*.md` persists across sessions. |
| 81 | + - Use the format `YYYY-MM-DD-topic.md` for scratchpad files (e.g., `2025-11-03-zig-stdlib_changes.md`). |
| 82 | + - Domain agents (nix, zig) read/write scratchpad directly. |
| 83 | + - Before deep exploration: check scratchpad. |
| 84 | + - After expensive research: write to scratchpad. |
| 85 | +
|
| 86 | + ## Domain Agents |
| 87 | +
|
| 88 | + - `nix`: ALL Nix/NixOS work. |
| 89 | + - `viro`: ALL Viro/Drawing related work. |
| 90 | + ''; |
| 91 | + |
| 92 | + agents = { |
| 93 | + viro = '' |
| 94 | + # Viro Agent |
| 95 | +
|
| 96 | + Specialized agent for Viro drawing tool. |
| 97 | + Handle ALL Viro/Drawing-related tasks autonomously. |
| 98 | +
|
| 99 | + ## Workflow |
| 100 | +
|
| 101 | + 1. Create the required shape in through |
| 102 | + 2. Check the viro tools at your disposal and their descriptions |
| 103 | + 3. Plan how to use the tools in succession |
| 104 | + 4. Use the tools |
| 105 | + ''; |
| 106 | + |
| 107 | + nix = # markdown |
| 108 | + '' |
| 109 | + # Nix Agent |
| 110 | +
|
| 111 | + Specialized agent for Nix/NixOS work. Handle ALL Nix-related tasks autonomously. |
| 112 | +
|
| 113 | + ## Scratchpad |
| 114 | + - Read `.scratchpad/*-nix-*.md` before deep exploration |
| 115 | + - Write findings to `.scratchpad/YYYY-MM-DD-nix-<topic>.md` after learning non-obvious patterns |
| 116 | + - Format: `# Title`, `## Summary`, `## Details`, `## References` |
| 117 | +
|
| 118 | + ## Workflow |
| 119 | + 1. Check scratchpad for cached knowledge |
| 120 | + 2. Use `rime` MCP tools (manix, nixhub, wiki) |
| 121 | + 3. Make changes |
| 122 | + 4. Validate: `nix flake check` or `nix-instantiate --parse` |
| 123 | + 5. Format: `nixfmt` |
| 124 | + 6. Cache new knowledge to scratchpad |
| 125 | +
|
| 126 | + ## Return Format |
| 127 | + - What was changed |
| 128 | + - Commands to run (e.g., `nixos-rebuild switch`) |
| 129 | + ''; |
| 130 | + }; |
| 131 | + |
| 132 | + settings = { |
| 133 | + plugin = [ |
| 134 | + |
| 135 | + |
| 136 | + ]; |
| 137 | + provider = { |
| 138 | + google = { |
| 139 | + models = { |
| 140 | + "gemini-3-flash-preview" = { |
| 141 | + name = "Gemini 3 Flash Preview"; |
| 142 | + limit = { |
| 143 | + context = 1048576; |
| 144 | + output = 8192; |
| 145 | + }; |
| 146 | + modalities = { |
| 147 | + input = [ |
| 148 | + "text" |
| 149 | + "image" |
| 150 | + ]; |
| 151 | + output = [ "text" ]; |
| 152 | + }; |
| 153 | + }; |
| 154 | + }; |
| 155 | + }; |
| 156 | + }; |
| 157 | + mcp = { |
| 158 | + viro = { |
| 159 | + type = "remote"; |
| 160 | + url = "http://localhost:8099/mcp/sse"; |
| 161 | + enabled = true; |
| 162 | + }; |
| 163 | + rime = { |
| 164 | + type = "local"; |
| 165 | + command = [ |
| 166 | + "${rime}/bin/rime" |
| 167 | + "stdio" |
| 168 | + ]; |
| 169 | + enabled = true; |
| 170 | + }; |
| 171 | + github = { |
| 172 | + type = "local"; |
| 173 | + command = [ |
| 174 | + "${github-mcp-server-wrapped}/bin/github-mcp-server" |
| 175 | + "stdio" |
| 176 | + ]; |
| 177 | + enabled = true; |
| 178 | + }; |
| 179 | + }; |
| 180 | + }; |
| 181 | + }; |
| 182 | +} |
0 commit comments