Skip to content

ToDo

Nix

  1. Add install-nix skill from https://github.com/vorburger/aifiles

  2. VM, like ixo!!

  3. Alt Left/Right in nano

  4. Shift Up/Down, Alt Up/Down, Ctrl PgUp/PgDown https://gemini.google.com/app/394387d4e13b598c

  5. pass, via ext. YK

  6. True Colors!! Both on Console, and when logged in remotely over ssh in tmux

  7. Ctrl-Backspace in Fish on Console (only; works over SSH)

  8. How to solve <> problem

  9. Try services.howdy.enable = true; security.pam.services.sudo.howdyAuth = true;

  10. https://github.com/NixOS/nixos-hardware/blob/master/lenovo/thinkpad/x1/12th-gen/default.ni

  11. nix GC automatically

  12. Login and go straight into TMUX

  13. Graphical; initially most minimal - just Brave & Kitty, in Sway?

  14. Compare pstree on Nix Console and Fedora in GNOME

  15. Antigravity, but NOT via home-manager, see https://github.com/vorburger/dotfiles/commit/21aff996ef847ddeefbde2061f984446682ba1e3

  16. How to do LUKS encryption?

boot.initrd.systemd.enable = true; # Required for modern systemd-cryptsetup
security.tpm2.enable = true;

$ sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/nvme0n1p2

  1. Impermanence

  2. /nix on separate partition (or LV)

  3. Secure Boot!!

  4. Not possible to still dual boot Fedora?

  5. Does ssh-tpm-agent still work?!

  6. tmux should remember open tabs over restart

  7. Cache on CI

  8. mkdocs a https://aifiles.vorburger.ch

  9. Make a much more minimal initial host config

  10. WiFi setup baked in into installer, as it now is for ixo

  11. AI extract an _local.nix from vm1/configuration.nix, re-use it in ixo/configuration.nix

  12. AI Make nixos-anywhere available in the dev shell of this project

  13. Use sopsnix or agenix for secrets management (instead of nixos-anywhere --extra-files). Maybe together with https://github.com/Foxboron/age-plugin-tpm ?

  14. nrs script, which does sudo nixos-rebuild switch --flake . - AFTER checking that there are no dirty un-committed nixfiles AND that they have been pushed to the remote repo.

  15. Move nix-update skill to nixfiles repo - but reference it as input to make it available here... how?

  16. Blog about my NixOS experience (similar to this)

  17. Upstream configurations of any services et al. which ideally shouldn't be here at all

  18. Try https://github.com/microvm-nix/microvm.nix? See https://michael.stapelberg.ch/posts/2026-02-01-coding-agent-microvm-nix/.

Upstream

  1. ssh-tpm-agent: keyutils

  2. How to isolate? Merely building ssh-tpm-agent locally from nixpkgs (but probably even standalone) breaks ssh on OS.

  3. Add a system service for ssh-tpm-agent

Machines

  1. VM vorburger sudo password?! None - but enable this:
security.pam.sshAgentAuth.enable = true;
security.sudo.extraConfig = ''
Defaults env_keep += SSH_AUTH_SOCK
'';

  1. Remove Disko & GRUB from test1, if possible

  2. VM with UEFI instead of BIOS, and systemd-boot instead of GRUB

  3. Rename test1 to vm-without-bootloader, and vm1 to vm-bios-with-grub-bootloader ?

  4. VM testing; https://github.com/anatol/vmtest for systemctl status (porcelaim?)

  5. nixos-rebuild ... --specialisation XYZ for different use cases?

  6. Cloud VMs? imports = [ "${modulesPath}/virtualisation/amazon-image.nix" ] ? See e.g. this announcement.

  7. Workstation 🖥️ with pam_u2f.so for sudo with SK

  8. Clan!

  9. https://docs.clan.lol/guides/nixpkgs-flake-input/
  10. https://docs.clan.lol/guides/flake-parts/

  11. https://docs.clan.lol/guides/nixos-rebuild/

  12. Replace hostfwd=tcp::2222-:22 with proper bridged networking to get real IP address?

  13. Replace StrictHostKeyChecking=no with fixed hostkey from secret vault

  14. Have both unstable and fixed nix pkgs - for different hosts

  15. Try https://nixcademy.com/posts/auto-growing-nixos-appliance-images-with-systemd-repart/

Gemini CLI

  1. Reads all docs/**.md in GEMINI.md ?!

  2. Despite .gemini/settings.json it still asks for confirmation to run nix fmt - why?

Tools

  1. Make bin/vm.sh a modules/tools/vm.nix command available in devshell as vm

  2. https://github.com/maralorn/nix-output-monitor

  3. https://github.com/ners/nix-monitored

  4. Formatters are a mess; tools/git-hooks.nix pre-commit and fmt.nix for nix fmt don't share .treefmt.toml config?

  5. Run nix flake check in pre-commit hook

  6. Replace devshells with devShells (Nix), after all?

  7. https://github.com/nix-community/nh ?

  8. https://github.com/evanlhatch/ng ?

  9. https://github.com/vic/flake-aspects ?

Clean Up

  1. Consolidate LearningLinux 🐧 repo and dotfiles/NixOS here.

Docs

  1. Publish e.g. to nix.vorburger.ch

  2. Move https://github.com/vorburger/LearningLinux/tree/develop/nix/docs here

  3. Move https://github.com/vorburger/LearningLinux/blob/develop/nix/bookmarks.md here

  4. Pre-process MD to automagically insert links on anything that looks like a local file path

  5. Have an attribute/option in the modules/**/*.nix to link to the relevant docs/*.md

  6. Extract commands from modules/demo/hello.nix into docs/hello.md etc.

  7. Run https://docs.enola.dev/use/execmd

  8. Automagically extract TODO list

Low Priority / Nice to Have

  1. nixos-rebuild alternatives?

  2. Suppress (quiet) devshell menu

Future

  1. Enola.dev AI for https://github.com/NixOS/nixpkgs/pulls ?