declarative codex install via npm activation

codex via npm for cutting-edge
move to homedir + codex/gemini-cli from unstable
2026-04-20 18:48:42 +03:00 · 2026-04-20 18:47:44 +03:00 · 2026-04-20 18:44:23 +03:00 · 2026-04-20 18:40:02 +03:00 · 2026-04-20 18:37:26 +03:00 · 2026-04-20 18:34:48 +03:00
8 changed files with 90 additions and 24 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -23,7 +23,7 @@
    },
    "flake-utils": {
      "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1731533236,
@@ -39,6 +39,27 @@
        "type": "github"
      }
    },
+    "helium-browser": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1776545703,
+        "narHash": "sha256-+EvL6D/ENSouidMse/QdokaHUZTgyCYmW8k6xaCqImk=",
+        "owner": "schembriaiden",
+        "repo": "helium-browser-nix-flake",
+        "rev": "33dfb6d7e53e5b568690ede1e0299d2fdae56868",
+        "type": "github"
+      },
+      "original": {
+        "owner": "schembriaiden",
+        "repo": "helium-browser-nix-flake",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@@ -157,7 +178,7 @@
        "flake-parts": "flake-parts",
        "nixpkgs": "nixpkgs_2",
        "nuschtosSearch": "nuschtosSearch",
-        "systems": "systems_2"
+        "systems": "systems_3"
      },
      "locked": {
        "lastModified": 1769049374,
@@ -199,6 +220,7 @@
    },
    "root": {
      "inputs": {
+        "helium-browser": "helium-browser",
        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs",
        "nixpkgs-unstable": "nixpkgs-unstable",
@@ -253,6 +275,39 @@
        "repo": "default",
        "type": "github"
      }
+    },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@@ -18,9 +18,9 @@
    # sops-nix (secrets management)
    sops-nix.url = "github:mic92/sops-nix";

-    # Helium Browser — add back once a working flake is found
-    # helium-browser.url = "github:user/helium-browser-nix";
-    # helium-browser.inputs.nixpkgs.follows = "nixpkgs";
+    # Helium Browser (privacy-first Chromium)
+    helium-browser.url = "github:schembriaiden/helium-browser-nix-flake";
+    helium-browser.inputs.nixpkgs.follows = "nixpkgs";
  };

  outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, nixvim, sops-nix, ... }@inputs:
--- a/hosts/default/configuration.nix
+++ b/hosts/default/configuration.nix
@@ -18,6 +18,7 @@
    ../../modules/system/fonts.nix
    ../../modules/system/services.nix
    ../../modules/system/vpn.nix
+    ../../modules/system/ssh.nix
  ];

  networking.hostName = "matiss";
--- a/modules/system/fonts.nix
+++ b/modules/system/fonts.nix
@@ -12,7 +12,7 @@
    nerd-fonts._0xproto
    nerd-fonts.droid-sans-mono
    noto-fonts
-    noto-fonts-emoji
+    noto-fonts-color-emoji
  ];

  fonts.fontconfig.defaultFonts = {
--- a/modules/system/ssh.nix
+++ b/modules/system/ssh.nix
@@ -0,0 +1,14 @@
+# ==========================================
+# SSH SERVER CONFIGURATION
+# ==========================================
+{ config, pkgs, ... }:
+
+{
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = true;   # Change to false once you add SSH keys
+    };
+  };
+}
--- a/modules/system/user.nix
+++ b/modules/system/user.nix
@@ -9,6 +9,7 @@
    description = "Matiss";
    extraGroups = [ "networkmanager" "wheel" "docker" "video" "render" "input" ];
    shell = pkgs.zsh;
+    hashedPassword = "$y$j9T$VCKe6/ZXyDtGgCjivz0L2/$EnTSVNqG.lF6V0YtCZSBa8rRLjXNw9WYYt8AjKqANzA";
  };

  # Core system packages (available to all users)
--- a/modules/user/packages.nix
+++ b/modules/user/packages.nix
@@ -13,17 +13,15 @@
    # ── AI Coding Tools ──────────────────────────────────
    unstable.claude-code            # Claude Code CLI
    unstable.antigravity            # Antigravity IDE
-    # codex: install via `npm i -g @openai/codex` (not in nixpkgs)
-    # gemini-cli: install via `npm i -g @google/gemini-cli` (not in nixpkgs)
+    unstable.gemini-cli             # Google Gemini CLI

    # ── Terminals & Editors ──────────────────────────────
    alacritty                       # GPU-accelerated terminal
+    ghostty                         # Fast native terminal
    code-cursor                     # Cursor IDE

    # ── Browsers ─────────────────────────────────────────
-    # Helium: add inputs.helium-browser flake package here
-    # if the flake builds for your system, uncomment:
-    # inputs.helium-browser.packages.${pkgs.stdenv.hostPlatform.system}.default
+    inputs.helium-browser.packages.${pkgs.stdenv.hostPlatform.system}.default  # Helium Browser

    # ── CLI Essentials (omarchy-style) ───────────────────
    bat                             # cat with syntax highlighting
@@ -73,18 +71,12 @@
    dconf
  ];

-  # ── Post-activation: Install npm-only tools ────────────
-  # Codex and Gemini CLI aren't in nixpkgs; install them
-  # globally via npm after first `nixos-rebuild switch`.
-  home.activation.installNpmTools = config.lib.dag.entryAfter [ "writeBoundary" ] ''
-    export PATH="${pkgs.nodejs}/bin:$PATH"
-    if ! command -v codex &> /dev/null; then
-      echo "Installing @openai/codex via npm..."
-      ${pkgs.nodejs}/bin/npm i -g @openai/codex 2>/dev/null || true
-    fi
-    if ! command -v gemini &> /dev/null; then
-      echo "Installing @google/gemini-cli via npm..."
-      ${pkgs.nodejs}/bin/npm i -g @google/gemini-cli 2>/dev/null || true
-    fi
+  # ── Codex (npm, cutting-edge) ──────────────────────────
+  # Declarative: auto-installs/updates on every rebuild
+  home.activation.installCodex = config.lib.dag.entryAfter [ "writeBoundary" ] ''
+    export PATH="${pkgs.nodejs}/bin:$HOME/.npm-global/bin:$PATH"
+    mkdir -p "$HOME/.npm-global"
+    ${pkgs.nodejs}/bin/npm config set prefix "$HOME/.npm-global"
+    ${pkgs.nodejs}/bin/npm i -g @openai/codex 2>/dev/null || true
  '';
 }
--- a/modules/user/shell.nix
+++ b/modules/user/shell.nix
@@ -62,6 +62,9 @@
    };

    initContent = ''
+      # npm global bin (codex via npm for cutting-edge)
+      export PATH="$HOME/.npm-global/bin:$PATH"
+
      # Force Atuin up-arrow binding
      bindkey '^[[A' atuin-up-search
      bindkey '^[OA' atuin-up-search
Author	SHA1	Message	Date
matiss	1cc942ef8f	declarative codex install via npm activation	2026-04-20 18:48:42 +03:00
matiss	2b12ab95d6	codex via npm for cutting-edge	2026-04-20 18:47:44 +03:00
matiss	7917f5ee31	move to homedir + codex/gemini-cli from unstable	2026-04-20 18:44:23 +03:00
matiss	95f8799a10	add ghostty terminal	2026-04-20 18:40:02 +03:00
matiss	4ee4fb70ae	add helium browser flake	2026-04-20 18:37:26 +03:00
matiss	1c6d278b8c	add codex and gemini-cli as native nix packages	2026-04-20 18:34:48 +03:00
matiss	f2d8e2d32a	fix: npm-global PATH for codex/gemini-cli	2026-04-20 18:32:25 +03:00
matiss	ac06798d82	add initial password for matiss	2026-04-20 15:26:01 +00:00
matiss	1e5eae3c2e	add ssh server	2026-04-20 15:24:07 +00:00
matiss	42f28042fb	fix: noto-fonts-emoji rename	2026-04-20 15:12:43 +00:00