lyrathorpe/nixfiles
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
783754bda286d2b98d0901a49aeecb515c1e09ae
nixfiles/lyrathorpe/home/work.nix
T
Emma Thorpe dc08522bab feat(edaas): add daily headless Renovate PR review timer 
Add a systemd user timer on the EDaaS/WSL host that runs Claude Code
headless once a day (08:47) to review Renovate dependency PRs awaiting
Emma's review. It queries GitHub via the project-scoped github MCP
server, excludes PRs against archived repositories, grades each PR's
risk, and writes a recommendation-only summary to the journal
(journalctl --user -u renovate-review). It never approves or merges.

- lyrathorpe/home/renovate-review.nix: wrapper + service + timer.
  Auth is Vertex AI via the inherited project/region/model env; Claude
  Code provisions its own network egress, so no proxy is set. The
  prompt lives in a store file so its literal backticks/$ don't trip
  shellcheck in the wrapper.
- lyrathorpe/home/work.nix: import the module (host-scoped to EDaaS).
- system/machine/EDaaS/configuration.nix: enable user linger so the
  timer fires without an attached login session.
2026-06-11 11:57:13 +01:00

77 lines
2.4 KiB
Nix
Raw Blame History

# Home-manager module for the work (EDaaS/WSL) profile: corporate git signing,
# work toolchain packages and tmux tweaks. Imported only by the work host.
{ pkgs, lib, ... }:
{
# Host-scoped extras for this machine only (the EDaaS/WSL host).
imports = [
./renovate-review.nix # daily headless Renovate PR review (systemd user timer)
];
# The work box keeps its own (corporate) ~/.ssh/config; don't let the personal
# programs.ssh (shell.nix) take it over. The ssh-agent below still runs.
programs.ssh.enable = lib.mkForce false;
programs.git = {
settings = {
commit.gpgsign = true;
tag.gpgsign = true;
gpg.format = "ssh";
user.signingkey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJMVgeRKnfX1G8coU3nAobI485aeUpGTMqH7+zbKI8o emma.thorpe@cloud.com";
user.email = "emma.thorpe@citrix.com";
};
};
home.packages = [
pkgs.kubectl
pkgs.argo-rollouts
pkgs.tenv
pkgs.kubernetes-helm
pkgs.azure-cli
pkgs.kubelogin
pkgs.curl
pkgs.notation
pkgs.powershell
pkgs.nuget
pkgs.gedit
pkgs.lens
pkgs.python3
pkgs.gnumake
pkgs.gcc
pkgs.libiconv
pkgs.autoconf
pkgs.automake
pkgs.pkg-config
pkgs.wget
pkgs.google-cloud-sdk
# Day-to-day Kubernetes / Helm / Terraform accelerators for this box.
pkgs.k9s # cluster TUI
pkgs.kubectx # kubectx + kubens (context/namespace switch)
pkgs.stern # multi-pod log tail
pkgs.dyff # semantic YAML/manifest diffs (Helm release drift)
pkgs.tflint # Terraform linter (catches what terraformls won't)
pkgs.terraform-docs # generate Terraform module docs
pkgs.yq-go # jq for YAML
];
services.ssh-agent.enable = true;
home.shellAliases = {
docker = "/run/current-system/sw/bin/docker";
};
programs.tmux = {
extraConfig = ''
set -g status-right "#(/run/current-system/sw/bin/bash $HOME/code/kube-tmux/kube.tmux 250 red black)"
'';
};
programs.go = {
enable = true;
};
# LSP servers only relevant to work: C# (omnisharp) and Helm charts (helm_ls).
# The shared editor (lyrathorpe/home/editor.nix) carries the universal ones;
# these are gated to this host so the heavy omnisharp closure stays off the
# personal machines. Tree-sitter grammars (highlighting) remain global there.
programs.nixvim.plugins.lsp.servers = {
omnisharp.enable = true;
helm_ls.enable = true;
};
}
Reference in New Issue View Git Blame Copy Permalink