diff --git a/home/secrets/opencode-env.age b/home/secrets/opencode-env.age new file mode 100644 index 00000000..1c28aa7e --- /dev/null +++ b/home/secrets/opencode-env.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 j0kEgQ h0mhqqou3c2H0SaTRedKuN0ZZDFmjxloJD6HkOn3r2U +CW4zS9B6JSwHTz/foalwTxHL+A5Hhkx39B27xdBg2IU +-> ssh-ed25519 3EWhnQ 2kwHA9caPTzam6IlkNH0iIZ8JPDW1QqMUwvr6JviChg +GKcuTzkrYorOGY66bvJeZAza9hQ8yAb8v2fYh8yDw6E +--- uqY/5Y9DgAKdaPsxQeAkXNad//FiFj6JBV8OLn4AQag +LY*0,w\fh^ \ No newline at end of file diff --git a/hosts/glyph/home.nix b/hosts/glyph/home.nix index 42f5936f..58d20d4d 100644 --- a/hosts/glyph/home.nix +++ b/hosts/glyph/home.nix @@ -1,10 +1,41 @@ { + config, + llm-profile, pkgs, pkgs-stable, ... }: { home.packages = [pkgs.mktorrent]; + programs.opencode = { + enable = true; + web.enable = true; + web.extraArgs = ["--port" "8890" "--hostname" "0.0.0.0"]; + rules = builtins.readFile "${llm-profile}/README.md"; + settings = { + model = "anthropic/claude-opus-4-6"; + small_model = "anthropic/claude-haiku-4-5"; + enabled_providers = ["anthropic"]; + autoupdate = false; + share = "disabled"; + server = { + port = 8890; + hostname = "0.0.0.0"; + }; + mcp.glyph = { + type = "remote"; + url = "http://127.0.0.1:8090/mcp"; + }; + }; + }; + + systemd.user.services.opencode-web.Service.EnvironmentFile = + config.age.secrets.opencode-env.path; + + age.secrets.opencode-env = { + file = ../../home/secrets/opencode-env.age; + }; + programs.beets = { enable = true; package = pkgs-stable.beets; diff --git a/hosts/glyph/secrets/opencode-env.age b/hosts/glyph/secrets/opencode-env.age deleted file mode 100644 index 53853997..00000000 --- a/hosts/glyph/secrets/opencode-env.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 rSr+rA WMdeQarDYcNv0Y8Rwk2jsrJqTso8H/w2853O/+VMiG8 -WeK56rOFQyn2z2F8XW42fTiGj3ZSokthERyR9cYghbw --> ssh-ed25519 3EWhnQ wDLrhguuuCFFY8I6yyVXpM/xApjSRUz5BXczlnrigDM -J4ftBWVM/2Ufbr85Tod+G8E3SjjeeqdNvsoFHWlBfWg ---- bu7a+yuc8cmBJiMv4I1792IHlMsZgu3SUm1Upk6C7LE -/±~M!.\WU.n<|4xJubn \ No newline at end of file diff --git a/hosts/glyph/services/default.nix b/hosts/glyph/services/default.nix index b71dcab6..59bc0e8b 100644 --- a/hosts/glyph/services/default.nix +++ b/hosts/glyph/services/default.nix @@ -12,7 +12,6 @@ ./jellyfin.nix ./nfs.nix ./open-terminal.nix - ./opencode.nix ./open-webui.nix ./prometheus.nix ./samba.nix diff --git a/hosts/glyph/services/opencode.nix b/hosts/glyph/services/opencode.nix deleted file mode 100644 index ab26ec4b..00000000 --- a/hosts/glyph/services/opencode.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - config, - pkgs, - ... -}: let - port = 8890; -in { - age.secrets.opencode-env = { - file = ./../secrets/opencode-env.age; - mode = "440"; - }; - - systemd.services.opencode = { - description = "OpenCode AI coding agent web interface"; - after = ["network-online.target"]; - wants = ["network-online.target"]; - wantedBy = ["multi-user.target"]; - - environment.HOME = "/var/lib/opencode"; - - serviceConfig = { - Type = "simple"; - DynamicUser = true; - StateDirectory = "opencode"; - CacheDirectory = "opencode"; - WorkingDirectory = "/var/lib/opencode"; - EnvironmentFile = config.age.secrets.opencode-env.path; - ExecStart = "${pkgs.opencode}/bin/opencode web --port ${toString port} --hostname 0.0.0.0"; - Restart = "on-failure"; - RestartSec = 5; - }; - }; -} diff --git a/lib/secrets/glyph.nix b/lib/secrets/glyph.nix index e7c67cf6..20f33a62 100644 --- a/lib/secrets/glyph.nix +++ b/lib/secrets/glyph.nix @@ -10,6 +10,5 @@ in { "hosts/glyph/secrets/open-webui-api-key.age".publicKeys = keys; "hosts/glyph/secrets/open-webui-env.age".publicKeys = keys; "hosts/glyph/secrets/graphite-auth-token.age".publicKeys = keys; - "hosts/glyph/secrets/opencode-env.age".publicKeys = keys; "hosts/glyph/secrets/attic-credentials.age".publicKeys = keys; } diff --git a/lib/secrets/home.nix b/lib/secrets/home.nix index 5ca04cd9..876e9f46 100644 --- a/lib/secrets/home.nix +++ b/lib/secrets/home.nix @@ -3,4 +3,5 @@ let in { "home/secrets/aichat-env.age".publicKeys = keys; "home/secrets/claude-code-api-key.age".publicKeys = keys; + "home/secrets/opencode-env.age".publicKeys = keys; }