From 82470837f16efa8553a943cda3ed07ea7a780cdf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=9C=BF=20corey?= <corey@x64.co>
Date: Thu, 19 Mar 2026 23:59:43 -0700
Subject: [PATCH 1/3] refactor(glyph): move opencode to home-manager

Replace the system-level systemd service with home-manager's
programs.opencode module. Runs as user mu with access to ~/Development
and git config. Secret moved from host-level to home-level agenix.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 home/secrets/opencode-env.age        |  7 ++++++
 hosts/glyph/home.nix                 | 18 +++++++++++++++
 hosts/glyph/secrets/opencode-env.age |  7 ------
 hosts/glyph/services/default.nix     |  1 -
 hosts/glyph/services/opencode.nix    | 33 ----------------------------
 lib/secrets/glyph.nix                |  1 -
 lib/secrets/home.nix                 |  1 +
 7 files changed, 26 insertions(+), 42 deletions(-)
 create mode 100644 home/secrets/opencode-env.age
 delete mode 100644 hosts/glyph/secrets/opencode-env.age
 delete mode 100644 hosts/glyph/services/opencode.nix

diff --git a/home/secrets/opencode-env.age b/home/secrets/opencode-env.age
new file mode 100644
index 00000000..1c28aa7e
--- /dev/null
+++ b/home/secrets/opencode-env.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 j0kEgQ h0mhqqou3c2H0SaTRedKuN0ZZDFmjxloJD6HkOn3r2U
+CW4zS9B6JSwHTz/foalwTxHL+A5Hhkx39B27xdBg2IU
+-> ssh-ed25519 3EWhnQ 2kwHA9caPTzam6IlkNH0iIZ8JPDW1QqMUwvr6JviChg
+GKcuTzkrYorOGY66bvJeZAza9hQ8yAb8v2fYh8yDw6E
+--- uqY/5Y9DgAKdaPsxQeAkXNad//FiFj6JBV8OLn4AQag
+€LäŒû£Y*Ÿ¼0¼±Ž­ç,w\ÜfŒh¼^ó
\ No newline at end of file
diff --git a/hosts/glyph/home.nix b/hosts/glyph/home.nix
index 42f5936f..c98d112c 100644
--- a/hosts/glyph/home.nix
+++ b/hosts/glyph/home.nix
@@ -1,10 +1,28 @@
 {
+  config,
   pkgs,
   pkgs-stable,
   ...
 }: {
   home.packages = [pkgs.mktorrent];
 
+  programs.opencode = {
+    enable = true;
+    web.enable = true;
+    web.extraArgs = ["--port" "8890" "--hostname" "0.0.0.0"];
+    settings.server = {
+      port = 8890;
+      hostname = "0.0.0.0";
+    };
+  };
+
+  systemd.user.services.opencode-web.Service.EnvironmentFile =
+    config.age.secrets.opencode-env.path;
+
+  age.secrets.opencode-env = {
+    file = ../../home/secrets/opencode-env.age;
+  };
+
   programs.beets = {
     enable = true;
     package = pkgs-stable.beets;
diff --git a/hosts/glyph/secrets/opencode-env.age b/hosts/glyph/secrets/opencode-env.age
deleted file mode 100644
index 53853997..00000000
--- a/hosts/glyph/secrets/opencode-env.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 rSr+rA WMdeQarDYcNv0Y8Rwk2jsrJqTso8H/w2853O/+VMiG8
-WeK56rOFQyn2z2F8XW42fTiGj3ZSokthERyR9cYghbw
--> ssh-ed25519 3EWhnQ wDLrhguuuCFFY8I6yyVXpM/xApjSRUz5BXczlnrigDM
-J4ftBWVM/2Ufbr85Tod+G8E3SjjeeqdNvsoFHWlBfWg
---- bu7a+yuc8cmBJiMv4I1792IHlMsZgu3SUm1Upk6C7LE
-/Â±~M!û.Ê\WU.n< |ø°4xŽJuÀbnÚ
\ No newline at end of file
diff --git a/hosts/glyph/services/default.nix b/hosts/glyph/services/default.nix
index b71dcab6..59bc0e8b 100644
--- a/hosts/glyph/services/default.nix
+++ b/hosts/glyph/services/default.nix
@@ -12,7 +12,6 @@
     ./jellyfin.nix
     ./nfs.nix
     ./open-terminal.nix
-    ./opencode.nix
     ./open-webui.nix
     ./prometheus.nix
     ./samba.nix
diff --git a/hosts/glyph/services/opencode.nix b/hosts/glyph/services/opencode.nix
deleted file mode 100644
index ab26ec4b..00000000
--- a/hosts/glyph/services/opencode.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  port = 8890;
-in {
-  age.secrets.opencode-env = {
-    file = ./../secrets/opencode-env.age;
-    mode = "440";
-  };
-
-  systemd.services.opencode = {
-    description = "OpenCode AI coding agent web interface";
-    after = ["network-online.target"];
-    wants = ["network-online.target"];
-    wantedBy = ["multi-user.target"];
-
-    environment.HOME = "/var/lib/opencode";
-
-    serviceConfig = {
-      Type = "simple";
-      DynamicUser = true;
-      StateDirectory = "opencode";
-      CacheDirectory = "opencode";
-      WorkingDirectory = "/var/lib/opencode";
-      EnvironmentFile = config.age.secrets.opencode-env.path;
-      ExecStart = "${pkgs.opencode}/bin/opencode web --port ${toString port} --hostname 0.0.0.0";
-      Restart = "on-failure";
-      RestartSec = 5;
-    };
-  };
-}
diff --git a/lib/secrets/glyph.nix b/lib/secrets/glyph.nix
index e7c67cf6..20f33a62 100644
--- a/lib/secrets/glyph.nix
+++ b/lib/secrets/glyph.nix
@@ -10,6 +10,5 @@ in {
   "hosts/glyph/secrets/open-webui-api-key.age".publicKeys = keys;
   "hosts/glyph/secrets/open-webui-env.age".publicKeys = keys;
   "hosts/glyph/secrets/graphite-auth-token.age".publicKeys = keys;
-  "hosts/glyph/secrets/opencode-env.age".publicKeys = keys;
   "hosts/glyph/secrets/attic-credentials.age".publicKeys = keys;
 }
diff --git a/lib/secrets/home.nix b/lib/secrets/home.nix
index 5ca04cd9..876e9f46 100644
--- a/lib/secrets/home.nix
+++ b/lib/secrets/home.nix
@@ -3,4 +3,5 @@ let
 in {
   "home/secrets/aichat-env.age".publicKeys = keys;
   "home/secrets/claude-code-api-key.age".publicKeys = keys;
+  "home/secrets/opencode-env.age".publicKeys = keys;
 }

From ad0a6c0cfedbe0dc1d77f5953ca9d832fc630dd3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=9C=BF=20corey?= <corey@x64.co>
Date: Fri, 20 Mar 2026 00:14:31 -0700
Subject: [PATCH 2/3] feat(glyph): configure opencode models, MCP, and server
 settings

Set Opus 4.6 as default model, Haiku 4.5 as small model, connect
MCPJungle gateway, and disable autoupdate and sharing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 hosts/glyph/home.nix | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/hosts/glyph/home.nix b/hosts/glyph/home.nix
index c98d112c..05fd1209 100644
--- a/hosts/glyph/home.nix
+++ b/hosts/glyph/home.nix
@@ -10,9 +10,20 @@
     enable = true;
     web.enable = true;
     web.extraArgs = ["--port" "8890" "--hostname" "0.0.0.0"];
-    settings.server = {
-      port = 8890;
-      hostname = "0.0.0.0";
+    settings = {
+      model = "anthropic/claude-opus-4-6";
+      small_model = "anthropic/claude-haiku-4-5";
+      enabled_providers = ["anthropic"];
+      autoupdate = false;
+      share = "disabled";
+      server = {
+        port = 8890;
+        hostname = "0.0.0.0";
+      };
+      mcp.glyph = {
+        type = "remote";
+        url = "http://127.0.0.1:8090/mcp";
+      };
     };
   };
 

From 768b0133faba23314f105d7b9955f02836f1aab1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=9C=BF=20corey?= <corey@x64.co>
Date: Fri, 20 Mar 2026 00:16:50 -0700
Subject: [PATCH 3/3] feat(glyph): add llm-profile as opencode rules

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 hosts/glyph/home.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hosts/glyph/home.nix b/hosts/glyph/home.nix
index 05fd1209..58d20d4d 100644
--- a/hosts/glyph/home.nix
+++ b/hosts/glyph/home.nix
@@ -1,5 +1,6 @@
 {
   config,
+  llm-profile,
   pkgs,
   pkgs-stable,
   ...
@@ -10,6 +11,7 @@
     enable = true;
     web.enable = true;
     web.extraArgs = ["--port" "8890" "--hostname" "0.0.0.0"];
+    rules = builtins.readFile "${llm-profile}/README.md";
     settings = {
       model = "anthropic/claude-opus-4-6";
       small_model = "anthropic/claude-haiku-4-5";