From 7daad01eb8a355f97a8ffb7607585f41337a73d5 Mon Sep 17 00:00:00 2001 From: Kat Huang Date: Sat, 18 Apr 2026 19:05:32 -0700 Subject: [PATCH] changes from mac-demarco-mini on Sat Apr 18 19:05:32 PDT 2026 --- dotfiles/codex/config.toml | 30 ++++ dotfiles/config/taffybar/taffybar | 2 +- dotfiles/config/xmonad/xmonad | 2 +- nix-darwin/.claude/settings.local.json | 10 ++ nix-darwin/aaa | 0 nix-darwin/create-user.sh | 40 +++++ nix-darwin/flake.nix | 2 +- nix-darwin/flake.nix.save | 209 +++++++++++++++++++++++++ nix-darwin/gitea-log.log | 0 nix-darwin/gitea-log.stderr | 0 nix-darwin/home/kat.nix | 2 +- nix-darwin/result | 1 + nix-darwin/switch-gitea-runner.sh | 8 + nixos/#users.nix# | 103 ++++++++++++ nixos/dotfiles-links.nix | 19 ++- nixos/overlay.nix.bak | 186 ++++++++++++++++++++++ 16 files changed, 605 insertions(+), 9 deletions(-) create mode 100644 nix-darwin/.claude/settings.local.json create mode 100644 nix-darwin/aaa create mode 100755 nix-darwin/create-user.sh create mode 100644 nix-darwin/flake.nix.save create mode 100644 nix-darwin/gitea-log.log create mode 100644 nix-darwin/gitea-log.stderr create mode 120000 nix-darwin/result create mode 100755 nix-darwin/switch-gitea-runner.sh create mode 100644 nixos/#users.nix# create mode 100644 nixos/overlay.nix.bak diff --git a/dotfiles/codex/config.toml b/dotfiles/codex/config.toml index 0058df78..e8c9259b 100644 --- a/dotfiles/codex/config.toml +++ b/dotfiles/codex/config.toml @@ -1,6 +1,8 @@ model = "gpt-5.4" model_reasoning_effort = "high" personality = "pragmatic" +notify = ["/Users/kat/.codex/plugins/cache/openai-bundled/computer-use/1.0.750/Codex Computer Use.app/Contents/SharedSupport/SkyComputerUseClient.app/Contents/MacOS/SkyComputerUseClient", "turn-ended"] + [projects."/home/imalison/Projects/nixpkgs"] trust_level = "trusted" @@ -102,6 +104,13 @@ trust_level = "trusted" [projects."/home/imalison/keysmith_generated"] trust_level = "trusted" + +[projects."/Users/kat/dotfiles"] +trust_level = "trusted" + +[projects."/Users/kat"] +trust_level = "trusted" + [notice] hide_gpt5_1_migration_prompt = true "hide_gpt-5.1-codex-max_migration_prompt" = true @@ -117,6 +126,10 @@ args = ["-y", "chrome-devtools-mcp@latest", "--auto-connect"] command = "npx" args = ["-y", "@google-cloud/observability-mcp"] +[mcp_servers.gmail] +command = "nix" +args = ["run", "/home/imalison/Projects/gmail-mcp#gmail-mcp-server"] + [mcp_servers.openaiDeveloperDocs] url = "https://developers.openai.com/mcp" @@ -125,5 +138,22 @@ unified_exec = true apps = true steer = true +[marketplaces.openai-bundled] +last_updated = "2026-04-19T01:07:40Z" +source_type = "local" +source = "/Users/kat/.codex/.tmp/bundled-marketplaces/openai-bundled" + +[plugins."google-calendar@openai-curated"] +enabled = true + +[plugins."gmail@openai-curated"] +enabled = true + [plugins."google-drive@openai-curated"] enabled = true + +[plugins."computer-use@openai-bundled"] +enabled = true + +[plugins."github@openai-curated"] +enabled = true diff --git a/dotfiles/config/taffybar/taffybar b/dotfiles/config/taffybar/taffybar index 3c701421..220cb5a3 160000 --- a/dotfiles/config/taffybar/taffybar +++ b/dotfiles/config/taffybar/taffybar @@ -1 +1 @@ -Subproject commit 3c7014217875a7ab8554c3c07cc3e7aacd82f1ca +Subproject commit 220cb5a34d81543baebbb530731481cafba61138 diff --git a/dotfiles/config/xmonad/xmonad b/dotfiles/config/xmonad/xmonad index bb33042d..8113e0fe 160000 --- a/dotfiles/config/xmonad/xmonad +++ b/dotfiles/config/xmonad/xmonad @@ -1 +1 @@ -Subproject commit bb33042d408c15d8727011b1ed4aa22b2716d73d +Subproject commit 8113e0fe5566dd8841b7de664c364a26cef385fb diff --git a/nix-darwin/.claude/settings.local.json b/nix-darwin/.claude/settings.local.json new file mode 100644 index 00000000..b1937575 --- /dev/null +++ b/nix-darwin/.claude/settings.local.json @@ -0,0 +1,10 @@ +{ + "permissions": { + "allow": [ + "Bash(sudo darwin-rebuild switch:*)", + "Bash(darwin-rebuild switch:*)" + ], + "deny": [], + "ask": [] + } +} \ No newline at end of file diff --git a/nix-darwin/aaa b/nix-darwin/aaa new file mode 100644 index 00000000..e69de29b diff --git a/nix-darwin/create-user.sh b/nix-darwin/create-user.sh new file mode 100755 index 00000000..6c5e8d05 --- /dev/null +++ b/nix-darwin/create-user.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +#!/bin/bash + +# Exit on any error +set -e + +# Define variables +USERNAME="gitearunner" + +# Function to check if script is run as root +check_root() { + if [ "$(id -u)" != "0" ]; then + echo "This script must be run as root" 1>&2 + exit 1 + fi +} + +# Function to create system user +create_system_user() { + # Generate a unique ID (you may need to adjust this logic) + UNIQUE_ID=$(dscl . -list /Users UniqueID | awk '{print $2}' | sort -n | tail -1) + UNIQUE_ID=$((UNIQUE_ID+1)) + + dscl . -create /Users/$USERNAME + dscl . -create /Users/$USERNAME RealName "Gitea Runner" + dscl . -create /Users/$USERNAME UniqueID $UNIQUE_ID + dscl . -create /Users/$USERNAME PrimaryGroupID 20 # 20 is the 'staff' group + dscl . -create /Users/$USERNAME NFSHomeDirectory /var/lib/gitea-runner/nix + dscl . -create /Users/$USERNAME IsHidden 1 + /usr/bin/dscl . -create /Users/$USERNAME Password "*" + + echo "System user $USERNAME created with UID $UNIQUE_ID." +} + +# Main execution +check_root +create_system_user + +echo "Setup complete. The $USERNAME system user has been created." diff --git a/nix-darwin/flake.nix b/nix-darwin/flake.nix index 211c512b..3ce5e751 100644 --- a/nix-darwin/flake.nix +++ b/nix-darwin/flake.nix @@ -87,7 +87,7 @@ url = "https://dev.railbird.ai"; tokenFile = config.age.secrets.gitea-runner-token.path; labels = [ - "nix-darwin-${pkgs.system}:host" + "nix-darwin-${pkgs.stdenv.hostPlatform.system}:host" "macos-aarch64-darwin" "nix:host" ]; diff --git a/nix-darwin/flake.nix.save b/nix-darwin/flake.nix.save new file mode 100644 index 00000000..8bee3aa9 --- /dev/null +++ b/nix-darwin/flake.nix.save @@ -0,0 +1,209 @@ +{ + description = "Example Darwin system flake"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + nix-darwin.url = "github:LnL7/nix-darwin"; + nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; + railbird-secrets = { + url = "git+ssh://gitea@dev.railbird.ai:1123/railbird/secrets-flake.git"; + }; + nix-homebrew.url = "github:zhaofengli-wip/nix-homebrew"; + + # Optional: Declarative tap management + homebrew-core = { + url = "github:homebrew/homebrew-core"; + flake = false; + }; + homebrew-cask = { + url = "github:homebrew/homebrew-cask"; + flake = false; + }; + home-manager.url = "github:nix-community/home-manager"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = inputs@{ self, nix-darwin, nixpkgs, home-manager, ... }: + let + libDir = ../dotfiles/lib; + configuration = { pkgs, config, ... }: { + networking.hostName = "mac-demarco-mini"; + imports = [ (import ./gitea-actions-runner.nix) ]; + services.gitea-actions-runner = { + user = "gitea-runner"; + instances.nix = { + enable = true; + name = config.networking.hostName; + url = "https://dev.railbird.ai"; + token = "H0A7YXAWsKSp9QzvMymfJI12hbxwR7UerEHpCJUe"; + labels = [ + "nix-darwin-${pkgs.system}:host" + "macos-aarch64-darwin" + "nix:host" + ]; + settings = { + cache = { + enabled = true; + }; + host = { + workdir_parent = "/var/lib/gitea-runner/action-cache-dir"; + }; + }; + hostPackages = with pkgs; [ + bash + coreutils + curl + direnv + gawk + just + git-lfs + isort + gitFull + gnused + ncdu + nixFlakes + nodejs + openssh + wget + ]; + }; + }; + + launchd.daemons.gitea-runner-nix.serviceConfig.EnvironmentVariables = { + XDG_CONFIG_HOME = "/var/lib/gitea-runner"; + XDG_CACHE_HOME = "/var/lib/gitea-runner/.cache"; + XDG_RUNTIME_DIR = "/var/lib/gitea-runner/tmp"; + }; + + system.primaryUser = "kat"; + + # launchd.daemons.gitea-runner-restarter = { + # serviceConfig = { + # ProgramArguments = [ + # "/usr/bin/env" + # "bash" + # "-c" + # '' + # SERVICE_NAME="org.nixos.gitea-runner-nix" + # while true; do + # # Check the second column of launchctl list output for our service + # EXIT_CODE=$(sudo launchctl list | grep "$SERVICE_NAME" | awk '{print $2}') + # if [ -z "$EXIT_CODE" ]; then + # echo "$(date): $SERVICE_NAME is running correctly. Terminating the restarter." + # exit 0 + # else + # echo "$(date): $SERVICE_NAME is not running or in error state. Attempting to restart..." + # sudo launchctl bootout system/$SERVICE_NAME 2>/dev/null || true + # sudo launchctl load /Library/LaunchDaemons/$SERVICE_NAME.plist + # sleep 2 # Give the service some time to start + # fi + # done + # '' + # ]; + # RunAtLoad = true; + # ThrottleInterval = 300; + # }; + # }; + + launchd.daemons.does-anything-work = { + serviceConfig = { + ProgramArguments = ["/usr/bin/env" "bash" "-c" "date > /var/log/does-anything-work"]; + RunAtLoad = true; + }; + }; + + nixpkgs.overlays = [(import ../nixos/overlay.nix)]; + environment.systemPackages = with pkgs; [ + #python-with-my-packages + emacs + alejandra + cocoapods + gitFull + just + tmux + htop + nodePackages.prettier + nodejs + ripgrep + slack + typescript + vim + yarn + ]; + + nixpkgs.config.allowUnfree = true; + + + # Auto upgrade nix package and the daemon service. + launchd.user.envVariables.PATH = config.environment.systemPath; + + programs.direnv.enable = true; + + # Necessary for using flakes on this system. + nix.settings.experimental-features = "nix-command flakes"; + + + # Set Git commit hash for darwin-version. + system.configurationRevision = self.rev or self.dirtyRev or null; + + # Used for backwards compatibility, please read the changelog before changing + system.stateVersion = 4; + + # The platform the configuration will be used on. + nixpkgs.hostPlatform = "aarch64-darwin"; + users.users.kat.openssh.authorizedKeys.keys = inputs.railbird-secrets.keys.kanivanKeys; + users.users.gitea-runner = { + name = "gitea-runner"; + isHidden = false; + home = "/Users/gitea-runner"; + createHome = false; + }; + + home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; + + users.users.kat = { + name = "kat"; + home = "/Users/kat"; + }; + + programs.zsh = { + enable = true; + shellInit = '' + fpath+="${libDir}/functions" + for file in "${libDir}/functions/"* + do + autoload "''${file##*/}" + done + ''; + interactiveShellInit = '' + # eval "$(register-python-argcomplete prb)" + # eval "$(register-python-argcomplete prod-prb)" + # eval "$(register-python-argcomplete railbird)" + # [ -n "$EAT_SHELL_INTEGRATION_DIR" ] && source "$EAT_SHELL_INTEGRATION_DIR/zsh" + + autoload -Uz bracketed-paste-magic + zle -N bracketed-paste bracketed-paste-magic + ''; + }; + + home-manager.users.kat = { + programs.starship = { + enable = true; + }; + programs.zsh.enable = true; + home.stateVersion = "24.05"; + }; + }; + in + { + darwinConfigurations."mac-demarco-mini" = nix-darwin.lib.darwinSystem { + modules = [ + home-manager.darwinModules.home-manager + configuration + ]; + }; + + # Expose the package set, including overlays, for convenience. + darwinPackages = self.darwinConfigurations."mac-demarco-mini".pkgs; + }; +} diff --git a/nix-darwin/gitea-log.log b/nix-darwin/gitea-log.log new file mode 100644 index 00000000..e69de29b diff --git a/nix-darwin/gitea-log.stderr b/nix-darwin/gitea-log.stderr new file mode 100644 index 00000000..e69de29b diff --git a/nix-darwin/home/kat.nix b/nix-darwin/home/kat.nix index e289b392..21ba1beb 100644 --- a/nix-darwin/home/kat.nix +++ b/nix-darwin/home/kat.nix @@ -22,7 +22,7 @@ repositories = { org = { path = "/Users/kat/org"; - uri = "ssh://gitea@1896Folsom.duckdns.org:1123/kkathuang/org.git"; + uri = "git@github.com:colonelpanic8/org.git"; interval = 180; }; password-store = { diff --git a/nix-darwin/result b/nix-darwin/result new file mode 120000 index 00000000..b8d61b98 --- /dev/null +++ b/nix-darwin/result @@ -0,0 +1 @@ +/nix/store/n2y9x01zld5simp7y6vnblddq8bnykmm-darwin-system-26.05.06648f4 \ No newline at end of file diff --git a/nix-darwin/switch-gitea-runner.sh b/nix-darwin/switch-gitea-runner.sh new file mode 100755 index 00000000..feab008b --- /dev/null +++ b/nix-darwin/switch-gitea-runner.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +mkdir -p /var/log/gitea-runner/ +chown -R $1 /var/log/gitea-runner +chmod 755 /var/log/gitea-runner + +mkdir -p /var/lib/gitea-runner/nix +chown -R $1 /var/lib/gitea-runner +chmod 755 /var/lib/gitea-runner diff --git a/nixos/#users.nix# b/nixos/#users.nix# new file mode 100644 index 00000000..4048d2e5 --- /dev/null +++ b/nixos/#users.nix# @@ -0,0 +1,103 @@ +{ pkgs, keys, inputs, system, ... }: +let + extraGroups = [ + "audio" + "adbusers" + "disk" + "docker" + "networkmanager" + "openrazer" + "plugdev" + "syncthing" + "systemd-journal" + "video" + ]; + extraGroupsWithWheel = extraGroups ++ ["wheel"]; + userDefaults = { + group = "users"; + isNormalUser = true; + createHome = true; + shell = pkgs.zsh; + }; +in +{ + security.sudo.wheelNeedsPassword = false; + users.users = with keys; { + syncthing = { + extraGroups = [ "syncthing" "wheel" ]; + home = "/var/lib/syncthing"; + createHome = true; + openssh.authorizedKeys.keys = [giteaSecret] ++ kanivanKeys; + }; + ivanm = userDefaults // { + extraGroups = extraGroupsWithWheel; + name = "ivanm"; + openssh.authorizedKeys.keys = kanivanKeys; + }; + imalison = userDefaults // { + extraGroups = extraGroupsWithWheel; + name = "imalison"; + openssh.authorizedKeys.keys = kanivanKeys; + }; + kat = userDefaults // { + extraGroups = extraGroupsWithWheel; + name = "kat"; + openssh.authorizedKeys.keys = kanivanKeys; + }; + dean = userDefaults // { + extraGroups = extraGroupsWithWheel; + name = "dean"; + openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys; + }; + will = userDefaults // { + extraGroups = extraGroupsWithWheel; + name = "will"; + openssh.authorizedKeys.keys = kanivanKeys ++ willKeys; + }; + alex = userDefaults // { + extraGroups = extraGroupsWithWheel; + name = "alex"; + openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys; + }; + loewy = userDefaults // { + inherit extraGroups; + name = "loewy"; + openssh.authorizedKeys.keys = kanivanKeys ++ loewyKeys; + }; + mike = userDefaults // { + inherit extraGroups; + name = "mike"; + openssh.authorizedKeys.keys = kanivanKeys ++ mikeKeys; + }; + andy = userDefaults // { + inherit extraGroups; + name = "andy"; + openssh.authorizedKeys.keys = kanivanKeys ++ andyKeys; + }; + micah = userDefaults // { + inherit extraGroups; + name = "micah"; + openssh.authorizedKeys.keys = kanivanKeys ++ micahKeys; + }; + unprivileged = userDefaults // { + extraGroups = ["syncthing"]; + name = "unprivileged"; + openssh.authorizedKeys.keys = [giteaSecret] ++ kanivanKeys; + }; + ben = userDefaults // { + inherit extraGroups; + name = "ben"; + openssh.authorizedKeys.keys = benKeys ++ kanivanKeys; + }; + railbird = userDefaults // { + inherit extraGroups; + name = "railbird"; + openssh.authorizedKeys.keys = inputs.railbird-secrets.keys.railbirdDevKeys; + }; + }; + + nix.sshServe = { + enable = true; + keys = keys.allKeys; + }; +} diff --git a/nixos/dotfiles-links.nix b/nixos/dotfiles-links.nix index 86dfa999..27d9939a 100644 --- a/nixos/dotfiles-links.nix +++ b/nixos/dotfiles-links.nix @@ -56,9 +56,18 @@ let in { home.file = - (builtins.listToAttrs (map mkManaged managedRelFiles)) - // { - # Keep ~/.emacs.d as a directory symlink (matches current setup). - ".emacs.d".source = oos "${worktreeDotfiles}/emacs.d"; - }; + builtins.listToAttrs (map mkManaged managedRelFiles); + + # Home Manager directory links for .emacs.d resolve through the store on this + # machine, which breaks Elpaca's writable state under ~/.emacs.d/elpaca. + # Manage placement here instead so ~/.emacs.d always points at the live + # worktree checkout. + home.activation.linkEmacsDotdir = lib.hm.dag.entryAfter ["writeBoundary"] '' + if [ -L "$HOME/.emacs.d" ] || [ ! -e "$HOME/.emacs.d" ]; then + rm -f "$HOME/.emacs.d" + ln -s "${worktreeDotfiles}/emacs.d" "$HOME/.emacs.d" + else + echo "Skipping ~/.emacs.d relink because it is not a symlink" >&2 + fi + ''; } diff --git a/nixos/overlay.nix.bak b/nixos/overlay.nix.bak new file mode 100644 index 00000000..33f78125 --- /dev/null +++ b/nixos/overlay.nix.bak @@ -0,0 +1,186 @@ +final: prev: +{ + # nvidia-container-toolkit = prev.nvidia-container-toolkit.overrideAttrs(old: { + # postInstall = '' + # ${old.postInstall or ""} + # mv $tools/bin/nvidia-cdi-hook $tools/bin/.nvidia-cdi-hook-wrapped + # cat > $tools/bin/nvidia-cdi-hook < "$out/bin/runc" <> /var/log/debug/runc/invocations.log + + # Hand off control to the original runc from prev.runc. + ${prev.runc}/bin/runc --debug "\$@" > \ + >(tee -a /var/log/debug/runc/stdout.log) \ + 2> >(tee -a /var/log/debug/runc/stderr.log >&2) + EOF + + chmod +x "$out/bin/runc" + + installManPage ${prev.runc.man}/*/*.[1-9] + mkdir -p $man + touch $man/afile + ''; + + # Optionally inherit original metadata + meta = prev.runc.meta // {}; + }; + + rofi-systemd = prev.rofi-systemd.overrideAttrs (_: { + src = prev.fetchFromGitHub { + repo = "rofi-systemd"; + owner = "IvanMalison"; + rev = "078bdb833a32cc84538d329085fbfe00c7d4d1b6"; + sha256 = "sha256-ikwIc8vR2VV3bHXEtLrGgKklpz1NSRUJoJny0iRNViQ="; + }; + }); + + wyoming-satellite = prev.wyoming-satellite.overridePythonAttrs (oldAttrs: { + src = prev.fetchFromGitHub { + owner = "colonelpanic8"; + repo = "wyoming-satellite"; + rev = "509628a9be2cf61116b6d0475e19c0b92a855e0b"; + hash = "sha256-ewSxVv+8r2VGYNOoj8jiMogXtp1GPApcRc2BH3Q+8W8="; + }; + build-system = with final.python3.pkgs; [ poetry-core setuptools ]; + pythonImportsCheck = [ + "wyoming_satellite" + ]; + propagatedBuildInputs = []; + }); + + git-sync = prev.git-sync.overrideAttrs (_: { + src = prev.fetchFromGitHub { + repo = "git-sync"; + owner = "IvanMalison"; + rev = "92544e76553c25da2d40d06a230ecd0a6e13c114"; + sha256 = "sha256-hBtdvxAtFUMtLqGmy1wbDk796LQcYCth29fv8L0WQyQ="; + }; + }); + + picom = prev.picom.overrideAttrs (old: { + src = prev.fetchFromGitHub { + repo = "picom"; + owner = "dccsillag"; + rev = "51b21355696add83f39ccdb8dd82ff5009ba0ae5"; + sha256 = "sha256-crCwRJd859DCIC0pEerpDqdX2j8ZrNAzVaSSB3mTPN8=="; + }; + nativeBuildInputs = old.nativeBuildInputs ++ [final.pcre final.gnugrep.pcre2 final.asciidoc]; + buildInputs = old.buildInputs ++ [final.pcre]; + nativeInstallCheckInputs = []; + doCheck = false; + dontCheck = true; + }); + + expressvpn = prev.expressvpn.overrideAttrs (_: { + src = prev.fetchurl { + url = "https://www.expressvpn.works/clients/linux/expressvpn_3.46.0.7-1_amd64.deb"; + hash = "sha256-v0rr1s32jj79A8IGfJgSGJVlz7rSnZYn4ealOpqee0w="; + }; + }); + + gnupg_2_4_0 = prev.gnupg.overrideAttrs (_: rec { + pname = "gnupg"; + # 2.4.1 breaks emacs + version = "2.4.0"; + src = prev.fetchurl { + url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; + hash = "sha256-HXkVjdAdmSQx3S4/rLif2slxJ/iXhOosthDGAPsMFIM="; + }; + }); + + emacs = prev.emacs30.override { + withNativeCompilation = true; + withTreeSitter = true; + }; + + python-with-my-packages = let + my-python-packages = python-packages: + with python-packages; [ + universal-silabs-flasher + argcomplete + appdirs + ipdb + ipython + numpy + openpyxl + pip + requests + tox + ]; + in + final.python311.withPackages my-python-packages; + + claude-code = prev.claude-code.overrideAttrs (oldAttrs: rec { + version = "1.0.86"; + src = prev.fetchzip { + url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${version}.tgz"; + hash = "sha256-mVXS75KgeKgD7EI5t9X6+TkwjBFyBLOo4/m50sS9XdA="; + }; + npmDepsHash = ""; + }); + + pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [ + ( + python-final: python-prev: { + pysilero-vad = python-prev.pysilero-vad.overridePythonAttrs (_: { + src = final.fetchFromGitHub { + owner = "colonelpanic8"; + repo = "pysilero-vad"; + rev = "846caf4aa6c5f5319b87d3127dfe0aa9e88b338e"; + hash = "sha256-SjoyiHm2RiLDFbwduKsoPK4/AvQiwZ39ZsPj2etXRV0="; + }; + }); + home-assistant-chip-wheels = python-prev.home-assistant-chip-wheels.overrideAttrs + (oldAttrs: rec { + bypassAttestationVerificationPatch = final.fetchpatch { + url = "https://raw.githubusercontent.com/tronikos/chip-wheels/8a5ec21d114010723cf428ffe79e244da7562390/8766-Bypass-attestation-verification.patch"; + sha256 = "sha256-RgmlPRSfw1PPMdHBzpoK2Drrb8nEagATY8Y5ngi7x0k="; + }; + postPatch = '' + pushd connectedhomeip + patch -p1 < ${bypassAttestationVerificationPatch} + popd + '' + oldAttrs.postPatch; + }); + } + ) + ]; +}