From 897c97c269f53e4ad131e48c99becf66662f4169 Mon Sep 17 00:00:00 2001 From: Ivan Malison Date: Mon, 8 Jun 2026 15:30:37 -0700 Subject: [PATCH] nixos: add claude-desktop flake and fix gpg-agent ordering cycle Add aaddrick/claude-desktop-debian as a flake input and install its default (FHS) package system-wide alongside the other LLM tools. Also fix a home-manager systemd user-session ordering cycle that broke activation ("Transaction order is cyclic"). The generated set-SSH_AUTH_SOCK.service was ordered Before=gpg-agent-ssh.socket, which is pulled into sockets.target that basic.target requires, while the service implicitly orders After=basic.target -- forming a cycle. Drop the explicit Before= edge with mkForce; the service is still pulled in via WantedBy=gpg-agent-ssh.socket (a non-ordering Wants dependency). Co-Authored-By: Claude Opus 4.8 (1M context) --- nixos/code.nix | 1 + nixos/flake.lock | 115 ++++++++++++++++++++++++++++++----------- nixos/flake.nix | 5 ++ nixos/home-manager.nix | 11 ++++ 4 files changed, 102 insertions(+), 30 deletions(-) diff --git a/nixos/code.nix b/nixos/code.nix index 4f6dc452..901a49ae 100644 --- a/nixos/code.nix +++ b/nixos/code.nix @@ -92,6 +92,7 @@ makeEnable config "myModules.code" true { # LLM Tools # antigravity claude-code + inputs.claude-desktop.packages.${pkgs.stdenv.hostPlatform.system}.default codex gemini-cli opencode diff --git a/nixos/flake.lock b/nixos/flake.lock index a3863b55..d0fc9a25 100644 --- a/nixos/flake.lock +++ b/nixos/flake.lock @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1779510126, - "narHash": "sha256-AN19hN63A3nuuUsOo42dERR/fmMt/rSEqNc1F3xjpAs=", + "lastModified": 1780791760, + "narHash": "sha256-Cg2mx6ILPC/cAoomJrwx1TvMaFvvNi9DNbd3Hy+7L18=", "owner": "sadjow", "repo": "claude-code-nix", - "rev": "304b96c0998c76633bacbb44daa6a5de40f92273", + "rev": "2370568ed1eac96474fa3bb2e73081cc971f9c03", "type": "github" }, "original": { @@ -127,6 +127,27 @@ "type": "github" } }, + "claude-desktop": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1780889015, + "narHash": "sha256-/hopwNR5blDo2/GHrbEetKrh1Xm4uqnDb0mPtxllW9k=", + "owner": "aaddrick", + "repo": "claude-desktop-debian", + "rev": "3a013797926057145625c6d9ae9ec5f3b8d23c43", + "type": "github" + }, + "original": { + "owner": "aaddrick", + "repo": "claude-desktop-debian", + "type": "github" + } + }, "codex-cli-nix": { "inputs": { "flake-utils": [ @@ -375,6 +396,24 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1778716662, + "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nixified-ai", @@ -395,7 +434,7 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nixified-ai", @@ -416,9 +455,9 @@ "type": "indirect" } }, - "flake-parts_3": { + "flake-parts_4": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { "lastModified": 1701473968, @@ -434,7 +473,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "nixtheplanet", @@ -681,7 +720,7 @@ }, "hercules-ci-effects": { "inputs": { - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "nixpkgs": [ "nixified-ai", "nixpkgs" @@ -703,7 +742,7 @@ }, "hercules-ci-effects_2": { "inputs": { - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_5", "nixpkgs": "nixpkgs_5" }, "locked": { @@ -727,11 +766,11 @@ ] }, "locked": { - "lastModified": 1779726696, - "narHash": "sha256-/p37CB5n6Wpw250b0Lq0CYwNq2D8uGKzDoBulyLcQqA=", + "lastModified": 1780885330, + "narHash": "sha256-aMA5oAq2Iv467U9s8YOb50DYQT9w0WJbyWqwlzHuLMs=", "owner": "nix-community", "repo": "home-manager", - "rev": "1a95e2efb477959b70b4a14c51035975c0481df6", + "rev": "4fe95527cbe952713318ada8a4d122e1a6ab120f", "type": "github" }, "original": { @@ -1445,18 +1484,18 @@ }, "nixified-ai": { "inputs": { - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "hercules-ci-effects": "hercules-ci-effects", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1779813639, - "narHash": "sha256-MaXcIud4ELxIUojrZngqL63rLvJRH3JzjhE6GVeryqk=", + "lastModified": 1780854253, + "narHash": "sha256-HGNO7hPMcP8yNla4I7RScT1P8MRJK6HL5mSe5mcHjFc=", "owner": "nixified-ai", "repo": "flake", - "rev": "1490129a551b6209cccf80453d7d03a1b5d62d10", + "rev": "579afb13747c68970dbcbdcd6fc162b8bf7eff46", "type": "github" }, "original": { @@ -1489,11 +1528,11 @@ ] }, "locked": { - "lastModified": 1777732699, - "narHash": "sha256-2uX/XtOWZ/oy2rerRynVhqVA//ZXZ3Fo60PikLHEPQc=", + "lastModified": 1780765279, + "narHash": "sha256-md6QHmlIx40bQkun43M2eT8aav5GURGkXEMFwof6uZs=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "5482f113fd31ebac131d1ebeb2ae90bf0d5e41f5", + "rev": "3e6d8af994e2a2d31af7a91863d7c0d6e278d951", "type": "github" }, "original": { @@ -1519,6 +1558,21 @@ } }, "nixpkgs-lib": { + "locked": { + "lastModified": 1777168982, + "narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_2": { "locked": { "dir": "lib", "lastModified": 1701253981, @@ -1586,11 +1640,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1779560665, - "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", + "lastModified": 1780749050, + "narHash": "sha256-3av0pIjlOWQ6rDbNOmpUSvbNnJkGORQKKjb4LtCZsIY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786", + "rev": "a799d3e3886da994fa307f817a6bc705ae538eeb", "type": "github" }, "original": { @@ -1649,7 +1703,7 @@ }, "nixtheplanet": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "hercules-ci-effects": "hercules-ci-effects_2", "nixpkgs": "nixpkgs_6", "osx-kvm": "osx-kvm" @@ -1848,11 +1902,11 @@ ] }, "locked": { - "lastModified": 1775003480, - "narHash": "sha256-iJmjq37Ue8UnN8maiUK6IKySWExr+xnXzMAH8h+mzyI=", + "lastModified": 1780684194, + "narHash": "sha256-pyMgFdsmWfgXVb5brZX3Wrz7ZyUp5oSXyV9KFI8mMng=", "ref": "refs/heads/master", - "rev": "184225eeb922585d217b7df06a3b7386c3fb03b3", - "revCount": 155, + "rev": "00cb3ef3ff4447393b64572637f1d9b779b20b3f", + "revCount": 157, "type": "git", "url": "ssh://gitea@dev.railbird.ai:1123/railbird/secrets-flake.git" }, @@ -1873,11 +1927,11 @@ ] }, "locked": { - "lastModified": 1780456748, - "narHash": "sha256-ZErjBY6+do9gfKLYduIMtfzP4lyBDz/kLrZL40hYCag=", + "lastModified": 1780573272, + "narHash": "sha256-0Rpx9+OsGTTiPJNr43ci5qsh9GE+Nhci3ZMfq+POAQE=", "owner": "rlrml", "repo": "rlru", - "rev": "5fce6993c50ddd4a7a2cfea97d40676148af5687", + "rev": "0cd34612dc584d944d4216ae1a9fc361e63dace1", "type": "github" }, "original": { @@ -1895,6 +1949,7 @@ ], "chrome-favicon-dbus": "chrome-favicon-dbus", "claude-code-nix": "claude-code-nix", + "claude-desktop": "claude-desktop", "codex-cli-nix": "codex-cli-nix", "codex-desktop-linux": "codex-desktop-linux", "coqui-tts-streamer": "coqui-tts-streamer", diff --git a/nixos/flake.nix b/nixos/flake.nix index ec32ee9e..2390c06a 100644 --- a/nixos/flake.nix +++ b/nixos/flake.nix @@ -277,6 +277,11 @@ }; }; + claude-desktop = { + url = "github:aaddrick/claude-desktop-debian"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + grub2-themes = { url = "github:vinceliuice/grub2-themes"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/nixos/home-manager.nix b/nixos/home-manager.nix index 98628799..750eee20 100644 --- a/nixos/home-manager.nix +++ b/nixos/home-manager.nix @@ -339,6 +339,17 @@ in { ''; }; + # Work around a home-manager systemd ordering cycle. The generated + # set-SSH_AUTH_SOCK.service is ordered Before=gpg-agent-ssh.socket, but that + # socket is pulled into sockets.target which basic.target requires, while the + # service implicitly orders After=basic.target. That forms an ordering cycle + # (sockets.target -> gpg-agent-ssh.socket -> set-SSH_AUTH_SOCK.service -> + # basic.target -> sockets.target) which systemd breaks by dropping units, + # failing the user session ("Transaction order is cyclic"). Dropping the + # explicit Before= edge breaks the cycle; the service is still pulled in via + # WantedBy=gpg-agent-ssh.socket (a non-ordering Wants dependency). + systemd.user.services.set-SSH_AUTH_SOCK.Unit.Before = lib.mkForce [ ]; + gtk = { enable = true; iconTheme = {