colonelpanic/dotfiles
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos: Use codex-cli-nix and claude-code-nix flakes with cachix

Browse Source 
Switch from manual version overrides to dedicated flakes:
- github:sadjow/codex-cli-nix for codex
- github:sadjow/claude-code-nix for claude-code

Added cachix substituters and keys for pre-built binaries.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Ivan Malison
2026-01-31 21:45:25 -08:00
parent 89ce2116cf
commit 9c51555847
4 changed files with 249 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

224
nixos/flake.lock generated
View File

@@ -29,7 +29,7 @@
"railbird-secrets",
"nixpkgs"
],
"systems": "systems_9"
"systems": "systems_11"
},
"locked": {
"lastModified": 1707830867,
@@ -78,6 +78,48 @@
"type": "github"
}
},
"claude-code-nix": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1769893338,
"narHash": "sha256-iRRaY8dnowvXl+nQRVItRtYgAIIUbz3VZnHRYZ0OzEY=",
"owner": "sadjow",
"repo": "claude-code-nix",
"rev": "babe8eef56e4f9fc5f27a00fda501cdd0b9deb5a",
"type": "github"
},
"original": {
"owner": "sadjow",
"repo": "claude-code-nix",
"type": "github"
}
},
"codex-cli-nix": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1769843659,
"narHash": "sha256-yXQW0oxP7MZDa+0DYx21YyI3CNFF8aMZ43ZFI+GX7wU=",
"owner": "sadjow",
"repo": "codex-cli-nix",
"rev": "b9be52a99de5fa512a58eb616b8e8d763eab0b14",
"type": "github"
},
"original": {
"owner": "sadjow",
"repo": "codex-cli-nix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@@ -345,9 +387,7 @@
},
"flake-utils": {
"inputs": {
"systems": [
"systems"
]
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
@@ -365,7 +405,43 @@
},
"flake-utils_10": {
"inputs": {
"systems": "systems_13"
"systems": "systems_12"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_11": {
"inputs": {
"systems": "systems_14"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_12": {
"inputs": {
"systems": "systems_15"
},
"locked": {
"lastModified": 1685518550,
@@ -381,9 +457,9 @@
"type": "github"
}
},
"flake-utils_11": {
"flake-utils_13": {
"inputs": {
"systems": "systems_14"
"systems": "systems_16"
},
"locked": {
"lastModified": 1681202837,
@@ -419,7 +495,9 @@
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
"systems": [
"systems"
]
},
"locked": {
"lastModified": 1731533236,
@@ -458,11 +536,11 @@
"systems": "systems_6"
},
"locked": {
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -493,6 +571,24 @@
"inputs": {
"systems": "systems_8"
},
"locked": {
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_8": {
"inputs": {
"systems": "systems_9"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
@@ -507,34 +603,16 @@
"type": "github"
}
},
"flake-utils_8": {
"flake-utils_9": {
"inputs": {
"systems": "systems_10"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_9": {
"inputs": {
"systems": "systems_12"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -685,7 +763,7 @@
},
"git-sync-rs": {
"inputs": {
"flake-utils": "flake-utils_7",
"flake-utils": "flake-utils_9",
"nixpkgs": [
"org-agenda-api",
"nixpkgs"
@@ -1036,7 +1114,7 @@
"haskell-language-server": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-utils": "flake-utils_5",
"flake-utils": "flake-utils_7",
"fourmolu-011": "fourmolu-011",
"fourmolu-012": "fourmolu-012",
"gitignore": "gitignore_3",
@@ -1071,7 +1149,7 @@
"haskell-language-server_2": {
"inputs": {
"flake-compat": "flake-compat_6",
"flake-utils": "flake-utils_10",
"flake-utils": "flake-utils_12",
"fourmolu-011": "fourmolu-011_2",
"fourmolu-012": "fourmolu-012_2",
"gitignore": "gitignore_4",
@@ -1382,7 +1460,7 @@
"hyprwire": "hyprwire",
"nixpkgs": "nixpkgs_2",
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_2",
"systems": "systems_4",
"xdph": "xdph"
},
"locked": {
@@ -1635,7 +1713,7 @@
},
"imalison-taffybar": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_3",
"taffybar": "taffybar",
"xmonad": "xmonad"
@@ -2195,7 +2273,7 @@
"org-agenda-api": {
"inputs": {
"emacs-overlay": "emacs-overlay",
"flake-utils": "flake-utils_6",
"flake-utils": "flake-utils_8",
"git-sync-rs": "git-sync-rs",
"mova": "mova",
"nixpkgs": [
@@ -2377,7 +2455,7 @@
"railbird-secrets": {
"inputs": {
"agenix": "agenix_2",
"flake-utils": "flake-utils_8",
"flake-utils": "flake-utils_10",
"nixpkgs": "nixpkgs_15"
},
"locked": {
@@ -2397,7 +2475,9 @@
"root": {
"inputs": {
"agenix": "agenix",
"flake-utils": "flake-utils",
"claude-code-nix": "claude-code-nix",
"codex-cli-nix": "codex-cli-nix",
"flake-utils": "flake-utils_3",
"git-ignore-nix": "git-ignore-nix",
"gtk-sni-tray": "gtk-sni-tray",
"gtk-strut": "gtk-strut_2",
@@ -2415,7 +2495,7 @@
"org-agenda-api": "org-agenda-api",
"railbird-secrets": "railbird-secrets",
"status-notifier-item": "status-notifier-item_2",
"systems": "systems_11",
"systems": "systems_13",
"taffybar": "taffybar_2",
"vscode-server": "vscode-server",
"xmonad": "xmonad_3",
@@ -2625,18 +2705,48 @@
"type": "github"
}
},
"systems_2": {
"systems_15": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"repo": "default",
"type": "github"
}
},
"systems_16": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
@@ -2657,16 +2767,16 @@
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"repo": "default-linux",
"type": "github"
}
},
@@ -2747,7 +2857,7 @@
},
"taffybar": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_5",
"gtk-sni-tray": "gtk-sni-tray_2",
"gtk-strut": "gtk-strut_3",
"nixpkgs": [
@@ -2778,7 +2888,7 @@
},
"taffybar_2": {
"inputs": {
"flake-utils": "flake-utils_9",
"flake-utils": "flake-utils_11",
"git-ignore-nix": "git-ignore-nix_3",
"gtk-sni-tray": "gtk-sni-tray_3",
"gtk-strut": "gtk-strut_4",
@@ -2854,7 +2964,7 @@
},
"vscode-server": {
"inputs": {
"flake-utils": "flake-utils_11",
"flake-utils": "flake-utils_13",
"nixpkgs": "nixpkgs_17"
},
"locked": {
@@ -2937,7 +3047,7 @@
},
"xmonad": {
"inputs": {
"flake-utils": "flake-utils_4",
"flake-utils": "flake-utils_6",
"git-ignore-nix": "git-ignore-nix_2",
"nixpkgs": "nixpkgs_6",
"unstable": "unstable"

14
nixos/flake.nix
View File

@@ -126,6 +126,16 @@
nixtheplanet.url = "github:matthewcroughan/nixtheplanet";
codex-cli-nix = {
url = "github:sadjow/codex-cli-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
claude-code-nix = {
url = "github:sadjow/claude-code-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs @ {
@@ -353,11 +363,15 @@
"http://192.168.1.26:5050"
"https://cache.flox.dev"
"https://org-agenda-api.cachix.org"
"https://codex-cli.cachix.org"
"https://claude-code.cachix.org"
];
extra-trusted-public-keys = [
"1896Folsom.duckdns.org:U2FTjvP95qwAJo0oGpvmUChJCgi5zQoG1YisoI08Qoo="
"flox-cache-public-1:7F4OyH7ZCnFhcze3fJdfyXYLQw/aV7GEed86nQ7IsOs="
"org-agenda-api.cachix.org-1:liKFemKkOLV/rJt2txDNcpDjRsqLuBneBjkSw/UVXKA="
"codex-cli.cachix.org-1:1Br3H1hHoRYG22n//cGKJOk3cQXgYobUel6O8DgSing="
"claude-code.cachix.org-1:YeXf2aNu7UTX8Vwrze0za1WEDS+4DuI2kVeWEE4fsRk="
];
};
nixosConfigurations =

9
nixos/nix.nix
View File

@@ -33,11 +33,15 @@
"https://cache.nixos.org"
"https://cuda-maintainers.cachix.org"
"https://ai.cachix.org"
"https://codex-cli.cachix.org"
"https://claude-code.cachix.org"
];
trusted-public-keys = [
"cache.railbird.ai:KhnvcouxtIU2zxUcjJsm4bUK3o1S3p8xMf9qfZGF7/A="
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
"ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc="
"codex-cli.cachix.org-1:1Br3H1hHoRYG22n//cGKJOk3cQXgYobUel6O8DgSing="
"claude-code.cachix.org-1:YeXf2aNu7UTX8Vwrze0za1WEDS+4DuI2kVeWEE4fsRk="
];
nix-path = nixPath;
};
@@ -51,6 +55,11 @@
# (import ./nvidia-container-toolkit-overlay.nix)
(import ./runc-overlay.nix)
(import ./overlay.nix)
# Use codex and claude-code from dedicated flakes with cachix
(final: prev: {
codex = inputs.codex-cli-nix.packages.${prev.stdenv.hostPlatform.system}.default;
claude-code = inputs.claude-code-nix.packages.${prev.stdenv.hostPlatform.system}.default;
})
] ++ (if config.imalison.nixOverlay.enable then [ inputs.nix.overlays.default ] else []);
# Allow all the things

98
nixos/overlay.nix
View File

@@ -1,20 +1,36 @@
final: prev:
let
# Enable/disable version overrides (set to false to use nixpkgs versions)
enableCodexOverride = false; # Using PR patches instead
enableClaudeCodeOverride = false; # Disabled - needs proper buildNpmPackage override
# XXX: codex and claude-code are now provided by dedicated flakes in nix.nix:
# - inputs.codex-cli-nix (github:sadjow/codex-cli-nix)
# - inputs.claude-code-nix (github:sadjow/claude-code-nix)
# These use cachix caches for pre-built binaries.
# The old manual version override code is preserved below for reference.
# Codex version override - update these values to bump the version
codexVersion = {
version = "0.88.0";
hash = "sha256-Ff6Ut1GwRPd2oB4/YojKgS/CYMG0TVizXOHKfpKClqY=";
cargoHash = "sha256-eLao+Jaq7+Bu9QNHDJYD3zX2BQvlX/BSTYr4gpCD++Q=";
};
claudeCodeVersion = {
version = "2.1.22";
hash = "sha256-OqvLiwB5TwZaxDvyN/+/+eueBdWNaYxd81cd5AZK/mA=";
npmDepsHash = "sha256-vy7osk3UAOEgsJx9jdcGe2wICOk5Urzxh1WLAHyHM+U=";
};
# # Enable/disable version overrides (set to false to use nixpkgs versions)
# enableCodexOverride = true; # Override to get 0.93.0
# enableClaudeCodeOverride = false; # Disabled - needs proper buildNpmPackage override
# # Codex version override - update these values to bump the version
# codexVersion = {
# version = "0.93.0";
# hash = "sha256-JwCwFPa4+BAMUSp567s9l2QdanL7XEhtGSR8mvlws6Q=";
# # Using importCargoLock requires outputHashes for git dependencies
# outputHashes = {
# "crossterm-0.28.1" = "sha256-6qCtfSMuXACKFb9ATID39XyFDIEMFDmbx6SSmNe+728=";
# "nucleo-0.5.0" = "sha256-Hm4SxtTSBrcWpXrtSqeO0TACbUxq3gizg1zD/6Yw/sI=";
# "nucleo-matcher-0.3.1" = "sha256-Hm4SxtTSBrcWpXrtSqeO0TACbUxq3gizg1zD/6Yw/sI=";
# "ratatui-0.29.0" = "sha256-HBvT5c8GsiCxMffNjJGLmHnvG77A6cqEL+1ARurBXho=";
# "runfiles-0.1.0" = "sha256-uJpVLcQh8wWZA3GPv9D8Nt43EOirajfDJ7eq/FB+tek=";
# "tokio-tungstenite-0.28.0" = "sha256-vJZ3S41gHtRt4UAODsjAoSCaTksgzCALiBmbWgyDCi8=";
# "tungstenite-0.28.0" = "sha256-CyXZp58zGlUhEor7WItjQoS499IoSP55uWqr++ia+0A=";
# };
# };
# claudeCodeVersion = {
# version = "2.1.22";
# hash = "sha256-OqvLiwB5TwZaxDvyN/+/+eueBdWNaYxd81cd5AZK/mA=";
# npmDepsHash = "sha256-vy7osk3UAOEgsJx9jdcGe2wICOk5Urzxh1WLAHyHM+U=";
# };
placeholder = null; # Dummy binding to keep let block valid
in
{
# Fix poetry pbs-installer version constraint issue
@@ -22,32 +38,36 @@ in
dontCheckRuntimeDeps = true;
});
# XXX: Don't remove this code - use enableCodexOverride flag instead.
# nixpkgs often lags behind and codex moves extremely quickly
codex = if enableCodexOverride then prev.codex.overrideAttrs (oldAttrs: rec {
inherit (codexVersion) version cargoHash;
src = prev.fetchFromGitHub {
owner = "openai";
repo = "codex";
tag = "rust-v${codexVersion.version}";
inherit (codexVersion) hash;
};
cargoDeps = prev.rustPlatform.fetchCargoVendor {
inherit src;
sourceRoot = "${src.name}/codex-rs";
hash = cargoHash;
};
}) else prev.codex;
# XXX: codex and claude-code are now provided by flakes in nix.nix
# See the overlay at the end of nixpkgs.overlays in nix.nix
# XXX: Don't remove this code - use enableClaudeCodeOverride flag instead.
# nixpkgs often lags behind and claude-code moves extremely quickly
claude-code = if enableClaudeCodeOverride then prev.claude-code.overrideAttrs (oldAttrs: {
inherit (claudeCodeVersion) version npmDepsHash;
src = prev.fetchurl {
url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${claudeCodeVersion.version}.tgz";
inherit (claudeCodeVersion) hash;
};
}) else prev.claude-code;
# # XXX: Don't remove this code - use enableCodexOverride flag instead.
# # nixpkgs often lags behind and codex moves extremely quickly
# codex = if enableCodexOverride then prev.codex.overrideAttrs (oldAttrs: rec {
# inherit (codexVersion) version;
# src = prev.fetchFromGitHub {
# owner = "openai";
# repo = "codex";
# tag = "rust-v${codexVersion.version}";
# inherit (codexVersion) hash;
# };
# # Use importCargoLock instead of fetchCargoVendor to avoid workspace parsing issues
# cargoDeps = prev.rustPlatform.importCargoLock {
# lockFile = "${src}/codex-rs/Cargo.lock";
# outputHashes = codexVersion.outputHashes or {};
# };
# cargoHash = null; # Not used with importCargoLock
# }) else prev.codex;
# # XXX: Don't remove this code - use enableClaudeCodeOverride flag instead.
# # nixpkgs often lags behind and claude-code moves extremely quickly
# claude-code = if enableClaudeCodeOverride then prev.claude-code.overrideAttrs (oldAttrs: {
# inherit (claudeCodeVersion) version npmDepsHash;
# src = prev.fetchurl {
# url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${claudeCodeVersion.version}.tgz";
# inherit (claudeCodeVersion) hash;
# };
# }) else prev.claude-code;
# nvidia-container-toolkit = prev.nvidia-container-toolkit.overrideAttrs(old: {
# postInstall = ''