nix templates: factor harness-base.nix (shared scaffolding incl. gitconfig)

2026-05-15 16:10:55 +02:00 · 2026-05-15 16:10:55 +02:00 · e1289a3e4c
commit e1289a3e4c
parent cb62e15d4f
11 changed files with 137 additions and 113 deletions
--- a/nix/templates/agent-base.nix
+++ b/nix/templates/agent-base.nix
@ -1,27 +1,14 @@
 { pkgs, ... }:
 {
-  boot.isNspawnContainer = true;
-
-  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [ "claude-code" ];
-
-  environment.systemPackages = with pkgs; [
-    hyperhive
-    claude-code
-    bashInteractive
-    git
-    coreutils-full
-  ];
-  # claude's Bash tool refuses to run without a POSIX shell + $SHELL set.
-  environment.variables.SHELL = "${pkgs.bashInteractive}/bin/bash";
+  imports = [ ./harness-base.nix ];

  systemd.services.hive-ag3nt = {
    description = "hive-ag3nt harness";
    wantedBy = [ "multi-user.target" ];
    after = [ "network.target" ];
-    # The harness shells out to `claude` (turn loop + login flow). systemd
-    # units get a minimal PATH by default, so we have to put claude-code on
-    # it explicitly even though it's in environment.systemPackages above.
-    # bash is on PATH so claude's Bash tool can spawn `$SHELL`.
+    # `claude` for the turn loop + `bash` for claude's Bash tool. systemd
+    # units get a minimal PATH by default; entries in
+    # `environment.systemPackages` aren't on it.
    path = [
      pkgs.claude-code
      pkgs.bashInteractive
@ -33,6 +20,4 @@
      RestartSec = 2;
    };
  };
-
-  system.stateVersion = "25.11";
 }
--- a/nix/templates/harness-base.nix
+++ b/nix/templates/harness-base.nix
@ -0,0 +1,35 @@
+{ pkgs, ... }:
+{
+  # Shared scaffolding for any hyperhive harness container — both
+  # sub-agents (`agent-base.nix`) and the manager (`manager.nix`) extend
+  # this. The systemd service that actually runs the harness binary
+  # differs per role and lives in the child module.
+
+  boot.isNspawnContainer = true;
+
+  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [ "claude-code" ];
+
+  environment.systemPackages = with pkgs; [
+    hyperhive
+    claude-code
+    bashInteractive
+    git
+    coreutils-full
+  ];
+  # claude's Bash tool refuses to run without a POSIX shell + $SHELL set.
+  environment.variables.SHELL = "${pkgs.bashInteractive}/bin/bash";
+
+  # Default gitconfig for any commits the harness makes. The per-agent
+  # `applied/<name>/flake.nix` overrides this with the agent's own name +
+  # email; this fallback only kicks in if the container is built straight
+  # from `agent-base` / `manager` without the per-agent extension.
+  environment.etc."gitconfig".text = ''
+    [user]
+      name = hyperhive
+      email = hyperhive@local
+    [init]
+      defaultBranch = main
+  '';
+
+  system.stateVersion = "25.11";
+}
--- a/nix/templates/manager.nix
+++ b/nix/templates/manager.nix
@ -1,27 +1,11 @@
 { pkgs, ... }:
 {
-  boot.isNspawnContainer = true;
-
-  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [ "claude-code" ];
-
-  environment.systemPackages = with pkgs; [
-    hyperhive
-    claude-code
-    bashInteractive
-    git
-    coreutils-full
-  ];
-  # claude's Bash tool refuses to run without a POSIX shell + $SHELL set.
-  environment.variables.SHELL = "${pkgs.bashInteractive}/bin/bash";
-
-  environment.etc."gitconfig".text = ''
-    [user]
-      name = hm1nd
-      email = hm1nd@hyperhive
-    [init]
-      defaultBranch = main
-  '';
+  imports = [ ./harness-base.nix ];

+  # HIVE_PORT/HIVE_LABEL/gitconfig are also injected by the generated
+  # `applied/hm1nd/flake.nix` (see `lifecycle::setup_applied`); the values
+  # here are the base config so the container stays sensible if anyone
+  # ever evaluates `nixosConfigurations.manager` standalone.
  systemd.services.hive-m1nd = {
    description = "hive-m1nd manager harness";
    wantedBy = [ "multi-user.target" ];
@ -29,20 +13,16 @@
    environment = {
      HIVE_PORT = "8000";
      HIVE_LABEL = "hm1nd";
+      SHELL = "${pkgs.bashInteractive}/bin/bash";
    };
-    # See note in agent-base.nix — `claude` and a POSIX shell have to be on
-    # the service PATH explicitly for the harness + claude's Bash tool.
    path = [
      pkgs.claude-code
      pkgs.bashInteractive
    ];
-    environment.SHELL = "${pkgs.bashInteractive}/bin/bash";
    serviceConfig = {
      ExecStart = "${pkgs.hyperhive}/bin/hive-m1nd serve";
      Restart = "on-failure";
      RestartSec = 2;
    };
  };
-
-  system.stateVersion = "25.11";
 }