Skip to content

ToDo

Nix

  1. https://github.blog/changelog/2026-04-07-dependabot-version-updates-now-support-the-nix-ecosystem/

  2. Add install-nix skill from https://github.com/vorburger/aifiles

  3. VM, like ixo!!

  4. Alt Left/Right in nano

  5. Shift Up/Down, Alt Up/Down, Ctrl PgUp/PgDown https://gemini.google.com/app/394387d4e13b598c

  6. pass, via ext. YK

  7. True Colors!! Both on Console, and when logged in remotely over ssh in tmux

  8. Ctrl-Backspace in Fish on Console (only; works over SSH)

  9. How to solve <> problem

  10. Try services.howdy.enable = true; security.pam.services.sudo.howdyAuth = true;

  11. https://github.com/NixOS/nixos-hardware/blob/master/lenovo/thinkpad/x1/12th-gen/default.ni

  12. nix GC automatically

  13. Login and go straight into TMUX

  14. Graphical; initially most minimal - just Brave & Kitty, in Sway?

  15. Compare pstree on Nix Console and Fedora in GNOME

  16. Antigravity, but NOT via home-manager, see https://github.com/vorburger/dotfiles/commit/21aff996ef847ddeefbde2061f984446682ba1e3

  17. How to do LUKS encryption?

boot.initrd.systemd.enable = true; # Required for modern systemd-cryptsetup
security.tpm2.enable = true;

$ sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/nvme0n1p2

  1. Impermanence

  2. /nix on separate partition (or LV)

  3. Secure Boot!!

  4. Not possible to still dual boot Fedora?

  5. Does ssh-tpm-agent still work?!

  6. tmux should remember open tabs over restart

  7. Cache on CI

  8. mkdocs a https://aifiles.vorburger.ch

  9. Make a much more minimal initial host config

  10. WiFi setup baked in into installer, as it now is for ixo

  11. AI extract an _local.nix from vm1/configuration.nix, re-use it in ixo/configuration.nix

  12. AI Make nixos-anywhere available in the dev shell of this project

  13. Use sopsnix or agenix for secrets management (instead of nixos-anywhere --extra-files). Maybe together with https://github.com/Foxboron/age-plugin-tpm ?

  14. nrs script, which does sudo nixos-rebuild switch --flake . - AFTER checking that there are no dirty un-committed nixfiles AND that they have been pushed to the remote repo.

  15. Move nix-update skill to nixfiles repo - but reference it as input to make it available here... how?

  16. Try https://github.com/Foxboron/ssh-tpm-agent/issues/109

  17. Try https://yazi-rs.github.io

  18. Blog about my NixOS experience (similar to this)

  19. Upstream configurations of any services et al. which ideally shouldn't be here at all

  20. Try https://github.com/microvm-nix/microvm.nix? See https://michael.stapelberg.ch/posts/2026-02-01-coding-agent-microvm-nix/.

Upstream

  1. ssh-tpm-agent: keyutils

  2. How to isolate? Merely building ssh-tpm-agent locally from nixpkgs (but probably even standalone) breaks ssh on OS.

  3. Add a system service for ssh-tpm-agent

Machines

  1. VM vorburger sudo password?! None - but enable this:
security.pam.sshAgentAuth.enable = true;
security.sudo.extraConfig = ''
Defaults env_keep += SSH_AUTH_SOCK
'';

  1. Remove Disko & GRUB from test1, if possible

  2. VM with UEFI instead of BIOS, and systemd-boot instead of GRUB

  3. Rename test1 to vm-without-bootloader, and vm1 to vm-bios-with-grub-bootloader ?

  4. VM testing; https://github.com/anatol/vmtest for systemctl status (porcelaim?)

  5. nixos-rebuild ... --specialisation XYZ for different use cases?

  6. Cloud VMs? imports = [ "${modulesPath}/virtualisation/amazon-image.nix" ] ? See e.g. this announcement.

  7. Workstation 🖥️ with pam_u2f.so for sudo with SK

  8. Clan!

  9. https://docs.clan.lol/guides/nixpkgs-flake-input/
  10. https://docs.clan.lol/guides/flake-parts/

  11. https://docs.clan.lol/guides/nixos-rebuild/

  12. Replace hostfwd=tcp::2222-:22 with proper bridged networking to get real IP address?

  13. Replace StrictHostKeyChecking=no with fixed hostkey from secret vault

  14. Have both unstable and fixed nix pkgs - for different hosts

  15. Try https://nixcademy.com/posts/auto-growing-nixos-appliance-images-with-systemd-repart/

Gemini CLI

  1. Reads all docs/**.md in GEMINI.md ?!

  2. Despite .gemini/settings.json it still asks for confirmation to run nix fmt - why?

Tools

  1. Make bin/vm.sh a modules/tools/vm.nix command available in devshell as vm

  2. https://github.com/maralorn/nix-output-monitor

  3. https://github.com/ners/nix-monitored

  4. Formatters are a mess; tools/git-hooks.nix pre-commit and fmt.nix for nix fmt don't share .treefmt.toml config?

  5. Run nix flake check in pre-commit hook

  6. Replace devshells with devShells (Nix), after all?

  7. https://github.com/nix-community/nh ?

  8. https://github.com/evanlhatch/ng ?

  9. https://github.com/vic/flake-aspects ?

Clean Up

  1. Consolidate LearningLinux 🐧 repo and dotfiles/NixOS here.

Docs

  1. Publish e.g. to nix.vorburger.ch

  2. Move https://github.com/vorburger/LearningLinux/tree/develop/nix/docs here

  3. Move https://github.com/vorburger/LearningLinux/blob/develop/nix/bookmarks.md here

  4. Pre-process MD to automagically insert links on anything that looks like a local file path

  5. Have an attribute/option in the modules/**/*.nix to link to the relevant docs/*.md

  6. Extract commands from modules/demo/hello.nix into docs/hello.md etc.

  7. Run https://docs.enola.dev/use/execmd

  8. Automagically extract TODO list

Low Priority / Nice to Have

  1. https://snowfall.org ?

  2. nixos-rebuild alternatives?

  3. Suppress (quiet) devshell menu

Future

  1. Enola.dev AI for https://github.com/NixOS/nixpkgs/pulls ?