diff --git a/.chezmoi.yaml.tmpl b/.chezmoi.yaml.tmpl index d5dbcb0..cbbb97b 100644 --- a/.chezmoi.yaml.tmpl +++ b/.chezmoi.yaml.tmpl @@ -11,11 +11,42 @@ encryption: "age" sourceDir: {{ .chezmoi.sourceDir | quote }} -# When you have age secrets, uncomment and add recipient public keys here. -# recipients: -# - age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p -# - age1miche_pubkey_placeholder -# - age1byte_pubkey_placeholder +# age config — see https://www.chezmoi.io/user-guide/encryption/age/ +# +# To bootstrap age on a new box: +# 1. Generate a recovery key (offline, store secret in password manager): +# age-keygen -o ~/.config/chezmoi/keys/recovery.key +# Add the printed public key below as a recipient. +# 2. Generate a per-machine key on each box: +# age-keygen -o ~/.config/chezmoi/key.txt +# Add its public key below, then `chezmoi age rekey` to rewrite *.age files. +# +# To encrypt a new secret: +# echo 'secret' | chezmoi encrypt --output private_dot_.../.age +# +# To decrypt (auto, on apply): +# chezmoi uses ~/.config/chezmoi/key.txt (per-machine) by default. + +age: + identity: "~/.config/chezmoi/key.txt" + + # Multiple recipients: every listed recipient can decrypt every *.age file. + # Add a new recipient by pasting their public key below, then + # `chezmoi age rekey` to rewrite existing files with the new recipient. + recipients: + # Recovery key — secret stored offline (password manager, USB stick). + # Don't lose this: it's the only way to recover secrets if every + # machine key is lost. + - age1yyq42ctqwp5s5yd64week3aav9getk3p8aeyr5n5454d0v59a4dsjljsgs + + # Per-machine keys — one per box. Generate on the box itself with + # `age-keygen -o ~/.config/chezmoi/key.txt`, paste its public key + # here, then `chezmoi age rekey`. + - age1eja7trs8mmsgf0qga0h5fsdltaryxgk4ksumshar5xxtdx0exy3q0a5hc5 # miche (Strix Halo GPU host) + # - age1byte_pubkey_placeholder # byte (CachyOS laptop) + # - age1kaiser_pubkey_placeholder # kaiser (services host) + # - age1rye_pubkey_placeholder # rye (Debian Pi) + # - age1crouton_pubkey_placeholder # crouton (Debian Pi) data: os_family: {{ $osFamily | quote }} diff --git a/private_dot_omp/agent/config.yml b/private_dot_omp/agent/config.yml new file mode 100644 index 0000000..d297918 --- /dev/null +++ b/private_dot_omp/agent/config.yml @@ -0,0 +1,65 @@ +providers: + webSearch: searxng +searxng: + endpoint: http://kaiser.local:8800 +symbolPreset: nerd +theme: + dark: dark-gruvbox + light: light +setupVersion: 1 +modelRoles: + default: minimax-code/MiniMax-M3:high + task: llama-swap.miche/qwen3.6-27b-mtp-rocmfp4-turbo + smol: llama-swap.miche/qwen3.6-35b-a3b-mtp-rocmfp4 + plan: zai-coding/glm-5.2:xhigh + slow: minimax-code/MiniMax-M3:high + vision: llama-swap.miche/gemma4-12b +retry: + fallbackChains: + default: + - zai-coding/glm-5.2 + - minimax-code/MiniMax-M3 + - deepseek/deepseek-v4-pro + - llama-swap.miche/qwen3.6-27b-mtp-rocmfp4-turbo + - llama-swap.byte/qwen3.6-27b-mtp + task: + - llama-swap.miche/qwen3.6-27b-mtp-rocmfp4-turbo + - llama-swap.byte/qwen3.6-27b-mtp + - zai-coding/glm-5.2 + - minimax-code/MiniMax-M3 + smol: + - llama-swap.miche/qwen3.6-35b-a3b-mtp-rocmfp4 + - llama-swap.byte/qwen3.6-35b-a3b-mtp + - llama-swap.miche/qwen3.6-27b-mtp-rocmfp4-turbo + - zai-coding/glm-5.2 + - minimax-code/MiniMax-M3 + plan: + - zai-coding/glm-5.2:xhigh + - minimax-code/minimax-code:xhigh + - deepseek/deepseek-v4-pro:xhigh + - llama-swap.miche/step-3.7-flash:high + slow: + - zai-coding/glm-5.2 + - minimax-code/minimax-code + - deepseek/deepseek-v4-pro + - llama-swap.miche/step-3.7-flash + vision: + - llama-swap.miche/gemma4-12b + - llama-swap.byte/gemma-4-12b-heretic + - llama-swap.miche/qwen3.6-27b-mtp-rocmfp4-turbo +tools: + approvalMode: yolo +memory: + backend: "off" +github: + enabled: true +statusLine: + preset: default + separator: powerline + transparent: true +tui: + textSizing: false +defaultThinkingLevel: high +personality: pragmatic +hideThinkingBlock: true +readLineNumbers: true diff --git a/private_dot_omp/agent/mcp.json b/private_dot_omp/agent/mcp.json new file mode 100644 index 0000000..5525ba0 --- /dev/null +++ b/private_dot_omp/agent/mcp.json @@ -0,0 +1,13 @@ +{ + "$schema": "https://raw.githubusercontent.com/can1357/oh-my-pi/main/packages/coding-agent/src/config/mcp-schema.json", + "mcpServers": { + "firecrawl": { + "command": "npx", + "args": ["-y", "firecrawl-mcp"], + "env": { + "FIRECRAWL_API_KEY": "123", + "FIRECRAWL_API_URL": "http://bazzite.local:3002" + } + } + } +} diff --git a/private_dot_omp/agent/zai.key.age b/private_dot_omp/agent/zai.key.age new file mode 100644 index 0000000..5e3664c --- /dev/null +++ b/private_dot_omp/agent/zai.key.age @@ -0,0 +1,10 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlZWhIcnM5cDBjeXNsSFJD +YmNrVXEyRitzcHpIUms0S281SElvNzBFMG40CkI0ck1MRlk1c0pxWnpwc3ZxTEFR +UVJCbk5TWFluZXpzUGlNVEk4alNXWE0KLT4gWDI1NTE5IEVBV2tkS3pyS3lITWdV +U0JuaTExTjFqbElUQ0FzTTlNUVEzZVVOdlFFRzQKc3c3WXBtQVR4NitoZXYveDZL +aFNtWng2WFBSVE5QSTg4VngwVVFiVUxFOAotLS0gaHlYRTROc3BTWS9IYVVNZlhy +aWZvbThPZm94MG41Nk9kZGNTKzlZM3FMRQo8aM6b1YkAxYJLXq+49I2LazKrOF6U +vUpLSW9ArUFQZuCYjexGzGpJXEjWjpbjOv6nV7LZAIN+brCNYLV2SEHp2Gq+Uny8 +ljyD+SUwXgVerdzP +-----END AGE ENCRYPTED FILE----- diff --git a/run_once_20-install-user-packages.sh.tmpl b/run_once_20-install-user-packages.sh.tmpl index cb823e3..aceba16 100755 --- a/run_once_20-install-user-packages.sh.tmpl +++ b/run_once_20-install-user-packages.sh.tmpl @@ -30,11 +30,23 @@ PACMAN_PKGS=( lazygit yt-dlp jq unzip p7zip openssh + bun ) log "installing pacman packages" sudo pacman -S --needed --noconfirm "${PACMAN_PKGS[@]}" +# --------------------------- Pi coding agent + oh-my-pi --------------------- +# Arch: bun comes from pacman (above), used here for the global install. +if command -v bun >/dev/null 2>&1; then + if ! command -v omp >/dev/null 2>&1; then + log "installing @oh-my-pi/pi-coding-agent via bun global" + bun add -g @oh-my-pi/pi-coding-agent 2>&1 | tail -10 + else + log "omp already installed: $(omp --version 2>&1 | head -1)" + fi +fi + {{ else if eq .os_family "debian" -}} # ----------------------------- DEBIAN -------------------------------------- export DEBIAN_FRONTEND=noninteractive @@ -55,6 +67,14 @@ APT_PKGS=( log "installing apt packages" sudo apt-get install -y --no-install-recommends "${APT_PKGS[@]}" +# bun isn't in debian repos. Install via official script into ~/.local +# (so the binary lands at ~/.local/bin/bun, which is already in PATH +# via .zshrc — no extra PATH config needed). +if ! command -v bun >/dev/null 2>&1; then + log "installing bun to ~/.local/bin (debian: not in apt)" + curl -fsSL https://bun.sh/install | BUN_INSTALL="$HOME/.local" bash +fi + # fd on Debian ships as 'fdfind' to avoid clashing with fd (the dedupe tool). # Symlink so .zshrc can find 'fd' on PATH. if command -v fdfind >/dev/null 2>&1 && ! command -v fd >/dev/null 2>&1; then @@ -67,6 +87,18 @@ fi # package. The install happens in run_onchange_30 (after rustup is ready, # via `cargo install bat`). +# --------------------------- Pi coding agent + oh-my-pi --------------------- +# Install via bun global (arch already has /usr/bin/bun from pacman, debian +# got it from the curl install above). Both OSes land in the same dir. +if command -v bun >/dev/null 2>&1; then + if ! command -v omp >/dev/null 2>&1; then + log "installing @oh-my-pi/pi-coding-agent via bun global" + bun add -g @oh-my-pi/pi-coding-agent 2>&1 | tail -10 + else + log "omp already installed: $(omp --version 2>&1 | head -1)" + fi +fi + # Neovim — install official binary tarball, pinned to a known-good version. # Bump NVIM_TARGET_VERSION to upgrade. ~/.local/bin/update-neovim.sh does # the same check + download so topgrade can invoke it for upgrades.