Replace restrictive bash-only permissions with full tool access
including Read, Glob, Grep, WebFetch, WebSearch, Agent, and
NotebookEdit for a more capable Claude Code experience.
- Disable firewall to allow VPN traffic
- Switch DNS from VPN server (10.0.1.65) to Cloudflare (1.1.1.1)
- Use direct IP endpoint (69.48.243.22) instead of DNS hostname to
prevent resolution failures when DNS routes through the tunnel
- Add pre/post routing rules to avoid routing loop by sending VPN
endpoint traffic via the local gateway
Constraint: endpoint must be an IP, not hostname, to avoid DNS chicken-and-egg
Rejected: keep DNS hostname endpoint | fails when DNS resolves through tunnel
Confidence: high
Scope-risk: moderate
Add agents directory from oh-my-claudecode flake input, include the
upstream OMC CLAUDE.md configuration block via builtins.readFile, and
add statusLine/env/teammateMode to the declarative settings.json.
Skills were installed at ~/.claude/skills/oh-my-claudecode/<name>/SKILL.md
but Claude Code expects ~/.claude/skills/<name>/SKILL.md. Link the source
directly into the skills directory.
Replace 0.0.0.0/0 allowedIPs with CIDR blocks covering everything except
10.0.0.0/24, which conflicts with the building's local network. Also switch
endpoint back to hostname and remove unused tailscale service block.
Replace hostname endpoint with resolved IP (69.48.243.22) so
wg-quick's native fwmark-based routing handles 0.0.0.0/0 correctly.
Remove preUp/postDown hooks that conflicted with wg-quick's own
policy routing.
postUp runs after wg-quick has already rerouted all traffic through
the tunnel, making external DNS unreachable. Use preUp to add the
host route before routing changes, and postDown to clean up after.
Add postUp/preDown hooks to create a host route for the VPN endpoint
via the real gateway, preventing a routing loop when allowedIPs is
0.0.0.0/0. Also add wg0 to firewall trustedInterfaces.
FreeCAD is a home-manager package, so its GSettings schema dependency
(org.gtk.Settings.FileChooser) must also be in home.packages for
home-manager to include it in XDG_DATA_DIRS. Having gtk3 only in
system packages left it invisible to the user session.
FreeCAD crashes with 'org.gtk.Settings.FileChooser is not installed'
because home-manager packages don't get their GSettings schemas compiled
into the system profile. Moving gtk3 to environment.systemPackages fixes this.
FreeCAD's save/open dialogs require the GTK portal backend for the
file chooser D-Bus service. The bare gtk3 package doesn't provide this,
so replace it with the portal package in the system config.
Set actual GPG key ID for git commit signing, disable GCR ssh-agent
socket so gpg-agent handles SSH auth, and trim redundant setup steps
from yubikey guide.
Enable gpg-agent with SSH support and pinentry-gnome3, add
yubikey-manager and pcscd service, configure GPG with hardened
preferences and scdaemon, disable gnome-keyring SSH agent, and
prepare git signing configuration.
The experimental xwayland-native-scaling feature causes XWayland
connection loss when KiCad fullscreens on the second monitor,
crashing the application. Fractional scaling is retained via
scale-monitor-framebuffer.
Add home-manager managed CLAUDE.md with commit behavior instructions,
a /commit slash command for conventional commits workflow, and expand
allowed Bash permissions to include nix commands. Remove inline
customInstructions in favor of CLAUDE.md file.
- Add nixpkgs-unstable input for latest Claude Code versions
- Remove duplicate home-manager config from configuration.nix (handled by flake)
- Remove fetchTarball/fetchGit calls incompatible with pure flake mode
- Add shell function to auto-update unstable on nixos-rebuild
- Add includeCoAuthoredBy option set to false
- Update customInstructions to exclude signature from commits
- Fix Bash permission syntax from "git *" to "git:*"
Add alwaysThinkingEnabled option and force flag to overwrite existing
settings.json file managed outside of home-manager.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Configure Claude Code to allow Edit, Write, and git commands without prompting,
and instruct it to use conventional commit format in git repositories.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added detailed documentation covering NixOS configuration, installed software,
features, and usage instructions for both system and user-level management.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Replace the default GNOME Console terminal with Ghostty by adding it to home packages, configuring it as the default terminal application via dconf settings, and excluding GNOME Console from installed packages.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Switch from zellij to tmux for terminal multiplexing with mouse support, improved window numbering, and 256-color terminal configuration.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
0xWheatyz
