feat(kicad): add KICAD9_FOOTPRINT_DIR session variable for footprint libraries

feat(claude): add caveman and oh-my-claudecode skills via flake inputs
Declaratively manage Claude Code skills through home-manager by fetching plugin repos as non-flake inputs and symlinking their skills directories.
2026-04-20 23:04:50 -04:00 · 2026-04-20 22:51:37 -04:00 · 2026-04-20 19:50:44 -04:00 · 2026-04-15 19:19:22 -04:00 · 2026-04-15 19:12:34 -04:00 · 2026-04-15 19:08:13 -04:00
4 changed files with 100 additions and 14 deletions
@@ -156,6 +156,11 @@
  # Allow /etc/hosts to be modified without system rebuild
  environment.etc.hosts.mode = "0644";

+  # KiCad footprint libraries
+  environment.sessionVariables = {
+    KICAD9_FOOTPRINT_DIR = "${pkgs.kicad-libraries.footprints}/share/kicad/footprints";
+  };
+
  # Enable flakes and extras
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

@@ -176,26 +181,49 @@

  # WireGuard VPN
  networking.wg-quick.interfaces.wg0 = {
-    address = [ "10.0.1.66/28" ];
+    address = [ "10.0.1.67/32" ];
+    dns = [ "10.0.1.65" ];
    privateKeyFile = "/etc/wireguard/private.key";

    peers = [{
      publicKey = "VEpzr/CeGdS6Wsy0NDDfmlB/bCYxS55A155HWGCIIzc=";
      endpoint = "vpn.leeworks.dev:51820";
-      allowedIPs = [ "10.0.1.64/28" ];
+      # Route all traffic through VPN EXCEPT the local 10.0.0.0/24 network
+      allowedIPs = [
+        "0.0.0.0/5"
+        "8.0.0.0/7"
+        "10.0.1.0/24"
+        "10.0.2.0/23"
+        "10.0.4.0/22"
+        "10.0.8.0/21"
+        "10.0.16.0/20"
+        "10.0.32.0/19"
+        "10.0.64.0/18"
+        "10.0.128.0/17"
+        "10.1.0.0/16"
+        "10.2.0.0/15"
+        "10.4.0.0/14"
+        "10.8.0.0/13"
+        "10.16.0.0/12"
+        "10.32.0.0/11"
+        "10.64.0.0/10"
+        "10.128.0.0/9"
+        "11.0.0.0/8"
+        "12.0.0.0/6"
+        "16.0.0.0/4"
+        "32.0.0.0/3"
+        "64.0.0.0/2"
+        "128.0.0.0/1"
+      ];
      persistentKeepalive = 25;
    }];
  };

-  services.tailscale = {
-    enable = true;
-    useRoutingFeatures = "client";  # or "both" for subnet routing
-  };

  # Open firewall for Tailscale
  networking.firewall = {
    checkReversePath = "loose";
-    trustedInterfaces = [ "tailscale0" ];
+    trustedInterfaces = [ "tailscale0" "wg0" ];
    allowedUDPPorts = [ config.services.tailscale.port ];
  };

@@ -229,6 +257,7 @@
  # Enable necessary services
  xdg.portal = {
    enable = true;
+    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
  };

  services.pcscd.enable = true;
@@ -1,5 +1,21 @@
 {
  "nodes": {
+    "caveman": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1776507098,
+        "narHash": "sha256-M+NoWXxrhtbkbe/lmq7P0/KpmqOZzJjhgeUVjY+7N2k=",
+        "owner": "JuliusBrussee",
+        "repo": "caveman",
+        "rev": "84cc3c14fa1e10182adaced856e003406ccd250d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "JuliusBrussee",
+        "repo": "caveman",
+        "type": "github"
+      }
+    },
    "flake-utils": {
      "inputs": {
        "systems": "systems"
@@ -76,11 +92,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1775126147,
-        "narHash": "sha256-J0dZU4atgcfo4QvM9D92uQ0Oe1eLTxBVXjJzdEMQpD0=",
+        "lastModified": 1776329215,
+        "narHash": "sha256-a8BYi3mzoJ/AcJP8UldOx8emoPRLeWqALZWu4ZvjPXw=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "8d8c1fa5b412c223ffa47410867813290cdedfef",
+        "rev": "b86751bc4085f48661017fa226dee99fab6c651b",
        "type": "github"
      },
      "original": {
@@ -106,12 +122,30 @@
        "type": "github"
      }
    },
+    "oh-my-claudecode": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1776693787,
+        "narHash": "sha256-C/m8Vlt6MXy8nlgqtoey9A5JnVTHCPkGUjar9x5Y2uw=",
+        "owner": "Yeachan-Heo",
+        "repo": "oh-my-claudecode",
+        "rev": "084fc47266824b35f4c8cbe886c0990ae716c184",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Yeachan-Heo",
+        "repo": "oh-my-claudecode",
+        "type": "github"
+      }
+    },
    "root": {
      "inputs": {
+        "caveman": "caveman",
        "home-manager": "home-manager",
        "kickstart-nvim": "kickstart-nvim",
        "nixpkgs": "nixpkgs_2",
-        "nixpkgs-unstable": "nixpkgs-unstable"
+        "nixpkgs-unstable": "nixpkgs-unstable",
+        "oh-my-claudecode": "oh-my-claudecode"
      }
    },
    "systems": {
@@ -9,9 +9,17 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    kickstart-nvim.url = "github:0xWheatyz/kickstart.nvim";
+    caveman = {
+      url = "github:JuliusBrussee/caveman";
+      flake = false;
+    };
+    oh-my-claudecode = {
+      url = "github:Yeachan-Heo/oh-my-claudecode";
+      flake = false;
+    };
  };

-  outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, kickstart-nvim, ... }:
+  outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, kickstart-nvim, caveman, oh-my-claudecode, ... }:
    let
      system = "x86_64-linux";
      pkgs-unstable = import nixpkgs-unstable {
@@ -31,7 +39,7 @@
            home-manager.useUserPackages = true;
            home-manager.users.l-wyatt = import ./home.nix;
            home-manager.extraSpecialArgs = {
-              inherit kickstart-nvim;
+              inherit kickstart-nvim caveman oh-my-claudecode;
            };
            home-manager.sharedModules = [
              kickstart-nvim.homeManagerModules.default
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, caveman, oh-my-claudecode, ... }:

 {
  home.username = "l-wyatt";
@@ -28,6 +28,7 @@
    gnomeExtensions.just-perfection
    gnomeExtensions.arc-menu
    freecad
+    gtk3  # Provides org.gtk.Settings.FileChooser schema for FreeCAD
  ];

  # --------------------------
@@ -206,6 +207,20 @@
  # Use kickstart.nvim configuration from flake
  programs.neovim-kickstart.enable = true;

+  # Claude Code skills (managed declaratively via flake inputs)
+  home.file.".claude/skills/caveman" = {
+    source = "${caveman}/skills/caveman";
+    recursive = true;
+  };
+  home.file.".claude/skills/caveman-help" = {
+    source = "${caveman}/skills/caveman-help";
+    recursive = true;
+  };
+  home.file.".claude/skills/oh-my-claudecode" = {
+    source = "${oh-my-claudecode}/skills";
+    recursive = true;
+  };
+
  # Claude Code configuration
  home.file.".claude/CLAUDE.md" = {
    text = ''
Author	SHA1	Message	Date
0xWheatyz	9c9935b550	feat(kicad): add KICAD9_FOOTPRINT_DIR session variable for footprint libraries	2026-04-20 23:04:50 -04:00
0xWheatyz	5da4d36d25	feat(claude): add caveman and oh-my-claudecode skills via flake inputs Declaratively manage Claude Code skills through home-manager by fetching plugin repos as non-flake inputs and symlinking their skills directories.	2026-04-20 22:51:37 -04:00
0xWheatyz	d83b03bbd8	fix(wireguard): exclude local 10.0.0.0/24 from tunnel to preserve LAN access Replace 0.0.0.0/0 allowedIPs with CIDR blocks covering everything except 10.0.0.0/24, which conflicts with the building's local network. Also switch endpoint back to hostname and remove unused tailscale service block.	2026-04-20 19:50:44 -04:00
0xWheatyz	c371552dfd	fix(wireguard): use static endpoint IP and drop manual route hooks Replace hostname endpoint with resolved IP (69.48.243.22) so wg-quick's native fwmark-based routing handles 0.0.0.0/0 correctly. Remove preUp/postDown hooks that conflicted with wg-quick's own policy routing.	2026-04-15 19:19:22 -04:00
0xWheatyz	8b5111e9a1	fix(wireguard): move endpoint route to preUp/postDown hooks postUp runs after wg-quick has already rerouted all traffic through the tunnel, making external DNS unreachable. Use preUp to add the host route before routing changes, and postDown to clean up after.	2026-04-15 19:12:34 -04:00
0xWheatyz	cca5c48725	fix(wireguard): use public DNS to resolve endpoint before tunnel is up Query @1.1.1.1 explicitly in postUp/preDown hooks since the VPN DNS (10.0.1.65) is unreachable before the tunnel establishes.	2026-04-15 19:08:13 -04:00
0xWheatyz	b4e4036c41	fix(wireguard): resolve endpoint hostname to IP before adding route ip route does not accept hostnames. Use dig to resolve vpn.leeworks.dev to an IP address in postUp/preDown hooks.	2026-04-15 19:00:00 -04:00
0xWheatyz	3aab755e37	fix(wireguard): add endpoint host route and trust wg0 interface Add postUp/preDown hooks to create a host route for the VPN endpoint via the real gateway, preventing a routing loop when allowedIPs is 0.0.0.0/0. Also add wg0 to firewall trustedInterfaces.	2026-04-15 18:45:03 -04:00
0xWheatyz	6e361b197c	feat(wireguard): update wg0 config to match ClusterVPN-Nixos.conf - Address: 10.0.1.66/28 -> 10.0.1.67/32 - Add DNS 10.0.1.65 - AllowedIPs: restricted subnets -> 0.0.0.0/0 (full tunnel)	2026-04-15 18:40:53 -04:00
0xWheatyz	6fd0b18746	fix(home): move gtk3 to home.packages for FreeCAD GSettings schema FreeCAD is a home-manager package, so its GSettings schema dependency (org.gtk.Settings.FileChooser) must also be in home.packages for home-manager to include it in XDG_DATA_DIRS. Having gtk3 only in system packages left it invisible to the user session.	2026-04-05 19:36:33 -04:00
0xWheatyz	0c15063a58	fix(system): add gtk3 to system packages for GSettings file chooser schema FreeCAD crashes with 'org.gtk.Settings.FileChooser is not installed' because home-manager packages don't get their GSettings schemas compiled into the system profile. Moving gtk3 to environment.systemPackages fixes this.	2026-04-05 19:28:53 -04:00
0xWheatyz	9056237e8a	fix(portal): add xdg-desktop-portal-gtk for freecad file chooser FreeCAD's save/open dialogs require the GTK portal backend for the file chooser D-Bus service. The bare gtk3 package doesn't provide this, so replace it with the portal package in the system config.	2026-04-05 18:54:03 -04:00
0xWheatyz	64b450bbe7	feat(wireguard): expand allowedIPs to include home network subnets Add 192.168.1.0/24, 10.0.0.0/24, and 10.0.1.0/26 to route traffic for the full home LAN through the WireGuard tunnel.	2026-04-05 14:09:16 -04:00
0xWheatyz	8eee1ab82f	fix(home): add gtk3 to resolve freecad save-as crash FreeCAD's file chooser requires the org.gtk.Settings.FileChooser GSettings schema from GTK3, which was missing from XDG_DATA_DIRS.	2026-04-05 13:57:37 -04:00