NixOS and Home Manager configuration for Jet's Framework laptop.
This flake defines one host:
framework: Framework laptop
flake.nix: flake inputs, host wiring, formatter, and dev shellflake.lock: pinned flake input revisionsoverlays/: nixpkgs overlays and package overridesmodules/nixos/common/: shared NixOS system modulesmodules/home/common/: shared Home Manager modulesmodules/home/optional/: optional Home Manager modules not imported by defaulthosts/framework/: NixOS and Home Manager configuration for the Framework laptoppkgs/: local package definitionsgnome-extensions/: local GNOME Shell extensionssecrets/: agenix-encrypted secrets
Run these before switching a machine:
nix flake check --print-build-logs path:.
nix build --no-link --print-build-logs path:.#nixosConfigurations.framework.config.system.build.toplevelThe repository uses direnv via .envrc with use flake.
Enter the dev shell automatically with direnv, or explicitly with:
nix developSwitch the current host:
nhsWithout an already-loaded dev shell:
nix develop -c nhsBuild and make the new generation the next boot without switching now:
nhbUpdate inputs:
nix flake updateThe interactive Bash alias nfu also runs nix flake update.
After updates, validate and switch:
nix flake check --print-build-logs path:.
nix build --no-link --print-build-logs path:.#nixosConfigurations.framework.config.system.build.toplevel
nhsThe system starts one background OpenCode server for user jet:
opencode serveThe server host and port are declared in ~/.config/opencode/opencode.json:
127.0.0.1:4096
In interactive Bash, both opencode and o attach to that background server from the current directory:
opencode
oTo bypass the shell function and run the underlying binary directly:
command opencode --helpOpenCode is configured with permissive permissions and only the Chrome DevTools MCP globally enabled.
The Framework also exposes OpenCode to the tailnet with Tailscale Serve:
opencode-tailnet-url
opencode-tailnet-url --qrTailnet policy also restricts access to framework: broad tailnet and exit-node access remains enabled, but framework is removed from the broad tailnet grant and added back only for pixel-10. The live policy uses pixel-10's Tailscale IPs plus built-in Android posture (node:os == 'android', stable release track, encrypted Tailscale state) because custom device posture attributes are not available on the current Tailscale plan. The local firewall additionally limits the Serve HTTPS endpoint to pixel-10 (100.106.98.89 / fd7a:115c:a1e0::1433:6259).
Ghostty uses its GTK single-instance/systemd integration and runs one persistent Zellij session named main.
Launching Ghostty attaches to that session through:
zellij attach --create mainThe helper ghostty-zellij opens Ghostty with single-instance behavior. Zellij tab names sync from the current working directory on prompt updates.