Dinth
diff --git a/‎README.md‎
Lines changed: 25 additions & 0 deletions b/‎README.md‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎flake.lock‎
Lines changed: 9 additions & 9 deletions b/‎flake.lock‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎modules/apps/google-chrome/default.nix‎
Lines changed: 32 additions & 18 deletions b/‎modules/apps/google-chrome/default.nix‎
Lines changed: 32 additions & 18 deletions
diff --git a/‎modules/apps/opencode/default.nix‎
Lines changed: 19 additions & 10 deletions b/‎modules/apps/opencode/default.nix‎
Lines changed: 19 additions & 10 deletions
@@ -0,0 +1,25 @@
+# NixOS Configuration Context
+
+## Architecture
+
+- Using flakes.
+- System-level configuration and user-level configuration (Home Manager) are mixed up in the same files. 
+- 'hosts/' - Main configuration and hardware configuration for each of the hosts.
+- 'libs/' - Declarations and reusable content.
+- 'modules/apps/' - Application-specific configuration.
+- 'modules/harwdare/' - Hardware-specific configuration.
+- 'modules/services/' - Configuration for services running on the hosts.
+- 'modules/system/' - Configuration for large subsystems (for example graphical subsystem) involving multiple apps and/or system configuration.
+- 'secrets/' - encoded secrets (using ragenix).
+
+## Hosts Inventory
+
+1. Host: 'dinth-nixos-desktop'
+  - Hardware: desktop computer 
+  - Usecase: primary workstation
+2. Host: 'michal-surface-go'
+  - Hardware: Microsoft Surface Go 3
+  - Usecase: highly mobile workstation
+3. Host: 'r230-nixos'
+  - Hardware: Dell PowerEdge R230
+  - Usecase: docker server
@@ -1,4 +1,10 @@
-{ config, lib, pkgs, machineType ? "", ... }:
+{
+  config,
+  lib,
+  pkgs,
+  machineType ? "",
+  ...
+}:
 let
   inherit (lib) mkIf;
   cfg = config.graphical;
@@ -20,28 +26,34 @@ let
     "--force-color-profile=srgb"
   ];
   chromeFlags =
-    if machineType == "tablet" then builtins.concatStringsSep " " tabletFlags
-    else if machineType == "desktop" then builtins.concatStringsSep " " desktopFlags
-    else "";
+    if machineType == "tablet" then
+      builtins.concatStringsSep " " tabletFlags
+    else if machineType == "desktop" then
+      builtins.concatStringsSep " " desktopFlags
+    else
+      "";
   extensionsPolicy = builtins.toJSON {
     PolicyListMultipleSourceMergeList = [ "ExtensionInstallForcelist" ];
     ExtensionInstallForcelist = [
       "lkbebcjgcmobigpeffafkodonchffocl;https://gitlab.com/magnolia1234/bypass-paywalls-chrome-clean/-/raw/master/updates.xml"
-    ] ++ lib.optionals (config.kde.enable or false) [
+    ]
+    ++ lib.optionals (config.kde.enable or false) [
       "cimiefiiaegbelhefglklhhakcgmhkai;https://clients2.google.com/service/update2/crx"
     ];
   };
 
-  chromePackage = (pkgs.google-chrome.override {
+  chromePackage =
+    (pkgs.google-chrome.override {
       commandLineArgs = chromeFlags;
-    }).overrideAttrs (old: {
-      # Run this after the standard install to fix the desktop file
-      postInstall = (old.postInstall or "") + ''
-        if ! grep -q "StartupWMClass=" $out/share/applications/google-chrome.desktop; then
-          echo "StartupWMClass=google-chrome" >> $out/share/applications/google-chrome.desktop
-        fi
-      '';
-    });
+    }).overrideAttrs
+      (old: {
+        # Run this after the standard install to fix the desktop file
+        # postInstall = (old.postInstall or "") + ''
+        #   if ! grep -q "StartupWMClass=" $out/share/applications/google-chrome.desktop; then
+        #     echo "StartupWMClass=google-chrome" >> $out/share/applications/google-chrome.desktop
+        #   fi
+        # '';
+      });
 in
 {
   config = mkIf cfg.enable {
@@ -53,10 +65,12 @@ in
     environment.etc = {
       "opt/chrome/native-messaging-hosts/net.downloadhelper.coapp.json".source =
         "${pkgs.vdhcoapp}/lib/mozilla/native-messaging-hosts/net.downloadhelper.coapp.json";
-      "/opt/chrome/policies/enrollment/CloudManagementEnrollmentToken".source = config.age.secrets.chrome-enrolment.path;
-    "/opt/chrome/policies/enrollment/CloudManagementEnrollmentOptions".text = "Mandatory";
-    "opt/chrome/policies/managed/extensions.json".text = extensionsPolicy;
-    } // lib.optionalAttrs (config.kde.enable or false) {
+      "/opt/chrome/policies/enrollment/CloudManagementEnrollmentToken".source =
+        config.age.secrets.chrome-enrolment.path;
+      "/opt/chrome/policies/enrollment/CloudManagementEnrollmentOptions".text = "Mandatory";
+      "opt/chrome/policies/managed/extensions.json".text = extensionsPolicy;
+    }
+    // lib.optionalAttrs (config.kde.enable or false) {
       "opt/chrome/native-messaging-hosts/org.kde.plasma.browser_integration.json".source =
         "${pkgs.kdePackages.plasma-browser-integration}/etc/chromium/native-messaging-hosts/org.kde.plasma.browser_integration.json";
     };
 
@@ -57,7 +57,7 @@ in
           theme = "catppuccin";
           provider = {
             opencode = {
-#               timeout = 120000;  # 2 minutes - handles long context processing
+#               timeout = 120000;
 #               retryAttempts = 3;
 #               retryDelay = 1000;
 #               retryExponentialBase = 2.0;
@@ -115,7 +115,8 @@ in
           agent = {
             manager = {
               mode = "primary";
-              model = "opencode/claude-sonnet-4-5";
+              model = "google/gemini-2.5-pro";
+              # model = "opencode/claude-sonnet-4-5";
               prompt = ''
                 You are the Technical Project Manager. Analyze user intent and delegate to specialists. For complex web research, use @procurement. For NixOS configuration, use @nixos-engineer.
               '';
@@ -183,7 +184,8 @@ in
             };
             web-extractor = {
               mode = "subagent";
-              model = "opencode/gemini-3-flash";
+              model = "google/gemini-2.5-flash";
+              # model = "opencode/gemini-3-flash";
               prompt = "You are a Parsing Specialist. Convert raw HTML into clean JSON/Markdown. Discover API endpoints by inspecting source code.";
 #              tools = ["firecrawl" "agentql"];
               temperature = 0.1;
@@ -208,7 +210,8 @@ in
             };
             triage-specialist = {
               mode = "subagent";
-              model = "opencode/gemini-3-pro";
+              model = "google/gemini-2.5-pro";
+              # model = "opencode/gemini-3-pro";
               prompt = ''
                 You are the Triage Lead. Your job is to find the "Why".
                 1. When a failure is reported, query Grafana/Loki for error logs.
@@ -271,7 +274,8 @@ in
             };
             nixos-engineer = {
               mode = "subagent";
-              model = "opencode/claude-sonnet-4-5";
+              model = "google/gemini-2.5-pro";
+              # model = "opencode/claude-sonnet-4-5";
               prompt = ''
                 You are a NixOS Specialist.
                 - Your goal is to maintain the system closure in /etc/nixos.
@@ -315,7 +319,8 @@ in
             };
             home-assistant-agent = {
               mode = "subagent";
-              model = "opencode/claude-sonnet-4-5";
+              model = "google/gemini-2.5-pro";
+              # model = "opencode/claude-sonnet-4-5";
               prompt = ''
                 You are an IoT Specialist.
                 - You write Home Assistant YAML and ESPHome configs.
@@ -348,7 +353,8 @@ in
             };
             infra-manager = {
               mode = "subagent";
-              model = "opencode/gemini-3-pro";
+              model = "google/gemini-2.5-pro";
+              # model = "opencode/gemini-3-pro";
               prompt = ''
                 You are the Network Custodian.
                 - READ first: Always consult `{file:~/.config/opencode/knowledge/infrastructure.md}` to locate devices.
@@ -380,7 +386,8 @@ in
             };
             polyglot-coder = {
               mode = "subagent";
-              model = "opencode/gpt-5.2-codex";
+              model = "google/gemini-2.5-pro";
+              # model = "opencode/gpt-5.2-codex";
               prompt = ''
                 You are an Expert Software Engineer specializing in Bash, Python 3 and PHP 8.3+.
                 - BASH: Use 'set -euo pipefail', local variables, and prioritize readability. Always assume `shellcheck` will be run.
@@ -416,7 +423,8 @@ in
             };
             secops = {
               mode = "subagent";
-              model = "opencode/claude-opus-4-5";
+              model = "google/gemini-2.5-pro";
+              # model = "opencode/claude-opus-4-5";
               prompt = "Ethical Hacker. Perform pentesting (ZAP/Nmap), risk modelling, and gather threat intelligence. Map findings to CVEs.";
               temperature = 0.4;
               topP = 0.9;
@@ -446,7 +454,6 @@ in
             "@mohak34/opencode-notifier@latest"
           ];
           permission = {
-            edit = "ask";
             bash = {
               # Allow non-destructive git commands with wildcards
               "git status*" = "allow";
@@ -555,7 +562,9 @@ in
               "docker network ls*" = "allow";
               "docker volume ls*" = "allow";
             };
+            edit = "ask";
             read = "allow";
+            context_info = "allow";
             list = "allow";
             glob = "allow";
             grep = "allow";