dotfiles/nixos-config
1
0
Fork 0
mirror of https://github.com/srid/nixos-config.git synced 2025-12-26 15:04:59 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

sandboxed claude code

Browse source
This commit is contained in:
Sridhar Ratnakumar 2025-10-10 20:59:36 -04:00
parent b985e5def9
commit 070b5291f7
6 changed files with 71 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

57
flake.lock generated
View file

@ -484,6 +484,21 @@
"type": "github"
}
},
"landrun-nix": {
"locked": {
"lastModified": 1760138485,
"narHash": "sha256-ZzXk7ujO4bkpOzB12lgVE5BjmVkP5FWguFmLXRoXGuM=",
"owner": "srid",
"repo": "landrun-nix",
"rev": "827925fe6735c6048e1c6e687c0b213657e20760",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "landrun-nix",
"type": "github"
}
},
"nix-ai-tools": {
"inputs": {
"blueprint": "blueprint",
@ -751,22 +766,6 @@
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1759733170,
"narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8913c168d1c56dc49a7718685968f38752171c3b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1756696532,
"narHash": "sha256-6FWagzm0b7I/IGigOv9pr6LL7NQ86mextfE8g8Q6HBg=",
@ -887,6 +886,7 @@
"git-hooks": "git-hooks",
"github-nix-ci": "github-nix-ci",
"home-manager": "home-manager_2",
"landrun-nix": "landrun-nix",
"nix-ai-tools": "nix-ai-tools",
"nix-darwin": "nix-darwin",
"nix-doom-emacs-unstraightened": "nix-doom-emacs-unstraightened",
@ -899,7 +899,6 @@
"nixvim": "nixvim",
"nuenv": "nuenv",
"try": "try",
"vertex": "vertex",
"vira": "vira"
}
},
@ -1102,28 +1101,6 @@
"type": "github"
}
},
"vertex": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1760020520,
"narHash": "sha256-QYovp6BzpxoZsbGMevHiqFfeJdje6kkByJkaLAF/qBU=",
"owner": "srid",
"repo": "vertex",
"rev": "5ce4fd6fe741e00bccb79aece556228b4368c42d",
"type": "github"
},
"original": {
"owner": "srid",
"ref": "allow-claude-code-override",
"repo": "vertex",
"type": "github"
}
},
"vira": {
"inputs": {
"co-log-effectful": "co-log-effectful",
@ -1136,7 +1113,7 @@
"htmx": "htmx",
"htmx-extensions": "htmx-extensions",
"nixos-unified": "nixos-unified_2",
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_6",
"process-compose-flake": "process-compose-flake",
"record-hasfield": "record-hasfield",
"servant-event-stream": "servant-event-stream",

6
flake.nix
View file

@ -26,16 +26,12 @@
nixos-vscode-server.url = "github:nix-community/nixos-vscode-server";
nix-index-database.url = "github:nix-community/nix-index-database";
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
vertex.url = "github:srid/vertex/allow-claude-code-override";
vertex.inputs = {
# nixpkgs.follows = "nixpkgs";
flake-parts.follows = "flake-parts";
};
try.url = "github:tobi/try";
vira.url = "github:juspay/vira/auto-refresh";
nix-serve-cloudflared.url = "github:srid/nix-serve-cloudflared";
nix-ai-tools.url = "github:numtide/nix-ai-tools";
nix-ai-tools.inputs.nixpkgs.follows = "nixpkgs";
landrun-nix.url = "github:srid/landrun-nix";
# Neovim
nixvim.url = "github:nix-community/nixvim";

28
modules/flake-parts/claude-sandboxed.nix Normal file
View file

@ -0,0 +1,28 @@
{ inputs, ... }:
{
imports = [ inputs.landrun-nix.flakeModule ];
perSystem = { pkgs, ... }: {
landrunApps.claude = {
program = "${pkgs.claude-code}/bin/claude";
features = {
tty = true;
nix = true;
network = true;
};
cli = {
rw = [
"$HOME/.claude"
"$HOME/.claude.json"
"$HOME/.config/gcloud"
];
rwx = [ "." ];
env = [
"HOME" # Needed for gcloud and claude to resolve ~/ paths for config/state files
"CLAUDE_CODE_USE_VERTEX"
"ANTHROPIC_MODEL"
];
};
};
};
}

17
modules/home/all/juspay-vertex.nix
View file

@ -1,8 +1,23 @@
{
# For Zed's Claude Code to work with Anthropic Vertex
# Mirroring configuration from https://github.com/juspay/vertex
home.sessionVariables = {
# Enable Vertex AI integration
CLAUDE_CODE_USE_VERTEX = "1";
CLOUD_ML_REGION = "us-east5";
ANTHROPIC_VERTEX_PROJECT_ID = "dev-ai-gamma";
# Optional: Disable prompt caching if needed
DISABLE_PROMPT_CACHING = "1";
# Optional: Override regions for specific models
VERTEX_REGION_CLAUDE_3_5_HAIKU = "us-central1";
VERTEX_REGION_CLAUDE_3_5_SONNET = "us-east5";
VERTEX_REGION_CLAUDE_3_7_SONNET = "us-east5";
VERTEX_REGION_CLAUDE_4_0_OPUS = "europe-west4";
VERTEX_REGION_CLAUDE_4_0_SONNET = "us-east5";
# Model configuration
ANTHROPIC_MODEL = "claude-sonnet-4-5";
ANTHROPIC_SMALL_FAST_MODEL = "claude-3-5-haiku";
};
}

17
modules/home/claude-code/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, ... }:
{ flake, pkgs, lib, ... }:
let
subagentsDir = ./subagents;
agents = lib.mapAttrs'
@ -21,19 +21,17 @@ in
{
home.packages = [
pkgs.nodejs
flake.inputs.self.packages.${pkgs.system}.claude # Sandboxed version from claude-sandboxed.nix
];
programs.claude-code = {
enable = true;
# Wrapped Claude Code with Google Vertex AI auth
# See https://github.com/juspay/vertex
package = pkgs.vertex-claude;
package = null; # See above
# Basic settings for Claude Code
settings = {
theme = "dark";
permissions = {
# defaultMode = "plan";
defaultMode = "bypassPermissions";
};
# Disable Claude from adding itself as co-author to commits
includeCoAuthoredBy = false;
@ -46,7 +44,9 @@ in
agents = agents;
# MCP servers configuration
mcpServers = {
# Disabled, because package is null
/*
mcpServers = {
"nixos-mcp" = {
command = "uvx";
args = [ "mcp-nixos" ];
@ -55,6 +55,7 @@ in
command = "npx";
args = [ "chrome-devtools-mcp@latest" ];
};
};
};
*/
};
}

3
overlays/default.nix
View file

@ -38,7 +38,4 @@ packageOverlays // {
# Use claude-code from nix-ai-tools instead of nixpkgs
claude-code = inputs.nix-ai-tools.packages.${self.system}.claude-code;
# Vertex wrapper for Claude Code (will use our overlayed claude-code above)
vertex-claude = (inputs.vertex.overlays.default self super).vertex-claude;
}