Skill

configuration-patterns

Enforce Nix + Pixi + direnv + Home-manager configuration patterns

Install

npx claudepluginhub flexnetos/ripple-env

Tool Access

This skill uses the workspace's default tool permissions.

Preview

> **Hard Guardrails** for configuration management in this repository.

SKILL.md

Similar Skills

skill-lookup

Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.

prompts.chat

159.9k

prompt-lookup

Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.

prompts.chat

159.9k

next-compile

1 file

Checks Next.js compilation errors using a running Turbopack dev server after code edits. Fixes actionable issues before reporting complete. Replaces `next build`.

vercel-next-js-2

139.2k

Stats

Stars0

Forks0

Last CommitJan 10, 2026

Actions

View Source View Plugin View on GitHub View README

Configuration Patterns Skill

Hard Guardrails for configuration management in this repository. Reference: docs/adr/adr-003-version-management.md

Architecture Overview

┌──────────────────────────────────────────────────────────────────┐
│                      USER ENVIRONMENT                             │
├──────────────────────────────────────────────────────────────────┤
│  direnv (.envrc)                                                  │
│    └── `use flake` → Automatic environment activation             │
├──────────────────────────────────────────────────────────────────┤
│  Nix Flake (flake.nix)                    Pixi (pixi.toml)       │
│  ├── System packages (git, helix)         ├── ROS2 Humble         │
│  ├── Development tools (cargo, gcc)       ├── Python packages     │
│  ├── LSP servers (pyright, nil)           ├── Node.js             │
│  └── Home-manager modules                 └── Conda ecosystem     │
├──────────────────────────────────────────────────────────────────┤
│  Home-manager Modules (modules/)                                  │
│  ├── common/    Cross-platform (shells, editor, direnv)          │
│  ├── linux/     Linux-specific (systemd, docker, udev)           │
│  └── macos/     macOS-specific (homebrew, system.nix)            │
├──────────────────────────────────────────────────────────────────┤
│  DevPod (.devcontainer/devcontainer.json)                        │
│    └── Remote development with Nix + volume caching              │
└──────────────────────────────────────────────────────────────────┘

Hard Guardrails

MUST USE

Tool	File	Purpose
Nix flakes	`flake.nix`	System packages, dev shells
Pixi	`pixi.toml`	ROS2, Python, conda packages
direnv	`.envrc`	Auto-activate `use flake`
Home-manager	`modules/`	User configuration
Lock files	`*.lock`	Reproducibility

MUST NOT USE

Tool	File	Violation
mise/rtx	`.mise.toml`, `.tool-versions`	Redundant with Nix + Pixi
asdf	`.asdfrc`	Superseded by mise, which is superseded by Nix
0install	`*.0install.xml`	Conflicts with Nix store
pyenv	`.python-version`	Use pixi.toml Python version
nvm	`.nvmrc`	Use pixi.toml or flake.nix Node.js
Symlinks	`*` (type=symlink)	Causes Git/Windows/tooling issues

Symlink Warning

Nix and Home-manager use symlinks by design:

~/.config/* → /nix/store/...-home-manager-files/...
~/.nix-profile → /nix/var/nix/profiles/...

If symlinks are unacceptable:

For project configs: Use actual files, not symlinks
For user dotfiles: Consider chezmoi instead of Home-manager
For Nix itself: No alternative - Nix fundamentally uses symlinks

Responsibility Matrix

Category	Primary Tool	File Location
System CLI tools	Nix	`flake.nix`
Development shells	Nix devshell	`flake.nix`
ROS2 packages	Pixi + RoboStack	`pixi.toml`
Python packages	Pixi + conda-forge	`pixi.toml`
Node.js runtime	Pixi or Nix	`pixi.toml` or `flake.nix`
Rust toolchain	Nix	`flake.nix`
Shell configuration	Home-manager	`modules/common/shell/`
Editor configuration	Home-manager	`modules/common/editor/`
Docker images	DevContainer	`.devcontainer/`

Validation Commands

# Validate configuration policies
conftest test . --policy .claude/policies/configuration.rego

# Check for forbidden files
ls .tool-versions .mise.toml .asdfrc 2>/dev/null && echo "VIOLATION!" || echo "OK"

# Verify direnv integration
grep -q "use flake" .envrc && echo "OK" || echo "VIOLATION: .envrc missing 'use flake'"

# Verify lock files exist
[[ -f flake.lock && -f pixi.lock ]] && echo "OK" || echo "VIOLATION: Missing lock files"

# Verify Home-manager module structure
find modules/ -name "*.nix" -exec grep -L "lib\|mkDefault\|mkOption" {} \;

When to Consider Alternatives

chezmoi (Dotfile Management)

Consider When:

Users need portable dotfiles across non-Nix systems
Template-heavy per-user configuration is needed
1Password/pass secret integration required

Do NOT Use For:

Project configuration (use flake.nix)
Development shells (use devshell)
Package management (use Nix/Pixi)

mise (Runtime Version Manager)

Consider When:

Non-Nix users need quick onboarding
Runtime version switching during active development
CI environments without Nix available

Do NOT Use For:

ROS2 packages (no RoboStack equivalent)
Reproducible builds (less rigorous than Nix)
Primary development workflow

Decision Tree

Need to manage configuration?
├── Project-level packages → Nix (flake.nix) or Pixi (pixi.toml)
├── Project-level shells → Nix devshell
├── User-level dotfiles?
│   ├── Nix system available → Home-manager
│   └── Portable/non-Nix → chezmoi
├── Runtime version switching?
│   ├── Reproducibility critical → Nix + pixi environments
│   └── Quick switching needed → mise (fallback only)
└── Remote development → DevPod with .devcontainer/

Module Patterns

Home-manager Module Template

# modules/common/example.nix
{ config, lib, pkgs, ... }:
let
  inherit (lib) mkDefault mkOption types;
in
{
  options.example = {
    enable = mkOption {
      type = types.bool;
      default = true;
      description = "Enable example configuration";
    };
  };

  config = lib.mkIf config.example.enable {
    # Configuration here
  };
}

direnv stdlib Extensions

# In modules/common/direnv.nix → programs.direnv.stdlib

# Enhanced use_flake with pixi integration
use_flake_pixi() {
  use flake
  if [[ -f pixi.toml ]]; then
    eval "$(pixi shell-hook)"
  fi
}

# ROS2 workspace layout
layout_ros2() {
  export ROS_DOMAIN_ID=${ROS_DOMAIN_ID:-0}
  if [[ -f install/local_setup.bash ]]; then
    source install/local_setup.bash
  fi
}

DevContainer Requirements

{
  "name": "project-name",
  "features": {
    "ghcr.io/devcontainers/features/nix:1": {
      "extraNixConfig": "experimental-features = nix-command flakes"
    }
  },
  "mounts": [
    "source=nix-store,target=/nix,type=volume"
  ],
  "postCreateCommand": "direnv allow && nix develop"
}

Enforcement Integration

Pre-commit Hook

# .pre-commit-config.yaml
repos:
  - repo: local
    hooks:
      - id: config-policy-check
        name: Configuration Policy Check
        entry: conftest test --policy .claude/policies/configuration.rego
        language: system
        files: '(flake\.nix|pixi\.toml|\.envrc|modules/.*\.nix)$'

CI Workflow

# .github/workflows/config-check.yml
name: Configuration Policy Check

on:
  push:
    paths:
      - 'flake.nix'
      - 'pixi.toml'
      - '.envrc'
      - 'modules/**'
      - '.devcontainer/**'

jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Check forbidden files
        run: |
          ! ls .tool-versions .mise.toml .asdfrc 2>/dev/null
      - name: Validate with conftest
        run: |
          conftest test . --policy .claude/policies/configuration.rego

Routing Command

@config - Route to Configuration Patterns validation

References

ADR-003: docs/adr/adr-003-version-management.md
Tooling Analysis: docs/TOOLING-ANALYSIS.md
OPA Policies: .claude/policies/configuration.rego
direnv config: modules/common/direnv.nix