From 97e3a87d123cf7aba74d2b042d3455745114484d Mon Sep 17 00:00:00 2001
From: Trolli Schmittlauch <t.schmittlauch@orlives.de>
Date: Fri, 29 Aug 2025 10:16:09 +0200
Subject: [PATCH 1/3] home/captive-browser: update chrome args to replace
 deprecated args

taken from https://github.com/FiloSottile/captive-browser/pull/32
---
 home/modules/captive-browser.nix | 16 ++++++++++++++--
 home/modules/llm.nix             | 13 +++++++++++++
 2 files changed, 27 insertions(+), 2 deletions(-)
 create mode 100644 home/modules/llm.nix

diff --git a/home/modules/captive-browser.nix b/home/modules/captive-browser.nix
index f3c8453..501cdfb 100644
--- a/home/modules/captive-browser.nix
+++ b/home/modules/captive-browser.nix
@@ -36,8 +36,20 @@ in
               ${cfg.browserCommand} \
               --user-data-dir="$HOME/Library/Application Support/Google/Captive" \
               --proxy-server="socks5://$PROXY" \
-              --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost" \
-              --no-first-run --new-window --incognito \
+              --proxy-bypass-list="<-loopback>" \
+              --no-first-run \
+              --new-window \
+              --incognito \
+              --no-default-browser-check \
+              --no-crash-upload \
+              --disable-extensions \
+              --disable-sync \
+              --disable-background-networking \
+              --disable-client-side-phishing-detection \
+              --disable-component-update \
+              --disable-translate \
+              --disable-web-resources \
+              --safebrowsing-disable-auto-update \
               http://example.com
             '';
           };
diff --git a/home/modules/llm.nix b/home/modules/llm.nix
new file mode 100644
index 0000000..9a33d8e
--- /dev/null
+++ b/home/modules/llm.nix
@@ -0,0 +1,13 @@
+{
+  pkgs,
+  lib,
+  inputs,
+  config,
+  system,
+  ...
+}:
+  let myAider = pkgs.aider-chat.withOptional {withPlaywright = true; withBrowser = true; withHelp = true; withBedrock = false;};
+  in
+  {
+    home.packages = [ myAider ];
+  }

From fd190dbdcd880885e17bba789065e909e07f49a0 Mon Sep 17 00:00:00 2001
From: Trolli Schmittlauch <t.schmittlauch@orlives.de>
Date: Fri, 29 Aug 2025 10:17:36 +0200
Subject: [PATCH 2/3] darwin: enable relaxed Nix sandbox

---
 darwin/configuration.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/darwin/configuration.nix b/darwin/configuration.nix
index 307836f..0e0a10a 100644
--- a/darwin/configuration.nix
+++ b/darwin/configuration.nix
@@ -17,6 +17,7 @@
         "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
         "flyingcircus.io-1:Rr9CwiPv8cdVf3EQu633IOTb6iJKnWbVfCC8x8gVz2o="
       ];
+      sandbox = "relaxed";
     };
   };
 

From b1444e8967545f0cad3575d4854c41e25130222c Mon Sep 17 00:00:00 2001
From: Trolli Schmittlauch <t.schmittlauch@orlives.de>
Date: Fri, 29 Aug 2025 10:17:57 +0200
Subject: [PATCH 3/3] workmac: start using some llm coding agents

---
 home/modules/llm.nix | 28 +++++++++++++++++++++++-----
 home/workmac.nix     |  8 +++++++-
 2 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/home/modules/llm.nix b/home/modules/llm.nix
index 9a33d8e..80466d4 100644
--- a/home/modules/llm.nix
+++ b/home/modules/llm.nix
@@ -6,8 +6,26 @@
   system,
   ...
 }:
-  let myAider = pkgs.aider-chat.withOptional {withPlaywright = true; withBrowser = true; withHelp = true; withBedrock = false;};
-  in
-  {
-    home.packages = [ myAider ];
-  }
+let
+  myAider = pkgs.aider-chat;
+  # FIXME: darwin build failure due to cfn-lint-1.32.1
+  # myAider = pkgs.aider-chat.withOptional {
+  #   withPlaywright = true;
+  #   withBrowser = true;
+  #   withHelp = true;
+  #   withBedrock = false;
+  # };
+in
+{
+  home.packages = [
+    myAider
+    pkgs.claude-code
+  ];
+  #nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "claude-code" ];  # nixpkgs.config merging is unfortunately broken
+  # TODO: API token e.g. via sops
+  # TODO: proper codium and llm enable options
+  home.sessionVariables = {
+    AIDER_EDITOR = "codium --wait";
+    DISABLE_TELEMETRY = 1; # for claude-code
+  };
+}
diff --git a/home/workmac.nix b/home/workmac.nix
index 0e9c722..64c3fc3 100644
--- a/home/workmac.nix
+++ b/home/workmac.nix
@@ -12,6 +12,7 @@ let
   unstable = inputs.nixos-unstable.legacyPackages.${system};
 in
 {
+  imports = [ ./modules/llm.nix ];
 
   schmittlauch.packages = {
     graphics = true;
@@ -129,7 +130,12 @@ in
       ThrottleInterval = 60;
     };
   };
-  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "1password-cli" ];
+  nixpkgs.config.allowUnfreePredicate =
+    pkg:
+    builtins.elem (lib.getName pkg) [
+      "1password-cli"
+      "claude-code"
+    ]; # nixpkgs.config merging is unfortunately broken
 
   home.stateVersion = "22.05";
 }