refactor: comprehensive repository cleanup (Phases 1-7) #35
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…e 1) CRITICAL FIXES: - Fix Cortex IP address (was 192.168.1.10, correct is 192.168.1.7) - Remove hardcoded password from cortex/variables.nix (security issue) - Delete duplicate network-config.nix (conflicted with fleet-config.nix) NETWORK CONSOLIDATION: - Migrate Cortex from network-config.nix to fleet-config.nix - Migrate Axon to use fleet-config.nix (was hardcoded) - Add missing Axon host definition to fleet-config.nix - Update lib/network.nix to reference fleet-config.nix - Fix Axon timezone to use fleet-config (was hardcoded) DOCUMENTATION: - Add CLEANUP-PRD.md with complete cleanup plan (20 issues, 6 phases) - Add CLEANUP-CHECKLIST.md for quick reference TESTING: - All systems evaluate correctly - Orion, Nexus, Axon build successfully - Cortex evaluates correctly (build slow due to Ollama) This resolves the top 3 critical issues from the repository audit: 1. Duplicate network configs with conflicting IPs 2. Hardcoded password exposure 3. Single source of truth for network configuration Related: Phase 1 of cleanup plan in docs/planning/CLEANUP-PRD.md
- Delete 5 duplicate documentation files from docs/ root (1,538 lines removed): - docs/SECURITY.md (duplicate of docs/security/SECURITY.md) - docs/SECURITY-ROADMAP.md (duplicate of docs/security/SECURITY-ROADMAP.md) - docs/SECURITY-SCANNING.md (duplicate of docs/security/SECURITY-SCANNING.md) - docs/CORTEX-SECURITY.md (duplicate of docs/security/CORTEX-SECURITY.md) - docs/TODO-CHECKLIST.md (duplicate of docs/planning/TODO-CHECKLIST.md) - Update all references to use canonical paths: - README.md: Update security doc link - DOCS.md: Update security and planning doc links, add directory structure - ISSUES.md: Update references to TODO-CHECKLIST and SECURITY-SCANNING - Keep TODO-HTTPS-MIGRATION.md separate (project-specific task) All security docs now in docs/security/, all planning docs in docs/planning/.
…aced files (Phase 3) - Delete temporary files from root: - sqlite3 (empty file) - build.log (2.1K) - nohup.out (392 bytes) - flake.nix.bak (8.9K backup) - Relocate misplaced files to proper locations: - test-focalboard-home.nix → tests/ (new directory) - claude-god-mode.txt → prompts/ (new directory) - monitors.json → systems/orion/ (Orion-specific config) - Update all references: - scripts/desktop/monitor-setup.sh: Update monitors.json path - systems/orion/scripts/monitors.sh: Keep relative path - README.md: Document new monitors.json location Root directory is now cleaner with only essential configuration files.
Configuration Standardization: - Add NAS infrastructure config to fleet-config.nix: - Centralized NAS IP, hostname, and share paths - Single source of truth for network infrastructure - Update Nexus NAS mounts to use fleet-config: - Replace hardcoded IPs (192.168.1.136) with fleet-config references - NFS mount paths now use centralized configuration - Easier to update NAS IP in one location - Remove hardcoded IPs from system configs: - Orion: Use fleet-config for cortex.home extraHosts - Axon: Use fleet-config for cortex.home and synology extraHosts - All host IPs now managed centrally in fleet-config - Remove duplicate nix settings: - Delete redundant trusted-users config from Orion - Already defined in modules/system/base/default.nix Benefits: - DRY principle: Define infrastructure once, use everywhere - Easier updates: Change NAS IP in one place - Type-safe: Nix ensures consistency across systems - Better maintainability: Clear separation of concerns
Module Organization and Cleanup:
- Delete unused modules (80 lines removed):
- modules/system/kanboard.nix (12 lines)
* Kanboard service was never enabled or used
- modules/system/system/secrets-password-sync.nix (47 lines)
* Password sync module was never enabled or used
- modules/system/locale.nix (21 lines)
* Replaced by integrated locale in base module
- Integrate locale configuration into base module:
- Add i18n settings to modules/system/base/default.nix
- Use fleet-config.global.locale for consistency
- All systems now get locale from single source of truth
- Eliminates redundant standalone locale module
- Remove empty directory:
- Delete modules/system/system/ directory
- Was left empty after removing secrets-password-sync
- Cleaner module structure without redundant nesting
Benefits:
- Reduced module count: 3 fewer modules
- Better organization: locale with other base settings
- Consistency: locale comes from fleet-config like timezone
- Less maintenance: fewer unused modules to track
- Cleaner structure: no empty directories
Script Cleanup: - Delete entire scripts/kanboard/ directory (597 lines removed): - kanboard-api.sh (59 lines) - Bash implementation - kanboard-api.mjs (105 lines) - Node.js implementation - kanboard-api.ts (98 lines) - Deno/TypeScript implementation - kb-create-project.mjs (120 lines) - Project creation helper - kb-create-task.mjs (146 lines) - Task creation helper - README.md (69 lines) - Documentation Rationale: - Kanboard module was removed in Phase 5 - Kanboard service is not used anywhere in the configuration - These scripts were orphaned with no references in any system configs - All three API implementations were redundant anyway Script Audit Results: - ✅ No hardcoded /home/syg paths found - ✅ Scripts use relative paths correctly (SCRIPT_DIR, REPO_ROOT) - ✅ Remaining root scripts are appropriately placed (templates, utilities) - ✅ All scripts in subdirectories are well-organized by category Benefits: - 597 fewer lines to maintain - Cleaner scripts/ directory - No orphaned code - Removed redundant implementations
…ase 7) - Refactor deploy.nix to import fleet-config for IP addresses - Fix Axon IP (was 192.168.1.11, now uses fleet-config: 192.168.1.25) - Use fleet-config for Nexus SSH user instead of hardcoded value - Delete stale files: backup, archived scripts, notes - Add git history analysis and Phase 7 analysis docs Removed: - systems/nexus/default.nix.bak - scripts/deployment/archive/ (check-system.sh.archived, fleet.sh.archived) Note: VM images (orion.qcow2, nexus.qcow2 - 1.4GB) deleted from working directory but were not tracked in git.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR implements a comprehensive 7-phase repository cleanup, removing over 2,500 lines of duplicate/unused code and reorganizing the repository structure. The changes centralize configuration around fleet-config.nix, remove duplicate documentation, delete unused modules and scripts, and fix critical issues like hardcoded passwords and incorrect IP addresses.
Changes:
- Centralized network configuration to
fleet-config.nixwith NAS infrastructure config - Removed ~1,538 lines of duplicate documentation and consolidated to
docs/security/anddocs/planning/ - Deleted unused modules (kanboard, secrets-password-sync, locale) and 597 lines of Kanboard scripts
- Fixed critical issues: removed hardcoded password, corrected Axon IP address, eliminated duplicate configurations
Reviewed changes
Copilot reviewed 38 out of 43 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| tests/test-focalboard-home.nix | New test file with hardcoded path issue |
| systems/orion/monitors.json | Relocated monitor config from root (correct relocation) |
| systems/orion/default.nix | Uses fleet-config for cortex IP, removed duplicate nix settings |
| systems/nexus/default.nix.bak | Deleted backup file (appropriate cleanup) |
| systems/nexus/default.nix | Uses fleet-config for NAS mounts (good centralization) |
| systems/cortex/variables.nix | Removed hardcoded password (critical security fix) |
| systems/axon/* | Added fleet-config usage, fixed timezone/IPs |
| fleet-config.nix | Added NAS infrastructure and Axon host config |
| flake-modules/deploy.nix | Uses fleet-config IPs, fixed Axon IP to 192.168.1.25 |
| network-config.nix | Deleted duplicate config file (correct consolidation) |
| modules/system/base/default.nix | Integrated locale config from deleted module |
| lib/network.nix | Updated references to fleet-config.nix |
| scripts/kanboard/* | Deleted all Kanboard scripts (597 lines removed) |
| docs/planning/* | Added comprehensive cleanup analysis docs |
| docs/SECURITY*.md | Deleted duplicates, kept docs/security/ versions |
| docs/TODO-CHECKLIST.md | Deleted old checklist (1,538 lines) |
| prompts/claude-god-mode.txt | New AI prompt file (appropriate location) |
| build.log, sqlite3 | Deleted temp files (correct cleanup) |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Niri (scrollable tiling compositor) - Noctalia Shell (needs verification) - QuickShell (QtQuick-based shell toolkit) - Mangowc (needs verification) Includes evaluation criteria, testing strategy, and next steps.
- Replace all references to network-config.nix with fleet-config.nix - Update 'Last Updated' date to 2026-01-22 - Align documentation with current codebase (all systems use fleet-config)
Deleted 5 completed planning docs (~2,580 lines): - CLEANUP-CHECKLIST.md - All phases complete - CLEANUP-PRD.md - All goals achieved - CLEANUP-PHASE7-ANALYSIS.md - Completed and committed - IMPLEMENTATION-GUIDE.md - Outdated (pre-dendritic) - ROADMAP.md - Outdated visual roadmap These documents served their purpose and are now superseded by: - Git history (phases 1-7 committed) - DENDRITIC-MIGRATION.md (current architecture) - GIT-HISTORY-ANALYSIS.md (comprehensive repo analysis)
Currently using deploy-rs directly, but should be using nixos-fleet (~/Projects/open-source/nixos-fleet) which wraps Colmena. Migration plan includes: - Adding nixos-fleet as flake input - Two migration options (full vs gradual) - Testing strategy starting with Axon - Benefits: unified CLI, parallel deploys, tag-based targeting - Rollback plan if issues occur
Analyzed ~/Projects/open-source/nixos-fleet project status: - ✅ v1.0.0 released, production ready - ✅ All core features implemented (push, install, secrets, etc.) - ✅ Flake checks pass, CLI works - 22 commits, last updated Dec 1, 2025 Recommendation: Migrate now - no blockers - nixos-fleet wraps Colmena with better UX - 50-70% fewer keystrokes vs current deploy-rs setup - Start with low-risk: add as flake input, test on Axon
- Delete FLEET-SECRETS-INTEGRATION.md (documented non-existent commands) - Update FLEET-FUTURE.md with nixos-fleet reference - Keep as reference for Colmena concepts Total cleanup: 234 lines deleted
Add nixos-fleet (local dev path) to manage fleet deployment with Colmena. Changes: - Add nixos-fleet input (path to ~/Projects/open-source/nixos-fleet) - Add fleet CLI to devShell packages - Update flake.lock with nixos-fleet and its dependencies Testing: - ✅ nix build .#nixosConfigurations.orion still works - ✅ fleet CLI accessible via nix run - ✅ Version: 0.0.1 Next: Phase 2 - Migrate deploy-rs to Colmena configuration
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 44 out of 50 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -25,6 +25,9 @@ | |||
| opencode.url = "github:anomalyco/opencode"; | |||
| devenv-bootstrap.url = "path:/home/syg/.config/nixos/archive/devenv-bootstrap"; | |||
There was a problem hiding this comment.
The file devenv-bootstrap is referenced with a path input in flake.nix, but this appears to be an archived path (archive/devenv-bootstrap). This creates an inconsistency:
- The path is in an
archive/directory suggesting it's deprecated - But it's still being used as an active flake input
Consider either removing this input entirely if it's archived, or moving it out of the archive directory if it's still needed.
Suggested change
| devenv-bootstrap.url = "path:/home/syg/.config/nixos/archive/devenv-bootstrap"; |
| import-tree.url = "github:vic/import-tree"; | ||
|
|
||
| # Fleet management with Colmena | ||
| nixos-fleet.url = "path:/home/syg/Projects/open-source/nixos-fleet"; |
There was a problem hiding this comment.
The flake.nix adds a new local path input for nixos-fleet which introduces a dependency on a specific directory structure (/home/syg/Projects/open-source/nixos-fleet). This creates a hardcoded absolute path that:
- Won't work for other developers or in CI/CD
- Breaks reproducibility
Consider using a relative path, environment variable, or documenting this as a development-only configuration that should be changed for production use.
Suggested change
| nixos-fleet.url = "path:/home/syg/Projects/open-source/nixos-fleet"; | |
| nixos-fleet.url = "path:./nixos-fleet"; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Comprehensive repository cleanup spanning 7 phases, removing ~2,500+ lines of duplicate/unused code and 1.4GB of VM images.
Changes by Phase
Phase 1: Network Configuration
Phase 2: Documentation Cleanup
docs/security/anddocs/planning/Phase 3: Temp File Cleanup
tests/andprompts/dirsPhase 4: Fleet Config Centralization
Phase 5: Unused Module Removal
Phase 6: Kanboard Scripts
scripts/kanboard/directory (597 lines)Phase 7: Final Cleanup
deploy.nixto usefleet-configfor IPs192.168.1.11, now correct192.168.1.25)Files Removed
systems/nexus/default.nix.bakscripts/deployment/archive/*scripts/kanboard/*PRDs/,tools/notes.txt,config/notes.txtFiles Added
docs/planning/GIT-HISTORY-ANALYSIS.md- Comprehensive 14-month repo analysisdocs/planning/CLEANUP-PHASE7-ANALYSIS.md- Phase 7 findingsTesting
nix flake check --no-buildpasses