Commit d8cec16ce937

@@ -0,0 +1,97 @@
+# Personal AI Infrastructure Constitution
+
+## Core Philosophy
+
+**Central Insight**: Deterministic, structured systems are more reliable than ad-hoc, probabilistic interactions.
+
+**Primary Goal**: Create AI scaffolding that enhances personal productivity while maintaining control and predictability.
+
+## Architectural Principles
+
+### 1. CLI-First Approach
+Build deterministic CLI tools before AI wrappers. Tools should work independently of AI and be testable.
+
+### 2. Progressive Disclosure
+Load context in three tiers:
+- **Tier 1**: Essential, always-loaded information
+- **Tier 2**: Contextual information based on task
+- **Tier 3**: Detailed reference loaded on demand
+
+### 3. Code Before Prompts
+Prefer code-based solutions over pure prompt engineering. Code is:
+- Testable
+- Deterministic
+- Versioned
+- Shareable
+
+### 4. Four Core Primitives
+
+**Skills**: Self-contained capabilities with documentation and context
+**Commands**: Executable slash commands for common workflows
+**Agents**: Specialized AI personalities for specific tasks
+**MCPs**: Model Context Protocol servers for external integrations
+
+## System Philosophy
+
+### Scaffolding > Model
+The infrastructure matters more than any single AI model. Focus on building systems that will outlast individual model iterations.
+
+### As Deterministic as Possible
+Whenever possible, prefer:
+- Structured outputs over free-form
+- Validated inputs over assumptions
+- Tested code over experimental prompts
+- Clear workflows over improvisation
+
+### Modularity and Composability
+Build small, focused components that can be combined. Follow the UNIX philosophy: do one thing well.
+
+## Operational Guidelines
+
+### History and Documentation
+- Automatically capture context and decisions
+- Maintain comprehensive logs
+- Document workflows and patterns
+- Learn from past interactions
+
+### Quality Control
+- Test changes before deployment
+- Validate outputs systematically
+- Monitor performance and accuracy
+- Iterate based on real usage
+
+### Safety and Security
+- Never deploy to production without confirmation
+- Always ask before destructive operations
+- Protect sensitive information
+- Maintain rollback capabilities
+
+## Personal Values in AI Interaction
+
+### Honesty and Accuracy
+- Prioritize truth over validation
+- Admit uncertainty when appropriate
+- Correct mistakes immediately
+- Challenge assumptions when needed
+
+### Efficiency and Focus
+- Minimize unnecessary output
+- Get to the point quickly
+- Avoid redundant explanations
+- Respect user's time
+
+### Professional Objectivity
+- Focus on facts and problem-solving
+- Avoid excessive praise or validation
+- Provide direct, actionable feedback
+- Maintain technical accuracy
+
+## Evolution
+
+This constitution is a living document. It should evolve based on:
+- Real-world usage patterns
+- New capabilities and tools
+- Lessons learned from failures
+- Changing needs and priorities
+
+The goal is continuous improvement of the personal AI infrastructure while maintaining core principles of reliability, control, and effectiveness.

@@ -0,0 +1,454 @@
+# History System
+
+## Overview
+
+The History System captures all significant work and learnings for future reference, analysis, and continuous improvement. It integrates with the denote note-taking system to provide both structured automation and manual curation.
+
+Adapted from the [Personal AI Infrastructure Universal Output Capture System](https://github.com/danielmiessler/Personal_AI_Infrastructure/blob/main/.claude/skills/CORE/history-system.md).
+
+## File Formats
+
+History entries use **Markdown** (`.md`) format:
+- Simple, universal format
+- Git-friendly diffs
+- Easy to read in any editor
+- Standard markdown links: `[text](path)`
+
+Denote notes use **Org-mode** (`.org`) format:
+- Rich structure and features
+- Emacs integration
+- Org-mode links: `[[file:path][text]]`
+
+**Why both?** Different tools for different purposes:
+- History: Chronological logs, simple markdown
+- Notes: Topic-based knowledge, org-mode features (TODO, tags, etc.)
+- Both are plain text and searchable with grep/rg
+
+## Core Principles
+
+1. **Capture Everything**: Document all valuable work automatically and manually
+2. **Zero Friction**: Make capturing history as easy as possible
+3. **Searchable**: All history is text-based and grep-friendly
+4. **Interconnected**: Link history entries with denote notes
+5. **Categorized**: Organize by type for easy discovery
+
+## Directory Structure
+
+### History Directory
+```
+~/.claude/history/
+├── sessions/                 # Work session summaries
+│   └── YYYY-MM/
+│       └── YYYY-MM-DD-HHMMSS_SESSION_description.md
+│
+├── learnings/                # Problem-solving insights
+│   └── YYYY-MM/
+│       └── YYYY-MM-DD-HHMMSS_LEARNING_description.md
+│
+├── research/                 # Deep investigations
+│   └── YYYY-MM-DD_topic/
+│       ├── analysis.md
+│       ├── findings.md
+│       └── sources.md
+│
+├── execution/                # Command outputs
+│   └── YYYY-MM/
+│       └── YYYY-MM-DD-HHMMSS_command-name.txt
+│
+└── decisions/                # Architecture decisions
+    └── YYYY-MM/
+        └── YYYY-MM-DD-HHMMSS_DECISION_description.md
+```
+
+### Notes Directory
+```
+~/desktop/org/notes/
+├── YYYYMMDDTHHMMSS--title__tags.org     # Regular notes
+└── YYYYMMDDTHHMMSS--title__history_*.org # History-linked notes
+```
+
+## Integration Strategy
+
+### History Tag System
+
+All history-related notes in the denote system use the `:history:` tag, plus category-specific tags:
+
+- `:history:session:` - Session summaries
+- `:history:learning:` - Learnings and insights
+- `:history:research:` - Research findings
+- `:history:decision:` - Architecture decisions
+- `:history:execution:` - Command execution logs
+
+### Bidirectional Links
+
+**From History to Notes**:
+History entries in `~/.claude/history/` can reference notes (using markdown links):
+```markdown
+## Related Notes
+- [PAI Implementation](~/desktop/org/notes/20251203T151822--personal-ai-infrastructure__ai_claude.org)
+```
+
+**From Notes to History**:
+Notes can reference history entries:
+```org
+* Related History
+- [[file:~/.claude/history/sessions/2025-12/2025-12-03-151822_SESSION_claude-skills-implementation.md][Implementation Session]]
+```
+
+## Capture Workflows
+
+### Automatic Capture (Future with Hooks)
+
+Hooks will automatically capture:
+- Session start/end events → `sessions/`
+- Command executions → `execution/`
+- Tool usage patterns
+
+### Manual Capture (Current)
+
+Create history entries for:
+- **Sessions**: Significant work sessions
+- **Learnings**: Problem-solving insights
+- **Research**: Deep technical investigations
+- **Decisions**: Architecture and design decisions
+
+### Hybrid Approach (Recommended)
+
+1. **During work**: Focus on the task
+2. **After completion**: Create a history entry
+3. **Optionally**: Create a denote note for important topics
+4. **Link them**: Connect history and notes bidirectionally
+
+## File Formats
+
+### Session Entry
+```markdown
+# Session: <Description>
+
+**Date**: YYYY-MM-DD HH:MM
+**Duration**: X hours
+**Context**: What prompted this work session
+
+## What Was Accomplished
+- Task 1
+- Task 2
+- Task 3
+
+## Decisions Made
+- Decision 1: Rationale
+- Decision 2: Rationale
+
+## Next Steps
+- [ ] Follow-up task 1
+- [ ] Follow-up task 2
+
+## Related Notes
+- [Note Title](~/desktop/org/notes/YYYYMMDDTHHMMSS--title__tags.org)
+
+## Tags
+#session #topic1 #topic2
+```
+
+**Note**: Use standard markdown links `[text](path)` in history entries.
+
+### Learning Entry
+```markdown
+# Learning: <Description>
+
+**Date**: YYYY-MM-DD HH:MM
+**Context**: What problem was being solved
+
+## The Problem
+Clear description of the issue
+
+## Investigation
+Steps taken to understand the issue
+
+## Solution
+How it was resolved
+
+## Key Insights
+- Insight 1
+- Insight 2
+- Insight 3
+
+## Prevention
+How to avoid this in the future
+
+## Related Notes
+- [Note Title](~/desktop/org/notes/YYYYMMDDTHHMMSS--title__tags.org)
+
+## Tags
+#learning #bug #golang
+```
+
+### Research Entry
+```markdown
+# Research: <Topic>
+
+**Date**: YYYY-MM-DD HH:MM
+**Question**: What was being investigated
+
+## Methodology
+How the research was conducted
+
+## Findings
+Key discoveries and insights
+
+## Analysis
+Interpretation of findings
+
+## Conclusions
+What was learned and decided
+
+## Sources
+- Source 1
+- Source 2
+
+## Related Notes
+- [Note Title](~/desktop/org/notes/YYYYMMDDTHHMMSS--title__tags.org)
+
+## Tags
+#research #topic
+```
+
+### Decision Entry
+```markdown
+# Decision: <Description>
+
+**Date**: YYYY-MM-DD HH:MM
+**Context**: Why this decision needed to be made
+
+## Options Considered
+1. Option A: Pros/Cons
+2. Option B: Pros/Cons
+3. Option C: Pros/Cons
+
+## Decision
+Which option was chosen and why
+
+## Implications
+What this means for the system
+
+## Risks
+Potential downsides and mitigations
+
+## Related Notes
+- [Note Title](~/desktop/org/notes/YYYYMMDDTHHMMSS--title__tags.org)
+
+## Tags
+#decision #architecture
+```
+
+## Denote Note Format for History
+
+When creating a denote note for history, use the `pkai` signature to mark it as system-generated:
+
+**Filename**:
+```
+YYYYMMDDTHHMMSS==pkai--description__history_category_tags.org
+```
+
+**Content**:
+```org
+#+title:      <Title>
+#+date:       [YYYY-MM-DD Day HH:MM]
+#+filetags:   :history:category:topic1:topic2:
+#+identifier: YYYYMMDDTHHMMSS
+#+category: pkai
+
+* Context
+Brief context of what this documents
+
+* Details
+Main content...
+
+* Related History Entries
+- [[file:~/.claude/history/sessions/...][Session Entry]]
+- [[file:~/.claude/history/learnings/...][Learning Entry]]
+
+* Related Notes
+- [[file:~/desktop/org/notes/...][Other Note]]
+```
+
+**Signature**: `==pkai` stands for "Personal Knowledge Automated Infrastructure" and identifies notes created by the history system.
+
+## Workflow Examples
+
+### Example 1: Debugging Session
+
+1. **During debugging**: Work on the problem
+2. **After fixing**: Create learning entry
+   ```bash
+   # Create learning in history
+   vim ~/.claude/history/learnings/2025-12/2025-12-03-160000_LEARNING_wireguard-connection-issue.md
+   ```
+3. **Optionally**: Create denote note for reference (with pkai signature)
+   ```bash
+   # Timestamp
+   TIMESTAMP=$(date +"%Y%m%dT%H%M%S")
+
+   # Create note with pkai signature
+   vim ~/desktop/org/notes/${TIMESTAMP}==pkai--wireguard-vpn-debugging__history_learning_networking_homelab.org
+   ```
+4. **Link them**: Add cross-references in both files
+
+### Example 2: Research Task
+
+1. **Research the topic**: Gather information
+2. **Create research entry**:
+   ```bash
+   mkdir -p ~/.claude/history/research/2025-12-03_nix-flake-best-practices
+   vim ~/.claude/history/research/2025-12-03_nix-flake-best-practices/analysis.md
+   ```
+3. **Create denote note** for easy discovery (with pkai signature):
+   ```bash
+   TIMESTAMP=$(date +"%Y%m%dT%H%M%S")
+   vim ~/desktop/org/notes/${TIMESTAMP}==pkai--nix-flake-best-practices-research__history_research_nix.org
+   ```
+4. **Link research to note** in both directions
+
+### Example 3: Implementation Session
+
+1. **Work on implementation**
+2. **After completion**, create session entry:
+   ```bash
+   vim ~/.claude/history/sessions/2025-12/2025-12-03-150000_SESSION_claude-skills-implementation.md
+   ```
+3. **Update planning note** with completion status:
+   ```bash
+   vim ~/desktop/org/notes/20251203T151822--personal-ai-infrastructure__ai_claude_plan.org
+   ```
+4. **Add link from session to planning note**
+
+## Finding History
+
+### By Tag or Signature in Notes
+```bash
+# Find all history notes (by tag)
+ls ~/desktop/org/notes/*__history*.org
+
+# Find automated history notes (by pkai signature)
+ls ~/desktop/org/notes/*==pkai*.org
+
+# Find specific category
+ls ~/desktop/org/notes/*__history_learning*.org
+ls ~/desktop/org/notes/*==pkai*__history_session*.org
+```
+
+### By Category in History Directory
+```bash
+# Find all sessions
+ls ~/.claude/history/sessions/*/*_SESSION_*.md
+
+# Find all learnings
+ls ~/.claude/history/learnings/*/*_LEARNING_*.md
+
+# Find recent research
+ls -lt ~/.claude/history/research/
+```
+
+### By Content
+```bash
+# Search all history
+rg "wireguard" ~/.claude/history/
+
+# Search history notes
+rg "wireguard" ~/desktop/org/notes/*__history*.org
+
+# Combined search
+rg "wireguard" ~/.claude/history/ ~/desktop/org/notes/*__history*.org
+```
+
+## When to Use History vs Notes
+
+### Use History Directory When:
+- Automatic capture (via hooks)
+- Raw execution logs
+- Session-by-session tracking
+- Chronological organization matters
+
+### Use Denote Notes When:
+- Topic-based organization
+- Long-term reference material
+- Linking related concepts
+- Building knowledge base
+
+### Use Both When:
+- Significant learnings worth referencing
+- Research worth sharing
+- Important decisions
+- Patterns that emerged from multiple sessions
+
+## Benefits of Integration
+
+1. **Chronological + Topical**: History provides timeline, notes provide topics
+2. **Searchable**: Both systems are grep-friendly
+3. **Discoverable**: Notes are easier to browse, history is easier to trace
+4. **Flexible**: Choose the right tool for the context
+5. **Connected**: Bidirectional links maintain relationships
+
+## Best Practices
+
+### Naming Conventions
+- History files: `YYYY-MM-DD-HHMMSS_TYPE_description.md`
+- History notes: `YYYYMMDDTHHMMSS--description__history_type_tags.org`
+
+### Linking
+- Always link history to related notes
+- Always link notes back to history entries
+- Use org-mode file links for portability
+
+### Organization
+- Keep history in `~/.claude/history/` (chronological)
+- Keep notes in `~/desktop/org/notes/` (topical)
+- Use tags consistently in both systems
+
+### Maintenance
+- Review history weekly
+- Create notes for important learnings
+- Archive or delete temporary work
+- Keep the "good stuff" forever
+
+## Implementation Roadmap
+
+### Phase 1: Manual (Current)
+- Manually create history entries
+- Manually create denote notes
+- Manual cross-linking
+
+### Phase 2: Semi-Automated (Near Future)
+- Helper commands to create entries
+- Template generation
+- Automatic cross-linking
+
+### Phase 3: Fully Automated (Future)
+- Hooks capture sessions automatically
+- AI suggests what to save
+- Automatic note generation for significant work
+
+## Quick Reference
+
+### Create Session Entry
+```bash
+DATE=$(date +"%Y-%m")
+TIMESTAMP=$(date +"%Y-%m-%d-%H%M%S")
+mkdir -p ~/.claude/history/sessions/$DATE
+vim ~/.claude/history/sessions/$DATE/${TIMESTAMP}_SESSION_description.md
+```
+
+### Create Learning Entry
+```bash
+DATE=$(date +"%Y-%m")
+TIMESTAMP=$(date +"%Y-%m-%d-%H%M%S")
+mkdir -p ~/.claude/history/learnings/$DATE
+vim ~/.claude/history/learnings/$DATE/${TIMESTAMP}_LEARNING_description.md
+```
+
+### Create History Note (with pkai signature)
+```bash
+TIMESTAMP=$(date +"%Y%m%dT%H%M%S")
+vim ~/desktop/org/notes/${TIMESTAMP}==pkai--topic__history_category_tags.org
+```
+
+Remember: **When in doubt, save to history!** It's better to capture too much than to lose valuable insights.

@@ -0,0 +1,132 @@
+# Prompting Guidelines
+
+## Core Principles
+
+### 1. Be Specific and Clear
+**Bad**: "Fix the code"
+**Good**: "Fix the null pointer dereference in the handleRequest function in server.go:145"
+
+### 2. Provide Context
+**Bad**: "Add error handling"
+**Good**: "Add error handling to the database connection in db.go, following the existing pattern used in cache.go"
+
+### 3. State Desired Outcomes
+**Bad**: "Make it better"
+**Good**: "Reduce memory usage by implementing connection pooling with a maximum of 10 connections"
+
+## Effective Prompting Patterns
+
+### For Research and Exploration
+```
+"Find all files that handle user authentication"
+"Explain how the DNS configuration works in globals.nix"
+"Show me examples of how we use agenix for secrets"
+```
+
+### For Code Changes
+```
+"Add logging to the handleError function, using the same format as in server.go"
+"Refactor the parseConfig function to return an error instead of panicking"
+"Update the NixOS configuration to enable Docker on demeter"
+```
+
+### For Complex Tasks
+```
+"Implement a new feature that allows users to export data as JSON:
+1. Add an export endpoint to the API
+2. Create a JSON serialization function
+3. Add tests for the new functionality
+4. Update the documentation"
+```
+
+### For Debugging
+```
+"The build is failing with error 'undefined: foo'.
+The error appears in cmd/main.go:42.
+I recently added a new import but the function might not be exported."
+```
+
+## Progressive Refinement
+
+Start broad, then narrow:
+1. "How does authentication work in this codebase?"
+2. "Show me the JWT token validation code"
+3. "Add rate limiting to the token refresh endpoint"
+
+## Asking for Explanations
+
+### Request Specific Detail Levels
+- "Give me a high-level overview of..."
+- "Explain in detail how..."
+- "What's the simplest explanation for..."
+
+### Ask for Examples
+- "Show me an example of..."
+- "What would this look like if..."
+- "Can you demonstrate..."
+
+## Leveraging Skills
+
+Invoke specific skills for domain expertise:
+```
+"Using NixOS best practices, add a new service to demeter"
+"Following Go conventions, refactor this error handling"
+"Create a note about today's deployment in denote format"
+```
+
+## Anti-Patterns to Avoid
+
+### ❌ Vague Requests
+"Make it work" - What specifically isn't working?
+
+### ❌ Assuming Context
+"Update the config" - Which config? What update?
+
+### ❌ Multiple Unrelated Tasks
+"Fix the bug, add a feature, and update docs" - Break into separate requests
+
+### ❌ Unclear Success Criteria
+"Improve performance" - By how much? What metrics?
+
+## Iterative Development
+
+Good prompting is often iterative:
+1. Initial request: "Add logging to the API"
+2. Refinement: "Use structured logging with JSON format"
+3. Further refinement: "Include request ID and timestamp in each log entry"
+4. Final touch: "Add log rotation with 7-day retention"
+
+## Using Tools Effectively
+
+### When to mention tools
+- "Use grep to find all TODO comments"
+- "Create a task list for this multi-step operation"
+- "Read the globals.nix file to check the demeter configuration"
+
+### Let the AI choose tools
+Often better to state the goal and let the AI choose appropriate tools:
+- "Find where we define DNS zones" (AI will use grep/glob appropriately)
+- "Show me the athena NixOS configuration" (AI will read the right files)
+
+## Questions and Clarification
+
+Encourage questions:
+- "If anything is unclear, please ask before proceeding"
+- "Let me know if you need more context"
+- "Ask questions if you're uncertain about the approach"
+
+## Feedback Loop
+
+Provide feedback to improve future interactions:
+- "That worked perfectly, thanks!"
+- "The approach was good, but next time please test before deploying"
+- "This is too verbose, just show me the relevant code"
+
+## Remember
+
+The best prompts are:
+1. **Specific** - Clear about what you want
+2. **Contextual** - Provide relevant background
+3. **Goal-oriented** - State the desired outcome
+4. **Iterative** - Refine as you go
+5. **Collaborative** - Work with the AI, not against it

@@ -0,0 +1,119 @@
+# CORE Skill
+
+## Overview
+
+This skill defines the core operating principles and behaviors for personal AI assistance. It auto-loads at session start and establishes foundational patterns.
+
+## Identity and Personality
+
+**Core Traits**:
+- Precision: 95/100 - Accuracy and correctness are paramount
+- Curiosity: 90/100 - Eager to understand and explore deeply
+- Humor: 60/100 - Professional with occasional levity
+- Efficiency: 95/100 - Respect the user's time
+
+## Operating Principles
+
+### 1. Command Line First, Code First
+- Build deterministic CLI tools before AI wrappers
+- Prefer code-based solutions over pure prompts
+- Code is testable, versioned, and shareable
+- AI wraps and enhances existing tools
+
+### 2. Progressive Disclosure
+Load context in three tiers:
+- **Essential**: Core principles and frequently used information
+- **Contextual**: Task-specific knowledge loaded as needed
+- **Reference**: Detailed documentation retrieved on demand
+
+### 3. Structured Communication
+- Get to the point quickly
+- Use clear, scannable formatting
+- Avoid unnecessary preamble
+- Focus on actionable information
+
+### 4. Honesty and Uncertainty
+Explicit permission to:
+- Say "I don't know" when uncertain
+- Ask clarifying questions before proceeding
+- Challenge assumptions when needed
+- Admit mistakes and correct them immediately
+
+## Response Patterns
+
+### Standard Workflow
+1. **Understand**: Clarify the task and requirements
+2. **Plan**: Break down complex tasks (use TodoWrite when appropriate)
+3. **Execute**: Implement systematically
+4. **Verify**: Test and validate results
+5. **Document**: Capture decisions and outcomes
+
+### Tool Selection
+- **Read/Grep/Glob**: For exploration and research
+- **Edit/Write**: For code changes
+- **Bash**: For system operations
+- **Task**: For complex multi-step operations
+- **TodoWrite**: For tracking multi-step tasks
+
+### Model Selection (for agents)
+- **Haiku**: Simple, straightforward tasks
+- **Sonnet**: Standard implementation work (default)
+- **Opus**: Deep reasoning, complex architecture
+
+## Security and Safety
+
+### Deployment Safety
+- **ALWAYS** ask before deploying to remote hosts
+- Dry-build before deploying
+- Confirm target host explicitly
+- Never run destructive operations without permission
+
+### Sensitive Information
+- Protect secrets and credentials
+- Use agenix for encrypted secrets
+- Never commit sensitive data
+- Warn if attempting to commit .env files
+
+## Domain-Specific Guidelines
+
+### NixOS and Home-Manager
+- Check globals.nix for machine definitions
+- Use mkHost/mkHome patterns
+- Follow repository's modular structure
+- Test with dry-builds before deploying
+
+### Go Development
+- Follow standard Go project layout
+- Write table-driven tests
+- Use context.Context appropriately
+- Build for multiple architectures
+
+### Infrastructure Management
+- Verify service dependencies
+- Check DNS configurations in globals.nix
+- Ensure backup systems are working
+- Monitor logs for issues
+
+## Continuous Improvement
+
+Learn from:
+- Usage patterns and workflows
+- Mistakes and failures
+- User feedback and preferences
+- New tools and capabilities
+
+Adapt by:
+- Refining skills based on real usage
+- Adding new patterns that emerge
+- Removing unused or ineffective approaches
+- Staying current with best practices
+
+## Integration with Other Skills
+
+When specialized knowledge is needed, invoke specific skills:
+- `/homelab` for infrastructure management
+- `/golang` for Go development
+- `/nix` for NixOS configuration
+- `/notes` for note-taking
+
+This ensures focused, expert assistance while maintaining consistent core behaviors.

@@ -0,0 +1,430 @@
+# Go Development Best Practices
+
+## Purpose
+Guide Go development following best practices and project conventions.
+
+## Project Structure (for tools in ~/src/home)
+
+### Standard Layout
+```
+tools/<tool-name>/
+├── cmd/
+│   └── <tool-name>/
+│       └── main.go          # Entry point
+├── internal/                # Private application code
+│   ├── config/
+│   ├── handlers/
+│   └── models/
+├── pkg/                     # Public library code (if needed)
+├── go.mod                   # Module definition
+├── go.sum                   # Dependency checksums
+├── README.md
+└── *_test.go               # Tests alongside code
+```
+
+### Integration with Nix
+- Tools source: `/tools/<tool-name>/`
+- Custom packages: `/pkgs/` (exposed via overlays)
+- Testing: Run from tool directory with `go test ./...`
+- Multi-arch: Build for x86_64-linux and aarch64-linux
+
+## Best Practices
+
+### Code Organization
+
+#### Package Naming
+- Use lowercase, single-word names
+- No underscores or camelCase
+- Example: `package config`, `package handler`
+
+#### File Naming
+- Use lowercase with underscores for multi-word names
+- Example: `http_client.go`, `user_handler.go`
+- Test files: `*_test.go`
+
+### Writing Idiomatic Go
+
+#### Error Handling
+```go
+// Good: Wrap errors with context
+if err := doSomething(); err != nil {
+    return fmt.Errorf("failed to do something: %w", err)
+}
+
+// Good: Check errors immediately
+result, err := fetchData()
+if err != nil {
+    return err
+}
+
+// Bad: Ignoring errors
+result, _ := fetchData()  // Don't do this
+```
+
+#### Use context.Context
+```go
+// Good: Accept context as first parameter
+func ProcessRequest(ctx context.Context, req *Request) error {
+    // Use ctx for cancellation, deadlines, values
+    select {
+    case <-ctx.Done():
+        return ctx.Err()
+    case result := <-process(req):
+        return result
+    }
+}
+```
+
+#### Prefer Composition Over Inheritance
+```go
+// Good: Embed types for composition
+type Server struct {
+    logger *Logger
+    cache  *Cache
+}
+
+// Good: Define interfaces
+type DataStore interface {
+    Get(key string) ([]byte, error)
+    Set(key string, value []byte) error
+}
+```
+
+#### Keep Functions Small and Focused
+```go
+// Good: Single responsibility
+func validateEmail(email string) error {
+    if !strings.Contains(email, "@") {
+        return errors.New("invalid email format")
+    }
+    return nil
+}
+
+// Bad: Doing too much
+func processUserAndSendEmail(user User) error {
+    // Validation
+    // Database operations
+    // Email sending
+    // Logging
+    // ... (too many responsibilities)
+}
+```
+
+### Naming Conventions
+
+#### Variables
+- Use camelCase for local variables: `userCount`, `httpClient`
+- Use short names in small scopes: `i`, `err`, `ok`
+- Use descriptive names in larger scopes: `userRepository`, `configManager`
+
+#### Functions and Methods
+- Use camelCase: `getUserByID`, `processRequest`
+- Exported functions start with uppercase: `NewClient`, `ProcessData`
+- Getters don't use "Get" prefix: `user.Name()`, not `user.GetName()`
+
+#### Constants
+- Use camelCase or uppercase with underscores
+- Exported: `MaxRetries`, `DefaultTimeout`
+- Private: `defaultBufferSize`, `maxConnections`
+
+## Testing
+
+### Table-Driven Tests
+```go
+func TestValidateEmail(t *testing.T) {
+    tests := []struct {
+        name    string
+        email   string
+        wantErr bool
+    }{
+        {
+            name:    "valid email",
+            email:   "user@example.com",
+            wantErr: false,
+        },
+        {
+            name:    "missing @",
+            email:   "userexample.com",
+            wantErr: true,
+        },
+    }
+
+    for _, tt := range tests {
+        t.Run(tt.name, func(t *testing.T) {
+            err := validateEmail(tt.email)
+            if (err != nil) != tt.wantErr {
+                t.Errorf("validateEmail() error = %v, wantErr %v", err, tt.wantErr)
+            }
+        })
+    }
+}
+```
+
+### Test Organization
+- Tests in same package: `package mypackage`
+- Tests in separate package: `package mypackage_test` (black-box testing)
+- Use subtests with `t.Run()` for clarity
+- Mock external dependencies using interfaces
+
+### Test Coverage
+- Aim for meaningful coverage, not 100%
+- Focus on critical paths and edge cases
+- Use `go test -cover ./...` to check coverage
+- Don't test trivial code
+
+### Running Tests
+```bash
+# Run all tests
+go test ./...
+
+# Run with coverage
+go test -cover ./...
+
+# Run specific test
+go test -run TestValidateEmail
+
+# Verbose output
+go test -v ./...
+
+# Run tests before committing
+go test ./...
+```
+
+## Common Patterns
+
+### Configuration Management
+```go
+type Config struct {
+    Port     int           `json:"port"`
+    Timeout  time.Duration `json:"timeout"`
+    LogLevel string        `json:"log_level"`
+}
+
+func LoadConfig(path string) (*Config, error) {
+    data, err := os.ReadFile(path)
+    if err != nil {
+        return nil, fmt.Errorf("reading config: %w", err)
+    }
+
+    var cfg Config
+    if err := json.Unmarshal(data, &cfg); err != nil {
+        return nil, fmt.Errorf("parsing config: %w", err)
+    }
+
+    return &cfg, nil
+}
+```
+
+### Graceful Shutdown
+```go
+func main() {
+    ctx, cancel := context.WithCancel(context.Background())
+    defer cancel()
+
+    sigChan := make(chan os.Signal, 1)
+    signal.Notify(sigChan, os.Interrupt, syscall.SIGTERM)
+
+    go func() {
+        <-sigChan
+        log.Println("Shutting down...")
+        cancel()
+    }()
+
+    if err := run(ctx); err != nil {
+        log.Fatal(err)
+    }
+}
+```
+
+### HTTP Client with Timeout
+```go
+client := &http.Client{
+    Timeout: 10 * time.Second,
+    Transport: &http.Transport{
+        MaxIdleConns:        100,
+        MaxIdleConnsPerHost: 10,
+        IdleConnTimeout:     90 * time.Second,
+    },
+}
+```
+
+## Nix Integration
+
+### Building
+```bash
+# Build a Go tool package
+nix build .#<package-name>
+
+# Install to profile
+nix profile install .#<package-name>
+
+# Check what would be built
+nix build .#<package-name> --dry-run
+```
+
+### Testing in Nix
+```bash
+# Enter dev shell
+nix develop
+
+# Run tests
+cd tools/<tool-name>
+go test ./...
+```
+
+### Package Definition
+```nix
+# In pkgs/<package-name>/default.nix
+{ lib, buildGoModule }:
+
+buildGoModule {
+  pname = "tool-name";
+  version = "1.0.0";
+
+  src = ../../tools/tool-name;
+
+  vendorHash = "sha256-...";
+
+  meta = with lib; {
+    description = "Tool description";
+    license = licenses.mit;
+  };
+}
+```
+
+## Common Commands
+
+### Formatting and Linting
+```bash
+# Format code
+gofmt -w .
+
+# Organize imports
+goimports -w .
+
+# Vet code
+go vet ./...
+
+# Run linter
+golangci-lint run
+
+# Fix linter issues automatically
+golangci-lint run --fix
+```
+
+### Dependency Management
+```bash
+# Add dependency
+go get github.com/pkg/errors
+
+# Update dependencies
+go get -u ./...
+
+# Tidy modules
+go mod tidy
+
+# Verify dependencies
+go mod verify
+
+# Vendor dependencies
+go mod vendor
+```
+
+### Build and Run
+```bash
+# Build
+go build -o bin/myapp cmd/myapp/main.go
+
+# Run
+go run cmd/myapp/main.go
+
+# Install
+go install ./cmd/myapp
+```
+
+## Performance
+
+### Benchmarking
+```go
+func BenchmarkFunction(b *testing.B) {
+    for i := 0; i < b.N; i++ {
+        doSomething()
+    }
+}
+```
+
+### Profiling
+```bash
+# CPU profiling
+go test -cpuprofile cpu.prof -bench .
+
+# Memory profiling
+go test -memprofile mem.prof -bench .
+
+# Analyze profile
+go tool pprof cpu.prof
+```
+
+### Optimization Tips
+- Use sync.Pool for frequently allocated objects
+- Prefer slices over arrays when size varies
+- Use buffered channels appropriately
+- Avoid premature optimization - profile first!
+
+## Common Pitfalls to Avoid
+
+### ❌ Goroutine Leaks
+```go
+// Bad: Goroutine never exits
+go func() {
+    for {
+        doWork()
+    }
+}()
+
+// Good: Use context for cancellation
+go func(ctx context.Context) {
+    for {
+        select {
+        case <-ctx.Done():
+            return
+        default:
+            doWork()
+        }
+    }
+}(ctx)
+```
+
+### ❌ Race Conditions
+```go
+// Bad: Concurrent map access
+var cache = make(map[string]string)
+
+// Good: Use sync.Map or mutex
+var cache sync.Map
+```
+
+### ❌ Defer in Loops
+```go
+// Bad: Defers accumulate
+for _, file := range files {
+    f, _ := os.Open(file)
+    defer f.Close()  // Won't close until function exits!
+}
+
+// Good: Close immediately
+for _, file := range files {
+    func() {
+        f, _ := os.Open(file)
+        defer f.Close()
+    }()
+}
+```
+
+## Resources
+
+- Effective Go: https://go.dev/doc/effective_go
+- Go Code Review Comments: https://github.com/golang/go/wiki/CodeReviewComments
+- Standard library documentation: https://pkg.go.dev/std
+
+Remember: Write clear, simple, idiomatic Go code. When in doubt, check the standard library for examples.

@@ -0,0 +1,241 @@
+# Homelab Management Skill
+
+## Purpose
+Expert assistance managing personal NixOS infrastructure in the home repository.
+
+## Repository Structure
+- **Repository location**: ~/src/home
+- **System configs**: /systems/<hostname>/
+- **Home configs**: /home/common/
+- **Custom packages**: /pkgs/
+- **Globals**: globals.nix (machine definitions, DNS zones, VPN)
+- **Tools**: /tools/ (custom Go tools)
+- **Modules**: /modules/ (custom NixOS modules)
+- **Keyboards**: /keyboards/ (QMK/ZMK firmware)
+- **Imperative**: /imperative/ (non-NixOS host configs)
+
+## Key Machines
+
+### Unstable Systems (nixos-unstable)
+- **kyushu**: Desktop/workstation
+- **aomi**: Laptop/portable
+- **sakhalin**: Development
+- **foobar**: Testing
+
+### Stable Systems (25.05)
+- **athena**: Production server
+- **demeter**: Infrastructure server
+- **aix**: Raspberry Pi 4
+- **aion**: Raspberry Pi 4
+- **rhea**: Raspberry Pi 4
+- **kerkouane**: Raspberry Pi 4
+
+### Desktop Types
+- **sway**: Traditional tiling window manager
+- **niri**: Modern scrollable tiling window manager
+
+## Services and Infrastructure
+
+### DNS Management
+- Managed via `globals.nix` zones
+- Update tool: `tools/update-gandi-dns.sh`
+- Provider: Gandi LiveDNS API
+- Domains: demeester.fr, sbr.pm, openshift-pipelines.org, etc.
+
+### VPN Configuration
+- Wireguard configurations in `/modules/`
+- Client module: `modules/wireguard-client`
+- Server module: `modules/wireguard-server`
+- Network topology in `globals.nix`
+
+### Container Services
+- Docker/Podman setups
+- System-manager for containerized services
+- Service definitions per host
+
+### Secrets Management
+- **agenix** for encrypted secrets
+- Yubikeys for age encryption
+- Host SSH keys for system-level decryption
+- Secrets defined in `secrets.nix`
+
+## Common Operations
+
+### Building and Deploying
+```bash
+# Build and switch current system
+make switch
+
+# Build and activate on next boot
+make boot
+
+# Test build without switching
+make dry-build
+
+# Build specific remote host
+make host/<hostname>/build
+
+# Deploy to remote host (boot) - ALWAYS ASK FIRST
+make host/<hostname>/boot
+
+# Deploy to remote host (switch) - ALWAYS ASK FIRST
+make host/<hostname>/switch
+```
+
+### Package Management
+```bash
+# Build a package
+nix build .#<package-name>
+
+# Install a package
+nix profile install .#<package-name>
+
+# List available packages
+nix flake show
+```
+
+### Maintenance
+```bash
+# Format Nix files
+make fmt
+
+# Clean old generations (>15 days) and build results
+make clean
+
+# Update flake inputs
+nix flake update
+
+# Run pre-commit checks
+make pre-commit
+```
+
+### Keyboard Firmware
+```bash
+# Build Moonlander QMK firmware
+make keyboards/moonlander/build
+
+# Build Eyelash Corne ZMK firmware
+make keyboards/eyelash_corne/build
+
+# Generate keymap visualizations
+make keyboards/draw
+make keyboards/<name>/draw
+```
+
+### DNS Operations
+```bash
+# Show current DNS records
+./tools/show-dns.sh
+
+# Update Gandi DNS (requires GANDIV5_PERSONAL_TOKEN)
+make dns-update-gandi
+```
+
+## Safety Protocols
+
+### Deployment Safety
+- **ALWAYS** ask before deploying to remote hosts
+- **ALWAYS** dry-build before deploying
+- **ALWAYS** confirm target host explicitly
+- Check service dependencies before deployment
+- Never deploy automatically
+
+### Git Operations
+- NEVER update git config without asking
+- NEVER run destructive git commands (force push, hard reset) without explicit request
+- NEVER skip hooks (--no-verify) unless explicitly requested
+- NEVER force push to main/master without warning
+
+### Secrets and Security
+- Do not commit files with secrets (.env, credentials.json)
+- Warn if attempting to commit sensitive files
+- Use agenix for all secret management
+- Verify secrets are encrypted before committing
+
+## Architecture Patterns
+
+### Host Configuration
+Each host has:
+- `boot.nix`: Boot configuration (bootloader, initrd, kernel modules)
+- `hardware.nix`: Hardware-specific settings (mounts, hardware imports)
+- `extra.nix` (optional): Additional host-specific config
+- `home.nix` (optional): Host-specific home-manager config
+
+### Adding a New Host
+1. Create `/systems/<hostname>` directory with `boot.nix` and `hardware.nix`
+2. Add host entry in `flake.nix` nixosConfigurations using `libx.mkHost`
+3. Add machine metadata to `globals.nix` (IPs, SSH keys, syncthing ID)
+4. Update `secrets.nix` with host SSH key if using secrets
+
+### Adding a New Package
+1. Create package directory in `/pkgs/<package-name>` with `default.nix`
+2. Add entry to `/pkgs/default.nix` using `pkgs.callPackage`
+3. Package available via `nix build .#<package-name>`
+
+## Pre-commit Hooks
+
+Configured in `flake.nix`:
+- **Go**: gofmt formatting
+- **Nix**: nixfmt-rfc-style formatting, deadnix linting
+- **Python**: flake8, ruff linting
+- **Shell**: shellcheck
+
+Install hooks: `make install-hooks`
+
+## Testing
+
+### Go Tools
+```bash
+cd tools/<tool-name>
+go test ./...
+```
+
+### NixOS Configurations
+```bash
+# Build test
+nixos-rebuild build --flake .#<hostname>
+
+# Dry run
+nixos-rebuild dry-build --flake .#<hostname>
+```
+
+## Troubleshooting
+
+### Build Failures
+1. Check `nix flake check` for issues
+2. Review recent changes with `git diff`
+3. Verify flake.lock is up to date
+4. Check for syntax errors with `nixfmt`
+
+### Deployment Issues
+1. Verify SSH access to target host
+2. Check network connectivity
+3. Review target host logs
+4. Ensure secrets are properly decrypted
+
+### Service Issues
+1. Check systemd status: `systemctl status <service>`
+2. Review logs: `journalctl -u <service>`
+3. Verify configuration in globals.nix
+4. Check dependencies are running
+
+## Quick Reference
+
+### File Locations
+- Machine definitions: `globals.nix`
+- Flake configuration: `flake.nix`
+- Library functions: `lib/default.nix`
+- Overlays: `overlays/default.nix`
+- Common system modules: `systems/common/`
+- Common home modules: `home/common/`
+
+### Environment Variables
+- `XDG_CONFIG_HOME`: `~/.config` (XDG base directories enabled)
+- Nix config: `~/.config/nix/nix.conf`
+
+### Binary Caches
+- vdemeester.cachix.org
+- chapeau-rouge.cachix.org
+- nixos-raspberrypi.cachix.org
+
+Remember: This is a production infrastructure. Always prioritize safety and ask for confirmation before making changes to remote systems.

@@ -0,0 +1,503 @@
+# Nix Best Practices
+
+## Purpose
+Expert guidance on Nix, NixOS, and home-manager following best practices.
+
+## Core Principles
+
+### 1. Declarative Configuration Over Imperative
+```nix
+# Good: Declarative
+services.nginx.enable = true;
+
+# Bad: Imperative
+systemd.services.nginx.postStart = "systemctl start nginx";
+```
+
+### 2. Reproducibility
+Same inputs = Same outputs
+- Pin versions explicitly
+- Use flake.lock for consistency
+- Avoid impure operations
+
+### 3. Modularity
+Break configurations into focused, reusable modules
+```nix
+# Good: Modular
+imports = [
+  ./hardware.nix
+  ./networking.nix
+  ./services.nix
+];
+
+# Bad: Everything in one file
+```
+
+### 4. Version Control Everything
+- Track all Nix configurations in git
+- Commit flake.lock changes
+- Document why changes were made
+
+### 5. Use Flakes for Modern Nix
+Flakes provide:
+- Hermetic evaluation
+- Standardized structure
+- Dependency locking
+- Better caching
+
+## NixOS Configuration Patterns
+
+### Host Configuration Structure
+```nix
+# systems/<hostname>/
+├── boot.nix       # Bootloader, initrd, kernel modules
+├── hardware.nix   # Hardware settings, filesystems, mounts
+├── extra.nix      # Optional: additional host-specific config
+└── home.nix       # Optional: host-specific home-manager config
+```
+
+### Using mkHost Pattern
+```nix
+# In flake.nix
+nixosConfigurations = {
+  hostname = libx.mkHost {
+    hostname = "hostname";
+    system = "x86_64-linux";
+    hardwareType = "desktop";  # or "rpi4"
+    desktop = "sway";          # or "niri", or null
+    nixpkgs = nixpkgs;         # or nixpkgs-25_05 for stable
+  };
+};
+```
+
+### Common Module Organization
+```
+systems/common/
+├── base/          # Essential base configuration
+├── desktop/       # Desktop environment configs
+├── hardware/      # Hardware-specific modules
+├── programs/      # Application configurations
+├── services/      # System services
+└── users/         # User account definitions
+```
+
+### Checking globals.nix
+Always check `globals.nix` for:
+- Machine definitions (IPs, SSH keys)
+- DNS zone configurations
+- VPN settings
+- Syncthing device IDs
+- Network topology
+
+## Module Best Practices
+
+### Define Options Properly
+```nix
+{ config, lib, pkgs, ... }:
+
+{
+  options = {
+    services.myservice = {
+      enable = lib.mkEnableOption "my service";
+
+      port = lib.mkOption {
+        type = lib.types.port;
+        default = 8080;
+        description = "Port to listen on";
+      };
+
+      configFile = lib.mkOption {
+        type = lib.types.path;
+        description = "Path to configuration file";
+      };
+    };
+  };
+
+  config = lib.mkIf config.services.myservice.enable {
+    # Implementation
+  };
+}
+```
+
+### Use Types Correctly
+Common types:
+- `types.bool` - Boolean values
+- `types.int` - Integers
+- `types.str` - Strings
+- `types.path` - File system paths
+- `types.port` - Network ports (1-65535)
+- `types.listOf types.str` - Lists
+- `types.attrs` - Attribute sets
+- `types.package` - Nix packages
+
+### Leverage mkIf, mkMerge, mkDefault
+```nix
+# Conditional configuration
+config = lib.mkIf config.services.myservice.enable {
+  # ...
+};
+
+# Merge multiple configurations
+config = lib.mkMerge [
+  { always.present = true; }
+  (lib.mkIf condition { conditional.value = true; })
+];
+
+# Provide defaults that can be overridden
+services.myservice.port = lib.mkDefault 8080;
+```
+
+## Package Development
+
+### Use callPackage Pattern
+```nix
+# In pkgs/default.nix
+{
+  mypackage = pkgs.callPackage ./mypackage { };
+  mytool = pkgs.callPackage ./mytool { };
+}
+```
+
+### Package Definition
+```nix
+# pkgs/mypackage/default.nix
+{ lib
+, stdenv
+, fetchFromGitHub
+, buildGoModule  # or rustPlatform, python3Packages, etc.
+}:
+
+buildGoModule rec {
+  pname = "mypackage";
+  version = "1.0.0";
+
+  src = fetchFromGitHub {
+    owner = "owner";
+    repo = "repo";
+    rev = "v${version}";
+    hash = "sha256-...";
+  };
+
+  vendorHash = "sha256-...";
+
+  meta = with lib; {
+    description = "Package description";
+    homepage = "https://example.com";
+    license = licenses.mit;
+    maintainers = with maintainers; [ ];
+    platforms = platforms.linux;
+  };
+}
+```
+
+### Using Overlays
+```nix
+# overlays/default.nix
+{ inputs }:
+{
+  additions = final: _prev: import ../pkgs { pkgs = final; };
+
+  modifications = final: prev: {
+    # Override existing packages
+    somepackage = prev.somepackage.overrideAttrs (old: {
+      version = "custom";
+    });
+  };
+}
+```
+
+## Flake Management
+
+### Essential Commands
+```bash
+# Lock dependencies
+nix flake lock
+
+# Update all inputs
+nix flake update
+
+# Update specific input
+nix flake update nixpkgs
+
+# Check flake validity
+nix flake check
+
+# Show flake outputs
+nix flake show
+
+# Show flake metadata
+nix flake metadata
+```
+
+### Flake Structure
+```nix
+{
+  description = "Flake description";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+  };
+
+  outputs = { self, nixpkgs }: {
+    nixosConfigurations = { ... };
+    homeConfigurations = { ... };
+    packages = { ... };
+    devShells = { ... };
+  };
+}
+```
+
+## Home-Manager Patterns
+
+### Environment Variables
+```nix
+home.sessionVariables = {
+  EDITOR = "vim";
+  VISUAL = "vim";
+  BROWSER = "firefox";
+};
+```
+
+### XDG Config Files
+```nix
+# Symlink static files
+xdg.configFile."myapp/config.yml".source = ./myapp-config.yml;
+
+# Generate files dynamically
+xdg.configFile."myapp/generated.conf".text = ''
+  setting1 = ${someValue}
+  setting2 = value2
+'';
+
+# Make executable
+xdg.configFile."bin/script.sh" = {
+  source = ./script.sh;
+  executable = true;
+};
+```
+
+### Services
+```nix
+# User-level systemd service
+systemd.user.services.myservice = {
+  Unit = {
+    Description = "My Service";
+    After = [ "network.target" ];
+  };
+
+  Service = {
+    ExecStart = "${pkgs.mypackage}/bin/myservice";
+    Restart = "on-failure";
+  };
+
+  Install = {
+    WantedBy = [ "default.target" ];
+  };
+};
+```
+
+## Secrets Management with agenix
+
+### Define Secrets
+```nix
+# secrets.nix
+let
+  user = "ssh-ed25519 AAAAC3...";
+  system = "ssh-ed25519 AAAAC3...";
+in {
+  "secret.age".publicKeys = [ user system ];
+}
+```
+
+### Use Secrets in Configuration
+```nix
+{
+  age.secrets.mySecret = {
+    file = ../secrets/mySecret.age;
+    owner = "myuser";
+    group = "mygroup";
+  };
+
+  # Reference in config
+  services.myservice.passwordFile = config.age.secrets.mySecret.path;
+}
+```
+
+### Encrypt Secrets
+```bash
+# Encrypt a secret
+agenix -e secrets/mySecret.age
+
+# Re-key all secrets
+agenix -r
+```
+
+## Safety and Testing
+
+### Build Without Switching
+```bash
+# Build configuration
+nixos-rebuild build --flake .#<hostname>
+
+# Dry run (show what would change)
+nixos-rebuild dry-build --flake .#<hostname>
+
+# Test without adding to bootloader
+nixos-rebuild test --flake .#<hostname>
+```
+
+### Rollback Strategy
+```bash
+# List generations
+nixos-rebuild list-generations
+
+# Rollback to previous generation
+nixos-rebuild switch --rollback
+
+# Switch to specific generation
+nixos-rebuild switch --switch-generation <number>
+```
+
+### Keep Old Generations
+- Never delete all old generations
+- Keep at least 2-3 recent generations for rollback
+- Clean periodically with: `nix-collect-garbage -d`
+
+## Common Patterns
+
+### Conditional Imports
+```nix
+imports = [
+  ./base.nix
+] ++ lib.optionals (desktop != null) [
+  ./desktop/${desktop}
+];
+```
+
+### String Interpolation
+```nix
+# Simple
+message = "Hello ${name}";
+
+# Multi-line
+config = ''
+  setting1 = ${value1}
+  setting2 = ${value2}
+'';
+
+# Escape $
+script = ''
+  echo "Nix variable: ${nixVar}"
+  echo "Shell variable: ''${shellVar}"
+'';
+```
+
+### List Operations
+```nix
+# Concatenation
+all = list1 ++ list2;
+
+# Filter
+filtered = lib.filter (x: x > 5) list;
+
+# Map
+doubled = map (x: x * 2) list;
+```
+
+### Attribute Set Operations
+```nix
+# Merge
+merged = set1 // set2;
+
+# Recursive merge
+merged = lib.recursiveUpdate set1 set2;
+
+# Filter attributes
+filtered = lib.filterAttrs (n: v: v != null) attrs;
+
+# Map attributes
+mapped = lib.mapAttrs (n: v: v * 2) attrs;
+```
+
+## Debugging
+
+### Print Values
+```nix
+# Use lib.traceVal for debugging
+value = lib.traceVal someExpression;
+
+# Trace with message
+value = lib.traceValSeq "message" someExpression;
+```
+
+### Evaluate Expressions
+```bash
+# Evaluate Nix expression
+nix eval .#nixosConfigurations.hostname.config.services.nginx.enable
+
+# Show derivation
+nix show-derivation .#package
+
+# Inspect store path
+nix path-info .#package
+```
+
+### Common Issues
+
+#### Hash Mismatch
+```bash
+# Update hash for fetchFromGitHub
+nix-prefetch-github owner repo --rev <commit-hash>
+
+# Update vendor hash for Go modules
+# Set vendorHash = lib.fakeSha256;
+# Build will fail with correct hash
+```
+
+#### Import Cycles
+- Check for circular imports
+- Use `lib.mkIf` to break cycles
+- Restructure module organization
+
+## Performance
+
+### Build Optimization
+- Use binary caches
+- Avoid rebuilding unnecessarily
+- Keep flake.lock updated but stable
+- Use `nix-direnv` for development shells
+
+### Evaluation Speed
+- Minimize use of `import`
+- Use `builtins` wisely
+- Avoid expensive list operations in hot paths
+
+## Resources
+
+- NixOS Manual: https://nixos.org/manual/nixos/stable/
+- Nix Package Manual: https://nixos.org/manual/nixpkgs/stable/
+- Home-Manager Manual: https://nix-community.github.io/home-manager/
+- Nix Pills: https://nixos.org/guides/nix-pills/
+
+## Repository-Specific Patterns
+
+### For ~/src/home Repository
+
+#### Adding a New Host
+1. Create `/systems/<hostname>` with `boot.nix`, `hardware.nix`
+2. Add to `flake.nix` using `libx.mkHost`
+3. Update `globals.nix` with machine metadata
+4. Add to `secrets.nix` if using secrets
+
+#### Adding a New Package
+1. Create `/pkgs/<package-name>/default.nix`
+2. Add to `/pkgs/default.nix` with `callPackage`
+3. Test with `nix build .#<package-name>`
+
+#### Common Commands
+- Build: `make switch`
+- Format: `make fmt`
+- Clean: `make clean`
+- Deploy: `make host/<hostname>/switch` (ask first!)
+
+Remember: Nix is about reproducibility and declarative configuration. When in doubt, consult the manuals and follow the patterns established in the repository.