From 4ab575a73badbe8021690c601332e6699507fb47 Mon Sep 17 00:00:00 2001 From: Lumpiasty Date: Fri, 19 Jun 2026 18:06:47 +0200 Subject: [PATCH] add antigravity provider for opencode --- home-modules/dev.nix | 18 ++-- overlays/pkgs.nix | 1 + pkgs/opencode-antigravity-auth/default.nix | 96 ++++++++++++++++++++++ 3 files changed, 110 insertions(+), 5 deletions(-) create mode 100644 pkgs/opencode-antigravity-auth/default.nix diff --git a/home-modules/dev.nix b/home-modules/dev.nix index fdd518a..18e18bf 100644 --- a/home-modules/dev.nix +++ b/home-modules/dev.nix @@ -94,15 +94,23 @@ dua ]; - # Inject the opencode-claude-auth plugin into the user's opencode.json without - # overwriting it — replaces any stale store path for this plugin and adds if absent. - home.activation.opencodeClaudeAuth = lib.hm.dag.entryAfter [ "writeBoundary" ] '' + # Inject opencode auth plugins into the user's opencode.json without + # overwriting it — replaces any stale store path for each plugin and adds if absent. + # NOTE: opencode-antigravity-auth authenticates against Google's Antigravity + # backend (where consumer AI Pro/Ultra quota moved after the June 18 2026 + # Gemini CLI/Code Assist OAuth shutdown). Using it violates Google's ToS and + # may get the Google account banned — accepted risk, see the plugin README. + home.activation.opencodePlugins = lib.hm.dag.entryAfter [ "writeBoundary" ] '' cfg="$HOME/.config/opencode/opencode.json" mkdir -p "$(dirname "$cfg")" [ -f "$cfg" ] || echo '{}' > "$cfg" tmp=$(mktemp) - ${pkgs.jq}/bin/jq --arg path "file://${pkgs.opencode-claude-auth}" ' - .plugin = ((.plugin // []) | map(select(test("opencode-claude-auth") | not)) + [$path]) + ${pkgs.jq}/bin/jq \ + --arg claude "file://${pkgs.opencode-claude-auth}" \ + --arg antigravity "file://${pkgs.opencode-antigravity-auth}" ' + .plugin = ((.plugin // []) + | map(select((test("opencode-claude-auth") or test("opencode-gemini-auth") or test("opencode-antigravity-auth")) | not)) + + [$claude, $antigravity]) ' "$cfg" > "$tmp" && mv "$tmp" "$cfg" ''; diff --git a/overlays/pkgs.nix b/overlays/pkgs.nix index 5bd8538..73c65bc 100644 --- a/overlays/pkgs.nix +++ b/overlays/pkgs.nix @@ -5,6 +5,7 @@ (final: prev: { oh-my-pi = final.callPackage ../pkgs/oh-my-pi { inherit (final) bun2nix; }; opencode-claude-auth = prev.callPackage ../pkgs/opencode-claude-auth { }; + opencode-antigravity-auth = final.callPackage ../pkgs/opencode-antigravity-auth { inherit (final) bun2nix; }; # Build failure 08.05.2026 # https://github.com/NixOS/nixpkgs/issues/513245#issuecomment-4320293674 openldap = prev.openldap.overrideAttrs { diff --git a/pkgs/opencode-antigravity-auth/default.nix b/pkgs/opencode-antigravity-auth/default.nix new file mode 100644 index 0000000..cd2c0bc --- /dev/null +++ b/pkgs/opencode-antigravity-auth/default.nix @@ -0,0 +1,96 @@ +{ stdenv, fetchurl, runCommand, bun, bun2nix }: + +# opencode-antigravity-auth ships only `dist/` in its npm tarball and relies on +# runtime `dependencies` (@opencode-ai/plugin, @openauthjs/openauth, zod, ...). +# opencode loads it via a file:// path and does NOT install those deps, so the +# tarball-only approach fails at load time with "Cannot find module +# '@opencode-ai/plugin'". We therefore vendor node_modules with bun2nix. +# +# bun.lock and bun.nix are generated on the fly rather than committed. +# +# The tarball ships no lockfile, so we synthesize one with `bun install +# --lockfile-only`. Resolving npm version ranges (e.g. "^4.1.4") into exact +# versions requires registry access, and Nix only permits network inside a +# fixed-output derivation — hence `lockfileHash` below. This is the single +# unavoidable hash for the dep graph: it pins the resolved lockfile, which in +# turn (via bun2nix -> fetchBunDeps) pins every transitive dependency, each +# fetched as its own hash-checked FOD. bun.nix itself stays uncommitted and +# is derived deterministically from the pinned lockfile. +# +# Bump `version`, `hash`, and `lockfileHash` together. To refresh lockfileHash, +# set it to lib.fakeHash, build, and copy the "got:" value from the error. + +let + version = "1.6.0"; + + src = fetchurl { + url = "https://registry.npmjs.org/opencode-antigravity-auth/-/opencode-antigravity-auth-${version}.tgz"; + hash = "sha256-bLoDjJHuHczxKbslyZSm4zKg5FhdRLdUteKXFmqVlHQ="; + }; + + # Fixed-output derivation: network-enabled, produces only the resolved + # bun.lock. Determinism is enforced by lockfileHash. + bunLock = stdenv.mkDerivation { + name = "opencode-antigravity-auth-bun.lock"; + inherit src; + sourceRoot = "package"; + nativeBuildInputs = [ bun ]; + + buildPhase = '' + export HOME="$TMPDIR" + bun install --lockfile-only --no-progress + ''; + installPhase = "cp bun.lock $out"; + + outputHashMode = "flat"; + outputHashAlgo = "sha256"; + outputHash = "sha256-H+m181VozFyEEQVrOZTienj15Bgn1UXTG/G/B9gy1UE="; + }; + + # Derive a source tree containing the resolved bun.lock and a bun.nix + # generated from it. Fully offline — no network needed here. + srcWithBunNix = runCommand "opencode-antigravity-auth-src" { + nativeBuildInputs = [ bun2nix ]; + } '' + mkdir -p $out + # The npm tarball unpacks to a top-level `package/` directory. + tar xzf ${src} --strip-components=1 -C $out + chmod -R u+w $out + + cp ${bunLock} $out/bun.lock + bun2nix --lock-file $out/bun.lock --output-file $out/bun.nix + ''; +in +stdenv.mkDerivation { + pname = "opencode-antigravity-auth"; + inherit version; + + src = srcWithBunNix; + + nativeBuildInputs = [ bun2nix.hook ]; + + # The bun cache (symlink farm) built from the generated bun.nix. The hook + # copies this into a writable BUN_INSTALL_CACHE_DIR and runs `bun install + # --offline` against it to materialize node_modules with no network. + bunDeps = bun2nix.fetchBunDeps { + bunNix = "${srcWithBunNix}/bun.nix"; + }; + + # This is a plugin (a library directory), not an app: skip bun build/check. + dontUseBunBuild = true; + dontUseBunCheck = true; + dontRunLifecycleScripts = true; + + installPhase = '' + runHook preInstall + + mkdir -p $out + cp -r dist package.json node_modules $out/ + [ -f README.md ] && cp README.md $out/ || true + [ -f LICENSE ] && cp LICENSE $out/ || true + + runHook postInstall + ''; + + dontFixup = true; +}