nip/profiles/README.md

# NIP Profiles

NIP supports two types of profiles for different purposes:

## 1. Security Profiles (Nippels)

Security profiles define isolation levels and security settings for Nippels (user-level application environments). These profiles determine how applications are isolated and what system resources they can access.

### Available Security Profiles

| Profile | Isolation | Desktop | Network | Use Case |
|---------|-----------|---------|---------|----------|
| **Workstation** | Standard | Yes | Full | Work computers with desktop integration |
| **Homestation** | Standard | Yes | Relaxed | Home use (default profile) |
| **Satellite** | Strict | Yes | Limited | Laptops and mobile devices |
| **Network/IOT** | Strict | No | Minimal | Embedded devices and IoT |
| **Server** | Strict | No | Controlled | Server deployments |

### Security Profile Files

- `security/workstation.kdl` - Workstation security profile
- `security/homestation.kdl` - Homestation security profile (default)
- `security/satellite.kdl` - Satellite/mobile security profile
- `security/network-iot.kdl` - Network/IOT security profile
- `security/server.kdl` - Server security profile

### Usage

```bash
# Create Nippel with specific security profile
nip cell create dev-env --profile Workstation

# Create with custom isolation
nip cell create secure-env --profile Satellite --isolation Strict
```

## 2. Build Profiles

Build profiles define compiler flags, optimization levels, and domain-specific features for building packages from source. These profiles determine how packages are compiled and what features are enabled.

### Available Build Profiles

- `build/desktop.kdl` - Desktop workstation build configuration
- `build/server.kdl` - Production server build configuration
- `build/minimal.kdl` - Minimal/embedded build configuration
- `build/developer.kdl` - Development build configuration
- `build/gaming-rig.kdl` - Gaming-optimized build configuration
- `build/ml-workstation.kdl` - Machine learning workstation configuration
- `build/fleet-node.kdl` - Fleet management node configuration

### Build Profile Structure

Build profiles define:
- **Domain flags**: Feature domains (init, runtime, graphics, audio, security, etc.)
- **Compiler settings**: CFLAGS, CXXFLAGS, LDFLAGS, MAKEFLAGS
- **Optimization levels**: -O2, -O3, -Os, LTO, etc.
- **Security hardening**: PIE, RELRO, stack protector, fortify

### Usage

```bash
# Build package with specific profile
nip build vim --profile desktop

# Build with custom flags
nip build nginx --profile server +ssl+http2
```

## 3. Custom Profiles

You can create custom profiles by copying and modifying existing profiles:

```bash
# Copy existing profile
cp nip/profiles/security/homestation.kdl ~/.config/nip/profiles/security/my-profile.kdl

# Edit to customize
vim ~/.config/nip/profiles/security/my-profile.kdl

# Use custom profile
nip cell create my-env --profile my-profile
```

### Profile Search Order

NIP searches for profiles in this order:
1. `~/.config/nip/profiles/` (user profiles)
2. `/etc/nip/profiles/` (system profiles)
3. `<nip-install>/profiles/` (default profiles)

## Examples

See the `examples/` directory for additional profile examples:
- `examples/gaming-rig.kdl` - Gaming-optimized configuration
- `examples/ml-workstation.kdl` - Machine learning workstation
- `examples/developer.kdl` - Developer workstation

## Documentation

For more information:
- [Nippels Documentation](../docs/nipcells.md) - Security profiles and isolation
- [Build System Documentation](../docs/build-system.md) - Build profiles and compilation
- [Profile Specification](../../.kiro/nip/specs/nexuscells/requirements.md) - Technical specification

## Contributing

When creating new profiles:
1. Follow the KDL format used in existing profiles
2. Document the profile's purpose and use case
3. Test the profile with common packages
4. Submit a pull request with your profile

---

**Profile System Version:** 1.0
**Last Updated:** November 18, 2025