My linux config and rc files https://git.sommerfeld.dev/dotfiles/atom/dot_config/nvim/lua/config?h=master 2026-05-20T12:56:09Z 2026-05-20T12:56:09Z sommerfeld sommerfeld@sommerfeld.dev 2026-05-20T12:56:09Z urn:sha1:2d9ed00606be2f8c63aba719d00adf70fe6d4393 LSPs, formatters, linters, and the lldb-dap debugger now come from ~/.nix-profile/bin (see nix/common.nix). lspconfig keeps the default configs; we just opt-in via vim.lsp.enable() with an explicit list. Changes: - dot_config/nvim/lua/plugins/lsp.lua: drop mason*, replace mason-lspconfig handler with explicit vim.lsp.enable({...}); drop groovy/jenkins formatters and lint entries; drop systemd lint (nginx + groovy + systemdlint tools dropped per plan). - dot_config/nvim/lua/plugins/debug.lua: drop mason-nvim-dap; drop codelldb adapter; switch dap.configurations.cpp to type='lldb' (lldb-dap is the upstream successor, ships with pkgs.lldb). - dot_config/nvim/init.lua: remove mason.nvim, mason-lspconfig.nvim, mason-tool-installer.nvim, mason-nvim-dap.nvim from vim.pack.add. - dot_config/nvim/lua/config/update.lua: remove MasonToolsUpdateSync. - dot_config/zsh/dot_zshrc: flip plugin source order — prefer ~/.nix-profile/share, fall back to /usr/share/zsh (was the other way around). - nix/bootstrap.sh: drop the uv-python3.11 step (no longer needed once Mason no longer source-builds Python LSPs on Ubuntu 20.04). Phase 6 of the nix-on-host migration plan. 2026-05-20T12:56:08Z sommerfeld sommerfeld@sommerfeld.dev 2026-05-20T12:56:08Z urn:sha1:0bdd2fe6a755c8bf6582ad2258921751cd14653e nvim_create_user_command passes the callback a table with command metadata (args, bang, ...). Newer neovim's vim.pack.update validates its first arg as a list of names — that metadata table fails the list check with 'names: expected list, got table'. Wrap it. 2026-05-14T10:51:01Z sommerfeld sommerfeld@sommerfeld.dev 2026-05-14T10:51:01Z urn:sha1:e20942db608da333482d7485f123342962e1127a Previously `clipboard` was set to empty inside SSH sessions on the assumption no clipboard tool would be reachable. That broke yank → host-clipboard on the remote-dev VM. nvim ≥0.10 ships a built-in OSC 52 provider (vim.ui.clipboard.osc52). The terminal emulator (ghostty locally, zellij forwarding inside it) handles the escape sequence and writes to the host's clipboard, so we get yank-to-host without needing wl-copy/xclip on the VM. Paste over OSC 52 is rarely supported by terminals (security), so we wire it but it's effectively a no-op; bracketed paste from the terminal still delivers clipboard contents into the buffer. 2026-05-13T12:43:34Z sommerfeld sommerfeld@sommerfeld.dev 2026-05-13T12:43:34Z urn:sha1:550e8d555b47e01679035c94728a6ff21d5089cd Two related changes around the 'just update' UX: 1. nvim-update no longer runs --headless. The diff buffer that vim.pack.update opens *is* the per-plugin changelog, and that was being thrown away under headless. Drop --headless from the justfile recipe and the trailing :qa! from config.update.run() so the buffer stays open until the user reviews and quits manually. Mason output was already visible because mason-tool-installer print()s. 2. New waybar 'custom/update' module + matching mako notification as a gentle staleness reminder, replacing any temptation to run unattended pacman -Syu (a bad idea on Arch: rolling, news-driven manual interventions, AUR rebuilds, partial-upgrade hazards). Source of truth: /var/log/pacman.log — last '[PACMAN] starting full system upgrade'. No daemon, no -Sy poll, no extra state file beyond a per-session notify-throttle stamp in $XDG_RUNTIME_DIR. Tiers (hours since last full upgrade): < 24h hidden (":empty" via #custom-update.fresh padding 0) 24-168h yellow + normal-urgency mako, throttled to 1/24h >= 168h red + critical-urgency mako, throttled to 1/24h Click runs 'just update' in a floating ghostty. 2026-05-13T12:43:31Z sommerfeld sommerfeld@sommerfeld.dev 2026-05-13T12:43:31Z urn:sha1:3d263bdbb48e7616a12af26ef094e5a416f9a735 doas's one-shot password and absent 'sudo -v' kept wasting hour-long paru AUR builds. sudo-rs is a memory-safe Rust rewrite (ISRG/Ferrous Systems), drop-in CLI compatible, and the same one Ubuntu 25.10 ships as default. We follow the Arch wiki 'Using sudo-rs without the sudo package' recipe verbatim — no custom shims. - meta/base.txt: -doas-sudo-shim +sudo-rs - etc/sudoers-rs (mode 0440): wiki minimal config + NOPASSWD reboot/poweroff - etc/pam.d/sudo: 4-line copy of upstream sudo's PAM file - run_onchange_after_deploy-etc.sh.tmpl: use real sudo, deploy sudoers-rs at 0440, create /etc/pam.d/sudo-i and /usr/local/bin/{sudo,sudoedit, su,visudo} → sudo-rs symlinks idempotently - delete etc/doas.conf, dot_local/bin/{doasedit,sudo} - zshrc: drop sudo=doas/sudoedit=doasedit aliases; rewrite ss/gimme/ pacdiff/ssys to call sudo - justfile: s/doas/sudo/g (status/diff/restore helpers) - nvim: rename :DoasWrite → :SudoWrite (uses sudo -S) - sway config: reboot/poweroff buttons call sudo - bootstrap.sh: update step-5 comment - README/KEYBINDS/copilot-instructions: flip the privesc convention No Defaults overrides: sudo's defaults (passwd_tries=3, timestamp_timeout=5) already fix the doas pain, and paru SudoLoop (kept) refreshes the 5-min window via real sudo -v. 2026-05-13T12:43:09Z sommerfeld sommerfeld@sommerfeld.dev 2026-05-13T12:43:09Z urn:sha1:757569a9eb007da2d23e518f4120374881bf1d90 selene's neovim stdlib doesn't expose io.stdout:write/:flush. print() goes to the same place in headless mode and is already allowed. 2026-05-13T12:43:09Z sommerfeld sommerfeld@sommerfeld.dev 2026-05-13T12:43:09Z urn:sha1:effc568d9676e061f58d45df2d5c5634ef0f760e New recipes (new 'Updates' section after 'Day-to-day'): - update: pkg-update nvim-update - pkg-update: paru -Syu - nvim-update: nvim --headless +'lua require("config.update").run()' New dot_config/nvim/lua/config/update.lua drives the headless session: clean orphan plugins, vim.pack.update with force=true (skips the confirm buffer since this is unattended; changes still go to nvim-pack.log), then :MasonToolsUpdateSync — the blocking variant intended for headless Interactive :PackSync stays unchanged (confirm buffer remains visible for reviewed updates). 2026-05-13T12:43:09Z sommerfeld sommerfeld@sommerfeld.dev 2026-05-13T12:43:09Z urn:sha1:fc09c6d0a9616e8bbf43b65020bc8ba638ad13eb Auto-writing it defeated the purpose — no feedback on what changed. Now :PackUpdate and :PackSync show the confirm buffer; user reviews and :w to apply or :q to cancel. Matches vim.pack's intended UX. 2026-05-13T12:43:09Z sommerfeld sommerfeld@sommerfeld.dev 2026-05-13T12:43:09Z urn:sha1:e83d5d1ef9476544e8843cc643c48f71c656375c It drives its async git ops with internal vim.wait and makes the confirm buffer current before returning. No need for a FileType autocmd: just write the buffer if the filetype matches (guards the 'Nothing to update' case where no buffer is created). 2026-05-13T12:43:08Z sommerfeld sommerfeld@sommerfeld.dev 2026-05-13T12:43:08Z urn:sha1:9ad73cc8504fb836bde7ded6a6c62669174b4c7c Using force=true hid all feedback. Now we let vim.pack.update open its confirmation buffer (showing pending changes) and auto-:write it via a one-shot FileType=nvim-pack autocmd. User sees what updated.