dotfiles/remote-dev/README.md, branch master

refactor(nix): promote remote-dev/ to nix/ with common/vm/host split

2026-05-20T12:56:09Z

Restructures the Home-Manager profile to support both the Arch host and the Ubuntu remote-dev VM from the same flake. - remote-dev/ → nix/ (hard rename; .chezmoiignore updated) - home.nix split into common.nix (shared), vm.nix (Mason runtime carve-outs + podman stack), host.nix (gpg scdaemon delegation to system pcscd) - flake.nix exposes homeConfigurations.{vm,host} via a mkProfile helper - rj alias in dot_zshrc updated to ~/.local/share/dotfiles/nix - bootstrap.sh / justfile updated to use #vm against the new path The split is behaviour-preserving for the VM: vm.nix + common.nix together carry the same package set as the previous home.nix. host.nix is provisioned but not yet wired into bootstrap (phase p8). Phase 1 of the nix-on-host migration plan.

feat(remote-dev): silence podman cgroups-v1 deprecation warning

2026-05-19T14:21:19Z

Ubuntu 20.04 still defaults to cgroups v1; podman 5 emits a deprecation warning on every single invocation. Flipping the host to v2 is a reboot that affects every workload and only matters if we need rootless --memory/--cpus, so just silence the warning via the documented PODMAN_IGNORE_CGROUPSV1_WARNING env var on the home-manager side.

docs(remote-dev): mark cgroups v2 switch as optional

2026-05-19T14:16:09Z

Affects the whole host and requires a reboot — only worth doing if you need rootless --memory/--cpus limits. Rootless podman otherwise runs fine on cgroups v1.

feat(remote-dev): rootless podman setup

2026-05-19T14:16:05Z

Adds podman + helpers (crun, conmon, netavark, aardvark-dns, slirp4netns, passt) to the home-manager profile, plus rootless-sane registries.conf, storage.conf (overlay driver, kernel-native — VM kernel 5.15 supports rootless overlay since 5.13, no fuse-overlayfs needed), and policy.json. Documents host-side prerequisites in remote-dev/README.md: install uidmap, ensure subuid/subgid entries for the user, and enable cgroups v2 (systemd.unified_cgroup_hierarchy=1) so rootless resource limits work on Ubuntu 20.04.

fix(remote-dev): install basedpyright outside Mason

2026-05-14T11:29:15Z

Mason's pypi distribution of basedpyright pulls nodejs-wheel-binaries which only ships manylinux_2_28 Linux wheels. uv's python-build- standalone interpreter is tagged manylinux2014 (glibc 2.17 for max portability) and rejects those wheels; pip then falls back to building Node 24 from source, which fails on Ubuntu 20.04's gcc 9.4 (needs gcc >=10 for -std=gnu++20). Provide basedpyright via the system package manager instead: - pacman on Arch (added to meta/base.txt) - pkgs.basedpyright on the VM (added to remote-dev/home.nix) Drop it from mason-tool-installer's ensure_installed; lspconfig picks it up from PATH. Document the exception in remote-dev/README.md.

fix(remote-dev): switch python3.11 source from deadsnakes PPA to uv

2026-05-14T11:12:55Z

The deadsnakes PPA may not be reachable on every VM (corporate apt proxy, Ubuntu derivatives that add-apt-repository misdetects, etc.). `uv python install 3.11` works on any distro: it fetches a portable python-build-standalone CPython into ~/.local/share/uv/python/, which is manylinux-wheel-compatible. Symlink the resulting binary to ~/.local/bin/python3.11 (already on PATH from zprofile). Move the step to after `home-manager switch` since uv comes from the nix profile.

fix(remote-dev): use deadsnakes python3.11 instead of nix for Mason

2026-05-14T11:05:10Z

Nix's python rejects manylinux wheels by design (its libc is patched), which forced pip in Mason's per-pkg venvs to compile nodejs-wheel-binaries (pulled in by basedpyright) from source. That source build then failed on Ubuntu 20.04's gcc 9.4 — Node 24 requires C++20 (g++ >= 12.2.0). Replace the nix python311-versioned-only derivation with an Ubuntu-native python3.11 from the deadsnakes PPA. It satisfies Mason's >=3.10 version requirement, accepts manylinux wheels, and the versioned binary name leaves /usr/bin/python3 untouched (leaf-tools policy preserved).

fix(nvim,remote-dev): fall back to PATH node + provide JRE/shellharden/python3-venv

2026-05-14T10:31:44Z

copilot.lua was hard-coding the chezmoi-pinned Node 24 at ~/.local/share/copilot-node/bin/node, which only exists on the Arch host where chezmoi runs run_onchange_after_install-copilot-node.sh. On the remote-dev VM the path is absent, so copilot-language-server spawned with cmd[0]= and printed 'Could not determine Node.js version'. Probe the pinned path with vim.fn.executable() and fall back to 'node' from PATH otherwise. For the VM PATH 'node' to be a supported version, switch home.nix from the rolling 'nodejs' alias to 'nodejs_24' (the version the chezmoi script also pins on the host). Address the cluster of Mason install failures on the VM: - autotools-language-server, codespell, mdformat, nginx-language-server, systemdlint -- pip-installed; fail because Ubuntu's python3 ships without venv. bootstrap.sh now apt-installs python3-venv; README documents the manual command for existing VMs. - groovy-language-server -- needs a JRE. Add 'jre' to home.packages. - shellharden -- Mason's cargo fallback can't run under our leaf-tools policy. Provide the binary via nix-profile instead so Mason finds it on PATH.

feat(remote-dev): add justfile with update/pull/switch/gc recipes

2026-05-14T10:25:43Z

Wraps the bootstrap-day-2 incantations so you don't have to remember `home-manager switch --impure --flake '.#vm' -b backup` and its zsh quoting gotcha. Recipes: - `just update` — pull + switch (the everyday one) - `just pull` — config-only changes, no nix rebuild - `just switch` — rebuild HM from the current checkout - `just gc` — expire HM generations >7d and gc the nix store README updated to use these.

docs(remote-dev): quote flake ref so zsh extendedglob doesn't choke

2026-05-14T10:08:13Z

`home-manager switch --flake .#vm` fails under our zsh (which sets `extendedglob`) because `#` then becomes a glob qualifier and `.#vm` parses as an unmatched pattern. Quoting the ref sidesteps it.