dotfiles/remote-dev/home.nix, branch masterMy linux config and rc fileshttps://git.sommerfeld.dev/dotfiles/atom/remote-dev/home.nix?h=master2026-05-20T12:56:09Zrefactor(nix): promote remote-dev/ to nix/ with common/vm/host split2026-05-20T12:56:09Zsommerfeldsommerfeld@sommerfeld.dev2026-05-20T12:56:09Zurn:sha1:de5146c7976e1fb38e8d1f82c30544462d881100
Restructures the Home-Manager profile to support both the Arch host and
the Ubuntu remote-dev VM from the same flake.
- remote-dev/ → nix/ (hard rename; .chezmoiignore updated)
- home.nix split into common.nix (shared), vm.nix (Mason runtime
carve-outs + podman stack), host.nix (gpg scdaemon delegation to
system pcscd)
- flake.nix exposes homeConfigurations.{vm,host} via a mkProfile
helper
- rj alias in dot_zshrc updated to ~/.local/share/dotfiles/nix
- bootstrap.sh / justfile updated to use #vm against the new path
The split is behaviour-preserving for the VM: vm.nix + common.nix
together carry the same package set as the previous home.nix.
host.nix is provisioned but not yet wired into bootstrap (phase p8).
Phase 1 of the nix-on-host migration plan.
feat(git): user-level hooks auto-dispatch into <repo>/.githooks/2026-05-19T15:45:17Zsommerfeldsommerfeld@sommerfeld.dev2026-05-19T15:45:17Zurn:sha1:67868f51bbab5bc3ef5c8ba15433ba401a297f1a
Inverts the hook delegation model. Previously per-repo hooks required
a project to either (a) write the entire hook themselves and lose the
global signed-commit / agent-author gate, or (b) override
core.hooksPath and write passthrough stubs that exec back to
$HOME/.config/git/hooks/*. Both are ergonomically miserable.
Now: the global hooks at ~/.config/git/hooks/ are *always* the entry
point. Each one calls a shared dispatcher (_dispatch.sh) that runs
<repo>/.githooks/<hookname> if it exists, propagating its exit status,
and then continues with whatever the global hook itself wants to do.
Projects just drop an executable file at .githooks/<name> — no
core.hooksPath, no stubs, no boilerplate. Repos that don't have a
.githooks/ dir keep working exactly as before.
GIT_HOOK_DISPATCHED guards against re-entry so legacy repos using the
old stub-and-exec pattern don't loop. pre-push tees stdin so both the
repo hook and the global ref-list loop see the full push payload.
Adds two new always-no-op global hooks (pre-commit, post-commit)
purely so the dispatch happens for those events too — previously only
commit-msg and pre-push existed globally.
Refactors this dotfiles repo to use the new pattern: drops the
self-delegating .githooks/pre-push stub and removes the per-repo
core.hooksPath override from `just init` (now an idempotent unsetter
to clean up the override from past bootstraps). The remote-dev VM's
home-manager profile symlinks all four hooks plus _dispatch.sh.
feat(git): commit-msg hook strips AI Co-authored-by trailers2026-05-19T15:45:17Zsommerfeldsommerfeld@sommerfeld.dev2026-05-19T15:45:17Zurn:sha1:1f6dc84f68b4631e77ebc11a452cb0b03eecde57
Various agentic tools (Copilot CLI, VS Code chat, etc.) auto-append
`Co-authored-by: Copilot <...>` / Claude / Codex trailers, which then
trip the pre-push hook's agent-coauthor check and force a manual
amend before the push goes through. Scrub at commit time instead.
Uses the same agent-substring list as executable_pre-push (kept in
sync by comment). Triggered as commit-msg (not pre-commit — pre-commit
runs before the message exists). Drops matching trailers in-place,
collapses trailing blanks, and is a no-op otherwise.
Also symlinks the new hook in the remote-dev home-manager config so
it deploys on the Ubuntu VM.
Bypass: `git commit --no-verify`.
fix(remote-dev): symlink git pre-push hook with stripped chezmoi name2026-05-19T15:45:17Zsommerfeldsommerfeld@sommerfeld.dev2026-05-19T15:45:17Zurn:sha1:3dc375cffbb4a8d09374e66002f5ee50be95ead2
`dot_config/git/hooks/executable_pre-push` only loses the
`executable_` chezmoi attribute prefix during `chezmoi apply`. On
remote-dev we use raw home-manager symlinks, so a directory symlink
gave git a file literally named `executable_pre-push` — which is not
a valid hook name and was silently ignored. Symlink each hook to its
stripped target name (executable bit comes from the working-tree mode,
which git follows through the symlink).
fix(remote-dev): source hm-session-vars from .zshenv2026-05-19T14:24:46Zsommerfeldsommerfeld@sommerfeld.dev2026-05-19T14:24:46Zurn:sha1:e69aaa8c2762b6c801cedecefcf1f301307df292
home.sessionVariables get written to hm-session-vars.sh, which HM only
auto-sources when programs.bash/zsh.enable = true (it injects a snippet
into the rc file) or via ~/.profile (which zsh login shells don't
read). We use a ZDOTDIR redirect and no HM-managed shells, so
PODMAN_IGNORE_CGROUPSV1_WARNING (and any future session var) was never
reaching the shell.
Source it explicitly from the generated ~/.zshenv before redirecting
to ZDOTDIR.
feat(remote-dev): silence podman cgroups-v1 deprecation warning2026-05-19T14:21:19Zsommerfeldsommerfeld@sommerfeld.dev2026-05-19T14:21:19Zurn:sha1:43a6778dc0b386f32290576478d62c60034ad16f
Ubuntu 20.04 still defaults to cgroups v1; podman 5 emits a deprecation
warning on every single invocation. Flipping the host to v2 is a reboot
that affects every workload and only matters if we need rootless
--memory/--cpus, so just silence the warning via the documented
PODMAN_IGNORE_CGROUPSV1_WARNING env var on the home-manager side.
feat(remote-dev): rootless podman setup2026-05-19T14:16:05Zsommerfeldsommerfeld@sommerfeld.dev2026-05-19T14:16:05Zurn:sha1:d25a79ea717d29ceb8ecc1c97c0bc4ec8cbaf4d3
Adds podman + helpers (crun, conmon, netavark, aardvark-dns,
slirp4netns, passt) to the home-manager profile, plus rootless-sane
registries.conf, storage.conf (overlay driver, kernel-native — VM
kernel 5.15 supports rootless overlay since 5.13, no fuse-overlayfs
needed), and policy.json.
Documents host-side prerequisites in remote-dev/README.md: install
uidmap, ensure subuid/subgid entries for the user, and enable cgroups
v2 (systemd.unified_cgroup_hierarchy=1) so rootless resource limits
work on Ubuntu 20.04.
feat(remote-dev): add mergiraf2026-05-14T14:32:46Zsommerfeldsommerfeld@sommerfeld.dev2026-05-14T14:32:46Zurn:sha1:3c3393fd755583a4b7cb3b287df384b06bf0e4d6
git config defines a mergiraf merge driver; install it on the VM so
.gitattributes references actually resolve.
fix(remote-dev): materialize ~/.ssh/config with 0600 perms2026-05-14T12:06:20Zsommerfeldsommerfeld@sommerfeld.dev2026-05-14T12:06:20Zurn:sha1:7c50aea6d6991ff085dcfd11e4b42a49d2a63d00
mkOutOfStoreSymlink exposes the working-tree file's perms. Under
Ubuntu's default umask 002, git checks out private_dot_ssh/config
as 0664; OpenSSH refuses any group-writable ssh_config.
Replace the home.file symlink with a home-manager activation step
that copies the file to a real ~/.ssh/config with 0600.
fix(remote-dev): install basedpyright outside Mason2026-05-14T11:29:15Zsommerfeldsommerfeld@sommerfeld.dev2026-05-14T11:29:15Zurn:sha1:8e5f5efc70680128545d26864263e5628fc74276
Mason's pypi distribution of basedpyright pulls nodejs-wheel-binaries
which only ships manylinux_2_28 Linux wheels. uv's python-build-
standalone interpreter is tagged manylinux2014 (glibc 2.17 for max
portability) and rejects those wheels; pip then falls back to building
Node 24 from source, which fails on Ubuntu 20.04's gcc 9.4 (needs
gcc >=10 for -std=gnu++20).
Provide basedpyright via the system package manager instead:
- pacman on Arch (added to meta/base.txt)
- pkgs.basedpyright on the VM (added to remote-dev/home.nix)
Drop it from mason-tool-installer's ensure_installed; lspconfig picks
it up from PATH. Document the exception in remote-dev/README.md.