| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
host.nix reads HOME/USER via builtins.getEnv, which returns "" under
pure-eval (nix run's default). just-nix-switch already passes --impure;
match it here.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The standalone 'home-manager' command defaults to the legacy
~/.config/home-manager/home.nix and errors out for flake users. The
wrapper auto-selects the host/vm profile by /etc/os-release ID and
points at whichever dotfiles checkout exists on the machine.
Usage:
hm news
hm switch
hm generations
|
| | |
|
| |
|
|
|
|
| |
Refreshes flake.lock (nixpkgs + home-manager) and re-activates the
profile. Plugged into the existing 'just update' aggregate so a weekly
'just update' bumps pacman/AUR + flatpak + nix in one go.
|
| |
|
|
|
|
|
| |
Upstream rewrote the derivation in 1.0.43+ to fetch a prebuilt binary
from the copilot-cli releases (autoPatchelf + makeBinaryWrapper) instead
of buildNpmPackage, sidestepping the /var/empty/.cache EACCES that
blocked 1.0.40.
|
| |
|
|
|
| |
- zsh: remove ~/.local/share/nvim/mason/bin from PATH
- justfile: update comments to reflect Mason removal
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Per user decision: on the Arch host, chezmoi remains the single deployer
of $HOME dotfiles. nix/common.nix's xdg.configFile + sshConfig
activation + .zshenv home.file block was causing home-manager to fight
chezmoi on every nix-switch, materializing .backup files for nvim,
zellij, zsh, git, ghostty, direnv.
Resolution:
- nix/common.nix: drop the entire deployment block, drop the
my.dotfilesPath option, drop the let..in dotfiles/link helpers.
Module is now deployment-agnostic: only installs packages.
- nix/host.nix: drop my.dotfilesPath; explicit comment that chezmoi
owns dotfile deployment on the host.
- nix/vm.nix: gains everything previously in common.nix's deployment
block — xdg.configFile (nvim/zellij/zsh/git/ghostty/direnv),
home.activation.sshConfig, home.file.".zshenv". The 'dotfiles'
let-binding (= $HOME/.local/share/dotfiles) and 'link' helper move
here too, since they're vm-only now.
Host runbook unchanged (`just sync`); first run after pulling will
just be a no-op nix-switch instead of a backup-file storm.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- common.nix hardcoded the runtime dotfiles checkout to
~/.local/share/dotfiles, which is correct for the remote-dev VM but
not the Arch host (where the canonical clone lives at ~/dotfiles).
ssh activation was failing with 'cannot stat
/home/sommerfeld/.local/share/dotfiles/private_dot_ssh/config' on
every host nix-switch.
Promote the path to a typed option (config.my.dotfilesPath) and set
it from each profile:
nix/host.nix -> $HOME/dotfiles
nix/vm.nix -> $HOME/.local/share/dotfiles
common.nix now wraps its config in 'config = { ... }' so the
options can sit alongside.
- dockerfile-language-server-nodejs was renamed in nixpkgs to
dockerfile-language-server; pick up the new name to silence the
evaluation warning (the rename will eventually become a hard error).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
github-copilot-cli (broken)
nodePackages was removed wholesale from nixpkgs; everything that lived
under it must be referenced via its top-level name or dropped.
- prettier: moved nodePackages.prettier -> prettier (top-level alias).
- jsonlint: not available at top level. Dropped from nix/common.nix
AND from the nvim-lint and conform-nvim configs in
dot_config/nvim/lua/plugins/lsp.lua. jsonls already provides
schema-aware diagnostics; jq still handles formatting. The
jsonlint redundancy is acceptable to lose.
- github-copilot-cli (1.0.40 in nixpkgs): buildNpmPackage derivation
doesn't redirect HOME during npm postinstall, so it fails with
EACCES on /var/empty/.cache on Determinate nix. Removed; install
manually from https://github.com/github/copilot-cli into
/usr/local/bin/ as before (current host already has it there).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
in nix-switch
- gh-actions-language-server is an npm package (lttb/gh-actions-language-server)
not packaged in nixpkgs. Removed from nix/common.nix and from the
vim.lsp.enable list in dot_config/nvim/lua/plugins/lsp.lua. Restore
later via a per-project flake.nix if working on a workflows-heavy repo.
- just runs recipes with a sanitized env where $USER may be unset;
home-manager's activation script dereferences it unconditionally
and fails with 'USER: unbound variable'. Export USER (and HOME for
symmetry) at the top of the nix-switch recipe.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Migrated to Home-Manager (nix/common.nix):
cmake, ninja, ccache, sccache (build orchestrators — they only
delegate to whatever compiler is on PATH, don't ship one
themselves, so no ABI shadowing risk)
valgrind (instruments at syscall/library boundary; works fine with
pacman-built target binaries)
doxygen (source-only documentation tool; was accidentally dropped
in the previous sweep — restored here)
Dropped entirely (per-project flake.nix + direnv .envrc instead):
clang, lld, mold, rustup, npm
Rationale: these are language/toolchain-specific compilers and
linkers; when a project needs them, the project's own flake provides
the version it wants, pinned in flake.lock. base-devel still ships
gcc/ld/as/make for general-purpose system builds and one-offs.
npm is also dropped from pacman; nodejs_24 in nix/common.nix already
ships npm for the editor/AI-agent path. Project-side npm comes via
per-project flake when needed.
Updated nix/common.nix policy comment to match: only ban the actual
compilers/linkers (cc/gcc/clang/ld) and forbidden runtimes (cargo,
rustc, go, python3) — build orchestrators and instrumentation tools
are explicitly allowed.
The --- dev --- section in base.txt is now just perf and podman-*
(kernel-coupled / system-runtime-coupled).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Migrated to Home-Manager (nix/common.nix):
duf, gdu, nmap, procs, yazi, difftastic, direnv (was duplicated),
git-absorb, samply, strace, t-rec, act, pandoc, gdb, lldb
lldb stays nix-only (no longer in base.txt) — per user policy, only
ever used to debug own builds, so glibc/kernel ABI skew vs the
pacman-built system isn't a concern. Same logic could extend to
valgrind, but valgrind has tighter glibc compat needs; perf links
against kernel ABI and must match the running kernel. Both stay
pacman.
uv was already in nix; removed pacman duplicate.
Kept on pacman (cannot migrate without breaking system builds, per
nix/common.nix policy that bans compilers/linkers/build systems on
PATH):
ccache, clang, cmake, lld, mold, ninja, npm, rustup, sccache,
podman-compose, podman-docker (system runtime integration),
perf, valgrind (kernel/glibc-coupled), unzip (transitive via base),
doxygen (huge nixpkgs closure not worth it).
Dropped entirely (unused):
android-tools, go, gpg-tui, luarocks (was for Mason-managed nvim
plugin deps; Mason is gone), bash-completion (zsh-only setup),
pandoc-bin (replaced by nix pandoc).
jdk21-openjdk kept — still needed for the groovy/jenkins toolchain
paths in nvim.
Rewrote the --- dev --- section comment to explain the policy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pacman's 'nix' package is already in meta/base.txt and provides the
same multi-user daemon setup (nix-daemon.socket already enabled via
systemd-units/system.txt; flakes already enabled via /etc/nix/nix.conf
from etc/). The curl-piped Determinate installer was adding nothing
on top — and on a host where pacman already installed nix, it would
create two competing nix binaries.
Changes:
- Add 'nix' to PREREQS so pacman installs it alongside the other
prerequisites, before 'just init' runs.
- Drop the curl install block.
- Source /etc/profile.d/nix.sh (or nix-daemon.sh) before 'just init'
so the nix-switch step inside 'just init' finds the binary in PATH.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cleanup pass following p7 review:
- pass-otp: wired via pass.withExtensions in nix/common.nix
(`pass otp ...` works against the same store).
- zsh-completions: added as a separate package next to zsh + plugins
(fpath picks it up via HM's nix-profile share/).
- wget: already in nix/common.nix; removed pacman duplicate.
- gnupg: already in nix/common.nix; removed pacman entry.
pcscd still comes from pacman pcsclite (system
service needs root + hardware access), nix gnupg's
scdaemon dials it via /run/pcscd/pcscd.comm.
- curl: removed; pulled transitively by base, base-devel,
paru and many others.
Kept on pacman:
- pcsclite, ccid : pcscd is a system daemon; libs needed by HM scdaemon
- man-db, man-pages : distro-specific
- base, base-devel : meta-packages
- pass-secret-service-bin : AUR-only
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Append two steps to the root bootstrap.sh:
5a. install nix via the Determinate Systems multi-user installer
(same as remote-dev/nix; gives us a proper nix-daemon.service).
5b. chsh to ~/.nix-profile/bin/zsh after appending to /etc/shells.
Add a 'just nix-switch' recipe that auto-picks the host vs vm profile
based on /etc/os-release ID, and wire it into 'just init' and
'just sync' so day-to-day reconciliation also re-applies Home-Manager.
The recipe is a no-op when nix isn't installed, so it stays safe for
pre-bootstrap states and for hosts where the user opts out.
Phase 8 of the nix-on-host migration plan.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following are now provisioned by Home-Manager via nix/common.nix
and live under ~/.nix-profile/bin (which is first in PATH per phase
p3):
ripgrep, fd, bat, glow, fzf, lsd, jq, yq (yq-go), zoxide, just, sd,
choose, dog, curlie, hyperfine, htop, fastfetch, tldr, rsync,
mergiraf, git-delta (delta), tree-sitter-cli (tree-sitter), neovim,
zellij, github-cli (gh), pass, openssh, git, zsh,
zsh-syntax-highlighting, zsh-autosuggestions,
zsh-history-substring-search, basedpyright-bin (basedpyright),
rust-analyzer
Kept:
- pass-otp, zsh-completions: no Home-Manager equivalent yet
- pcsclite: still needed by Home-Manager gnupg/scdaemon
(see nix/host.nix scdaemon.conf)
- curl, wget, man-db, man-pages, gnupg: system-fundamental, fine to
keep duplicated. git/openssh/gnupg also come back as transitive
deps of paru/sudo/etc. even if dropped here.
Added hyperfine to nix/common.nix (missed in the p5 batch).
Phase 7 of the nix-on-host migration plan.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LSPs, formatters, linters, and the lldb-dap debugger now come from
~/.nix-profile/bin (see nix/common.nix). lspconfig keeps the default
configs; we just opt-in via vim.lsp.enable() with an explicit list.
Changes:
- dot_config/nvim/lua/plugins/lsp.lua: drop mason*, replace
mason-lspconfig handler with explicit vim.lsp.enable({...}); drop
groovy/jenkins formatters and lint entries; drop systemd lint
(nginx + groovy + systemdlint tools dropped per plan).
- dot_config/nvim/lua/plugins/debug.lua: drop mason-nvim-dap; drop
codelldb adapter; switch dap.configurations.cpp to type='lldb'
(lldb-dap is the upstream successor, ships with pkgs.lldb).
- dot_config/nvim/init.lua: remove mason.nvim, mason-lspconfig.nvim,
mason-tool-installer.nvim, mason-nvim-dap.nvim from vim.pack.add.
- dot_config/nvim/lua/config/update.lua: remove MasonToolsUpdateSync.
- dot_config/zsh/dot_zshrc: flip plugin source order — prefer
~/.nix-profile/share, fall back to /usr/share/zsh (was the other
way around).
- nix/bootstrap.sh: drop the uv-python3.11 step (no longer needed
once Mason no longer source-builds Python LSPs on Ubuntu 20.04).
Phase 6 of the nix-on-host migration plan.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replaces Mason entirely (phase p6 of the nix migration will rip out
mason-tool-installer and friends). The set tracks the previous
ensure_installed list in nvim's lsp.lua, with five niche tools dropped
per the migration plan:
- groovy-language-server, npm-groovy-lint
- nginx-language-server, nginx-config-formatter
- systemdlint
systemd-lsp is renamed to systemd-language-server (the nixpkgs attr
name). codelldb is replaced by lldb-dap (upstream successor, ships with
pkgs.lldb); dap configs switch in phase p6.
Drops jre, basedpyright, cargo, rustc from vm.nix — they only existed
to work around Mason quirks on Ubuntu 20.04 (uv-python wheel
incompatibility, source-build needs). With Mason gone, basedpyright
comes from nixpkgs cleanly on both profiles.
Phase 5 of the nix-on-host migration plan.
|
| |
|
|
|
|
|
|
|
| |
So Home-Manager-provisioned tools shadow pacman/apt across host and VM,
delivering identical tool versions from the same flake.lock. Mason bin
stays for now; phase p6 of the nix migration removes it together with
the Mason plugins.
Phase 3 of the nix-on-host migration plan.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Restructures the Home-Manager profile to support both the Arch host and
the Ubuntu remote-dev VM from the same flake.
- remote-dev/ → nix/ (hard rename; .chezmoiignore updated)
- home.nix split into common.nix (shared), vm.nix (Mason runtime
carve-outs + podman stack), host.nix (gpg scdaemon delegation to
system pcscd)
- flake.nix exposes homeConfigurations.{vm,host} via a mkProfile
helper
- rj alias in dot_zshrc updated to ~/.local/share/dotfiles/nix
- bootstrap.sh / justfile updated to use #vm against the new path
The split is behaviour-preserving for the VM: vm.nix + common.nix
together carry the same package set as the previous home.nix.
host.nix is provisioned but not yet wired into bootstrap (phase p8).
Phase 1 of the nix-on-host migration plan.
|
| |
|
|
| |
No longer needed.
|
| |
|
|
|
|
|
|
| |
Gradle 9.1 (and thus Mason's groovy-language-server build) doesn't
support Java 26 bytecode yet — builds fail with 'Unsupported class
file major version 70'. Nothing in the dotfiles uses a feature
beyond JDK 21, and both packages provide the same java-runtime
virtual, so dependents are unaffected.
|
| |
|
|
|
|
|
| |
dj invokes ~/dotfiles/justfile and rj invokes
~/.local/share/dotfiles/remote-dev/justfile, both pinned to the
justfile's directory via --working-directory so the aliases behave
identically from any CWD.
|
| |
|
|
|
|
|
| |
nvim_create_user_command passes the callback a table with command
metadata (args, bang, ...). Newer neovim's vim.pack.update validates
its first arg as a list of names — that metadata table fails the
list check with 'names: expected list, got table'. Wrap it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Switch the dispatcher's per-clone override location from the
bespoke .git/hooks-local/ to the classic .git/hooks/. This is:
- The untracked location git has used since forever, so no new
convention to learn.
- Where husky, lefthook, pre-commit-the-tool, and most other hook
managers install by default — they now "just work" again under our
global core.hooksPath.
git init's *.sample files don't collide because the dispatcher only
matches the exact hook name and the executable bit. The only behavior
change is that a forgotten legacy .git/hooks/pre-commit from before
core.hooksPath was set will start running again — that's arguably
restoring expected git semantics, not a regression.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds an untracked per-clone override layer to the hook dispatcher.
Lookup order is now:
1. <git-dir>/hooks-local/<name> — untracked, per-clone, ignored by git
2. <repo-top>/.githooks/<name> — tracked, shared with teammates
Use case: a shared repo ships a .githooks/pre-commit you want to
locally replace without modifying the tracked file. Drop your hook in
.git/hooks-local/<name> (chmod +x) and the dispatcher will run it
instead — the global commit-msg trailer-strip and pre-push gate still
run on top.
If neither override exists, only the global user-level logic runs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Inverts the hook delegation model. Previously per-repo hooks required
a project to either (a) write the entire hook themselves and lose the
global signed-commit / agent-author gate, or (b) override
core.hooksPath and write passthrough stubs that exec back to
$HOME/.config/git/hooks/*. Both are ergonomically miserable.
Now: the global hooks at ~/.config/git/hooks/ are *always* the entry
point. Each one calls a shared dispatcher (_dispatch.sh) that runs
<repo>/.githooks/<hookname> if it exists, propagating its exit status,
and then continues with whatever the global hook itself wants to do.
Projects just drop an executable file at .githooks/<name> — no
core.hooksPath, no stubs, no boilerplate. Repos that don't have a
.githooks/ dir keep working exactly as before.
GIT_HOOK_DISPATCHED guards against re-entry so legacy repos using the
old stub-and-exec pattern don't loop. pre-push tees stdin so both the
repo hook and the global ref-list loop see the full push payload.
Adds two new always-no-op global hooks (pre-commit, post-commit)
purely so the dispatch happens for those events too — previously only
commit-msg and pre-push existed globally.
Refactors this dotfiles repo to use the new pattern: drops the
self-delegating .githooks/pre-push stub and removes the per-repo
core.hooksPath override from `just init` (now an idempotent unsetter
to clean up the override from past bootstraps). The remote-dev VM's
home-manager profile symlinks all four hooks plus _dispatch.sh.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Various agentic tools (Copilot CLI, VS Code chat, etc.) auto-append
`Co-authored-by: Copilot <...>` / Claude / Codex trailers, which then
trip the pre-push hook's agent-coauthor check and force a manual
amend before the push goes through. Scrub at commit time instead.
Uses the same agent-substring list as executable_pre-push (kept in
sync by comment). Triggered as commit-msg (not pre-commit — pre-commit
runs before the message exists). Drops matching trailers in-place,
collapses trailing blanks, and is a no-op otherwise.
Also symlinks the new hook in the remote-dev home-manager config so
it deploys on the Ubuntu VM.
Bypass: `git commit --no-verify`.
|
| |
|
|
|
|
|
|
|
|
| |
`dot_config/git/hooks/executable_pre-push` only loses the
`executable_` chezmoi attribute prefix during `chezmoi apply`. On
remote-dev we use raw home-manager symlinks, so a directory symlink
gave git a file literally named `executable_pre-push` — which is not
a valid hook name and was silently ignored. Symlink each hook to its
stripped target name (executable bit comes from the working-tree mode,
which git follows through the symlink).
|
| |
|
|
|
|
|
|
|
|
|
|
| |
home.sessionVariables get written to hm-session-vars.sh, which HM only
auto-sources when programs.bash/zsh.enable = true (it injects a snippet
into the rc file) or via ~/.profile (which zsh login shells don't
read). We use a ZDOTDIR redirect and no HM-managed shells, so
PODMAN_IGNORE_CGROUPSV1_WARNING (and any future session var) was never
reaching the shell.
Source it explicitly from the generated ~/.zshenv before redirecting
to ZDOTDIR.
|
| |
|
|
|
|
|
|
| |
Ubuntu 20.04 still defaults to cgroups v1; podman 5 emits a deprecation
warning on every single invocation. Flipping the host to v2 is a reboot
that affects every workload and only matters if we need rootless
--memory/--cpus, so just silence the warning via the documented
PODMAN_IGNORE_CGROUPSV1_WARNING env var on the home-manager side.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`zellij action rename-tab` always targets the focused tab — there is
no CLI way to bind the rename to the calling pane. On session
resurrect zellij re-spawns every shell almost simultaneously while one
tab is focused, so every precmd hook fires and they all race to
rename that single focused tab; the last writer wins and the rest of
the tabs are stuck at `Tab #N`. This is the "all tabs got the same
label" bug from earlier.
Guard the rename hooks behind a focused-pane check using
`zellij action list-clients` (matches the `terminal_<ZELLIJ_PANE_ID>`
column). Background panes silently skip the rename and update lazily
the next time the user focuses them and a prompt fires. After
resurrect that means untouched tabs say `Tab #N` until you visit
them — but no tab gets a wrong label anymore.
|
| |
|
|
|
|
| |
The AUR package is named with a dot, not a dash: `llama.cpp-vulkan`.
The IgnorePkg entry used the wrong spelling, so it never matched and
the package was upgraded on every -Syu.
|
| |
|
|
| |
This reverts commit 1d7feb8d405e135dc6109052948b8b9240cf882a.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pacman.conf's IgnorePkg only stops pkgver upgrades. paru in Devel mode
runs `git ls-remote` against AUR -git sources during sysupgrade and
rebuilds whenever upstream has a newer commit hash — which is exactly
what was triggering the 1-2h llama-cpp-vulkan rebuild on every
`just update`.
IgnoreDevel is paru's purpose-built knob for skipping that devel
recheck (paru.conf(5)). Manual `paru -S llama-cpp-vulkan` still works
when an upgrade is intentional.
(Replaces a botched first attempt that used IgnorePkg, which is not a
valid paru.conf option.)
|
| |
|
|
| |
This reverts commit eb0f9d71ed9527b5de5c82c9acce7c04bbec71e7.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pacman's IgnorePkg only applies to -Sy{u} upgrade operations; explicit
`paru -S <pkg>` bypasses it entirely. `pkg-apply` and `pkg-fix` both
pipe the meta/*.txt package lists into `paru -S --needed`, so every
sync was reinstalling AUR pins (most painfully llama-cpp-vulkan, a
1-2h rebuild on every llama.cpp commit) whenever the AUR had a newer
version, defeating the whole point of pinning.
Parse IgnorePkg out of /etc/pacman.conf and strip those names from the
list before piping to paru. `pkg-add` is intentionally left
unfiltered: explicitly naming a package on the CLI is a deliberate
opt-in that should still work for pinned entries.
`pkg-update` (which is plain `paru -Syu`) already honors IgnorePkg
via pacman itself — no change needed there.
|
| |
|
|
|
|
|
|
|
| |
Both teams-sii.desktop and teams-xsight.desktop already advertise
`MimeType=x-scheme-handler/msteams;` so they were registered as
candidates, but mimeapps.list didn't pick a default and clicking an
msteams:// link did nothing useful. Pin the xsight profile as the
default; the sii profile is still available via `xdg-open` chooser /
direct launch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Zellij's default 'Tab #N' name is fixed at tab creation (the N is the
immutable creation index, not the live position) and never auto-updates
when tabs are closed or moved, so the default is actively misleading
after any tab reorg. Tmux's `renumber-windows on` has no zellij
equivalent and no plugin solves this cleanly.
Restore shell-side renaming but drop the position prefix `N:` — visual
order in the tab bar implies position. After a session resurrect or
closing a middle tab, untouched tabs still show their previous
dir:cmd label until the next prompt fires there, but at least there is
no misleading number to second-guess.
|
| |
|
|
|
|
|
|
|
| |
okular is installed as flatpak (org.kde.okular), not as a native
binary, so the bare `okular` invocation in the opener failed
silently (orphan = true hides the ENOENT). glow is already in
base.txt and renders inline in the terminal — better fit for a TUI
file manager. block = true keeps yazi waiting until the user quits
glow, mirroring `less`-style behaviour.
|
| |
|
|
|
|
| |
Yazi tightened its config schema; `name` is no longer accepted for
glob-based opener rules, only `url` (or `mime`). Without this fix yazi
errors on startup and falls back to preset settings.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
User confirms snx-rs's SAML loopback no longer needs chromium routing.
Remove:
- dot_local/bin/snxctl-chromium (PATH-override wrapper)
- dot_local/share/snx-rs/bin/xdg-open (chromium shim)
- snx-rs LibreWolf SAML note in user-overrides.js
The waybar snx-vpn toggle now just runs `snxctl connect` detached,
no wrapper indirection.
|
| |
|
|
|
|
| |
Affects the whole host and requires a reboot — only worth doing if you
need rootless --memory/--cpus limits. Rootless podman otherwise runs
fine on cgroups v1.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Adds podman + helpers (crun, conmon, netavark, aardvark-dns,
slirp4netns, passt) to the home-manager profile, plus rootless-sane
registries.conf, storage.conf (overlay driver, kernel-native — VM
kernel 5.15 supports rootless overlay since 5.13, no fuse-overlayfs
needed), and policy.json.
Documents host-side prerequisites in remote-dev/README.md: install
uidmap, ensure subuid/subgid entries for the user, and enable cgroups
v2 (systemd.unified_cgroup_hierarchy=1) so rootless resource limits
work on Ubuntu 20.04.
|
| |
|
|
|
| |
git config defines a mergiraf merge driver; install it on the VM so
.gitattributes references actually resolve.
|
| |
|
|
|
|
|
|
|
| |
mkOutOfStoreSymlink exposes the working-tree file's perms. Under
Ubuntu's default umask 002, git checks out private_dot_ssh/config
as 0664; OpenSSH refuses any group-writable ssh_config.
Replace the home.file symlink with a home-manager activation step
that copies the file to a real ~/.ssh/config with 0600.
|
| |
|
|
|
|
|
|
|
|
| |
zprofile unconditionally pointed SSH_AUTH_SOCK at the local
gpg-agent's ssh socket. On remote machines (e.g. remote-dev VM)
that clobbers ssh-agent forwarding — `ssh-add -L` reports no
identities because the VM's gpg-agent has no keys.
Only override when there's no forwarded socket (no $SSH_CONNECTION
or no $SSH_AUTH_SOCK from sshd).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mason's pypi distribution of basedpyright pulls nodejs-wheel-binaries
which only ships manylinux_2_28 Linux wheels. uv's python-build-
standalone interpreter is tagged manylinux2014 (glibc 2.17 for max
portability) and rejects those wheels; pip then falls back to building
Node 24 from source, which fails on Ubuntu 20.04's gcc 9.4 (needs
gcc >=10 for -std=gnu++20).
Provide basedpyright via the system package manager instead:
- pacman on Arch (added to meta/base.txt)
- pkgs.basedpyright on the VM (added to remote-dev/home.nix)
Drop it from mason-tool-installer's ensure_installed; lspconfig picks
it up from PATH. Document the exception in remote-dev/README.md.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The deadsnakes PPA may not be reachable on every VM (corporate apt
proxy, Ubuntu derivatives that add-apt-repository misdetects, etc.).
`uv python install 3.11` works on any distro: it fetches a portable
python-build-standalone CPython into ~/.local/share/uv/python/, which
is manylinux-wheel-compatible.
Symlink the resulting binary to ~/.local/bin/python3.11 (already on
PATH from zprofile). Move the step to after `home-manager switch`
since uv comes from the nix profile.
|
sommerfeld