| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously every new login retargeted ~/.ssh/agent.sock to its own
per-connection forwarded socket. That broke a multi-connection setup
when the most-recent connection (which 'won' the symlink) dropped:
all surviving connections' panes would point at a dead socket until a
fresh login from a surviving connection re-ran zprofile.
zprofile: only retarget when the existing symlink target is dead
(sshd unlinks the per-connection socket on disconnect, so [[ -S ]] on
the resolved path is a reliable liveness probe). First connection
seeds the symlink, subsequent logins keep using it.
ssh-agent-refresh: scan /tmp/ssh-*/agent.* for any live forwarded
socket and retarget to the first that responds to ssh-add. Lets the
surviving connection recover without waiting for a new login shell.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Switching to nix's zsh on the Arch host left two functional gaps the
Arch zsh package used to fill:
1. /usr/share/zsh/site-functions in fpath: pacman, paru, systemctl,
journalctl, flatpak, docker, kubectl, makepkg etc. drop their
completions there. nix zsh's compiled-in fpath doesn't include
/usr/share so we lose all of them silently. Added that path (and
vendor-completions for the VM's apt-installed completions) to the
existing fpath loop, guarded by [[ -d ]].
2. HELPDIR for the run-help / help-alias machinery: needed so 'help cd'
etc. find the per-builtin help docs. Pick the first existing version
dir, preferring nix-profile so it matches the running zsh version.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
tuicr's upstream flake uses the legacy 'defaultPackage.<system>' output
schema, not 'packages.<system>.default' — fixes the home-manager switch
error 'attribute packages missing' at nix/flake.nix:28.
zsh: removing the system zsh package took /etc/zsh/zprofile with it,
which used to 'source /etc/profile' and pull in /etc/profile.d/*.sh
(flatpak.sh, nix.sh, etc.). Reconstruct XDG_DATA_DIRS in dot_zprofile
defensively, including per-user + system flatpak exports + nix-profile
share, so 'flatpak update' stops warning and desktop entries from
flatpak/nix-installed apps work in launchers (fuzzel).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Forwarded SSH_AUTH_SOCK lives at /tmp/ssh-XXX/agent.NNN — a
per-connection path that disappears on disconnect, leaving every
long-running zellij pane (and its children: claude-code, nvim, …)
pointing at a dead socket. Reattaching after reconnect doesn't help:
the env was captured when zellij first started.
Fix: maintain ~/.ssh/agent.sock as a symlink, re-aimed at the live
forwarded socket on every login (zprofile). Export the stable path so
processes inherit a value that survives reconnects — git fetch /
commit signing keep working in re-attached zellij panes with zero
per-pane re-export.
Adds 'ssh-agent-refresh' helper for transitional panes still holding
the dead per-connection path: re-exports SSH_AUTH_SOCK to the stable
symlink and validates with ssh-add -l. Already-running children
(claude-code) must still be restarted since env is inherited, not
observed.
|
| |
|
|
|
|
|
|
|
|
|
| |
Promote pacopt from a plain alias to a function. In addition to listing
packages that remain installed solely as someone's optional dependency,
each package is now annotated with its parent(s) and the upstream
reason text from the parent's Optional Deps field.
Implementation is pacman-only (no expac): one awk pass over 'pacman -Qi'
builds a reverse index of every (parent, optdep, reason) edge in the
local DB, then per leaf package the index is filtered for matching deps.
|
| |
|
|
|
|
| |
Unused; the pass entry doesn't exist on most machines, so login emitted
'Error: copilot/firecrawl-api-key is not in the password store' on every
shell start. Easier to drop than to gate.
|
| |
|
|
|
|
| |
host.nix reads HOME/USER via builtins.getEnv, which returns "" under
pure-eval (nix run's default). just-nix-switch already passes --impure;
match it here.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The standalone 'home-manager' command defaults to the legacy
~/.config/home-manager/home.nix and errors out for flake users. The
wrapper auto-selects the host/vm profile by /etc/os-release ID and
points at whichever dotfiles checkout exists on the machine.
Usage:
hm news
hm switch
hm generations
|
| |
|
|
|
| |
- zsh: remove ~/.local/share/nvim/mason/bin from PATH
- justfile: update comments to reflect Mason removal
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LSPs, formatters, linters, and the lldb-dap debugger now come from
~/.nix-profile/bin (see nix/common.nix). lspconfig keeps the default
configs; we just opt-in via vim.lsp.enable() with an explicit list.
Changes:
- dot_config/nvim/lua/plugins/lsp.lua: drop mason*, replace
mason-lspconfig handler with explicit vim.lsp.enable({...}); drop
groovy/jenkins formatters and lint entries; drop systemd lint
(nginx + groovy + systemdlint tools dropped per plan).
- dot_config/nvim/lua/plugins/debug.lua: drop mason-nvim-dap; drop
codelldb adapter; switch dap.configurations.cpp to type='lldb'
(lldb-dap is the upstream successor, ships with pkgs.lldb).
- dot_config/nvim/init.lua: remove mason.nvim, mason-lspconfig.nvim,
mason-tool-installer.nvim, mason-nvim-dap.nvim from vim.pack.add.
- dot_config/nvim/lua/config/update.lua: remove MasonToolsUpdateSync.
- dot_config/zsh/dot_zshrc: flip plugin source order — prefer
~/.nix-profile/share, fall back to /usr/share/zsh (was the other
way around).
- nix/bootstrap.sh: drop the uv-python3.11 step (no longer needed
once Mason no longer source-builds Python LSPs on Ubuntu 20.04).
Phase 6 of the nix-on-host migration plan.
|
| |
|
|
|
|
|
|
|
| |
So Home-Manager-provisioned tools shadow pacman/apt across host and VM,
delivering identical tool versions from the same flake.lock. Mason bin
stays for now; phase p6 of the nix migration removes it together with
the Mason plugins.
Phase 3 of the nix-on-host migration plan.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Restructures the Home-Manager profile to support both the Arch host and
the Ubuntu remote-dev VM from the same flake.
- remote-dev/ → nix/ (hard rename; .chezmoiignore updated)
- home.nix split into common.nix (shared), vm.nix (Mason runtime
carve-outs + podman stack), host.nix (gpg scdaemon delegation to
system pcscd)
- flake.nix exposes homeConfigurations.{vm,host} via a mkProfile
helper
- rj alias in dot_zshrc updated to ~/.local/share/dotfiles/nix
- bootstrap.sh / justfile updated to use #vm against the new path
The split is behaviour-preserving for the VM: vm.nix + common.nix
together carry the same package set as the previous home.nix.
host.nix is provisioned but not yet wired into bootstrap (phase p8).
Phase 1 of the nix-on-host migration plan.
|
| |
|
|
|
|
|
| |
dj invokes ~/dotfiles/justfile and rj invokes
~/.local/share/dotfiles/remote-dev/justfile, both pinned to the
justfile's directory via --working-directory so the aliases behave
identically from any CWD.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`zellij action rename-tab` always targets the focused tab — there is
no CLI way to bind the rename to the calling pane. On session
resurrect zellij re-spawns every shell almost simultaneously while one
tab is focused, so every precmd hook fires and they all race to
rename that single focused tab; the last writer wins and the rest of
the tabs are stuck at `Tab #N`. This is the "all tabs got the same
label" bug from earlier.
Guard the rename hooks behind a focused-pane check using
`zellij action list-clients` (matches the `terminal_<ZELLIJ_PANE_ID>`
column). Background panes silently skip the rename and update lazily
the next time the user focuses them and a prompt fires. After
resurrect that means untouched tabs say `Tab #N` until you visit
them — but no tab gets a wrong label anymore.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Zellij's default 'Tab #N' name is fixed at tab creation (the N is the
immutable creation index, not the live position) and never auto-updates
when tabs are closed or moved, so the default is actively misleading
after any tab reorg. Tmux's `renumber-windows on` has no zellij
equivalent and no plugin solves this cleanly.
Restore shell-side renaming but drop the position prefix `N:` — visual
order in the tab bar implies position. After a session resurrect or
closing a middle tab, untouched tabs still show their previous
dir:cmd label until the next prompt fires there, but at least there is
no misleading number to second-guess.
|
| |
|
|
|
|
|
|
|
|
| |
zprofile unconditionally pointed SSH_AUTH_SOCK at the local
gpg-agent's ssh socket. On remote machines (e.g. remote-dev VM)
that clobbers ssh-agent forwarding — `ssh-add -L` reports no
identities because the VM's gpg-agent has no keys.
Only override when there's no forwarded socket (no $SSH_CONNECTION
or no $SSH_AUTH_SOCK from sshd).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previous guard checked `$+commands[Y]` (binary present in PATH), but the
`compdef: unknown command or service: Y` message comes from compdef when
the *completion function* `_Y` isn't registered — on the remote-dev VM
`systemctl`, `just`, `lsd` are all on PATH yet zsh has no `_systemctl`
because Ubuntu's system zsh doesn't include nix-profile's
share/zsh/site-functions in fpath.
Two-part fix:
1. Prepend $HOME/.nix-profile/share/zsh/{site-functions,vendor-completions}
to fpath (when they exist) before compinit, so the completions get
loaded on the VM the same way they do on Arch.
2. Switch the compdef guard to `$+_comps[Y]` — the assoc-array compinit
actually populates with every command that has a registered completion
handler. Still belt-and-suspenders in case something ships a binary
without a matching completion file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
On minimal hosts (remote-dev VM, fresh container) several of the
`compdef alias=target` lines fail at login with messages like:
compdef: unknown command or service: just
compdef: unknown command or service: systemctl
compdef: unknown command or service: lsd
— because zsh has no `_just`/`_systemctl`/`_lsd` completion function
loaded when the binary isn't on the system. Wrap each call in a small
helper that checks $commands[<target>] first so absent tools just
silently skip their alias completion instead of spamming the prompt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The hand-rolled `N:dir:cmd` tab labels could never stay in sync:
- After session resurrection, tab names are restored from disk but no
shell-visible event fires, so labels stayed stale until the user hit
Enter to trigger precmd.
- After closing a middle tab, zellij renumbers surviving tabs but again
emits no per-pane event, so the `N:` prefix on every tab to the right
silently became wrong.
- Once a tab has a custom name, zellij's tab-bar plugin uses it verbatim
— there's no way to keep the default `Tab #N` numbering while also
injecting dir/cmd info. The only plugin that addresses this (vmaerten/
zellij-tab-rename) requires zellij built from main.
Dropping the hooks restores zellij's built-in `Tab #N`, which is the
single label that stays correct across resurrect and renumber. The zsh
prompt already shows CWD inside the pane.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSH-format signing
home.nix:
- Add zoxide (fixes 'command not found' on shell start), clang-tools
(no compiler driver), nodejs (Mason npm LSPs), uv (Mason python LSPs;
does not install python3 in PATH, so Ubuntu's /usr/bin/python3 stays
the system default), claude-code, github-copilot-cli.
- Refine the leaf-tools policy comment: explicit denylist of build-
toolchain binaries that would shadow Ubuntu's via PATH, plus a
carve-out for editor/AI runtimes (node, uv, clang-tools).
- Symlink ~/.config/git/{config,attributes,ignore} and ~/.ssh/config
from the dotfiles tree.
dot_config/zsh/dot_zshrc: guard direnv/zoxide/fzf inits with
'command -v X >/dev/null &&' so a fresh machine without one of them
no longer prints a stderr error on every shell start.
dot_config/git/config: append unconditional '[include] path =
~/.config/git/config.local' for machine-local overrides (used on the
remote-dev VM to switch to SSH-format signing via the forwarded
agent). Git silently skips missing include files.
remote-dev/README.md: document the update flow (config-only vs HM
rebuild), the single-shell leaf-tools policy, and the one-time VM
setup for SSH-format commit signing (allowed_signers + config.local,
ForwardAgent yes on the host).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New remote-dev/ subdir with a Home-Manager flake that provisions a
headless dev environment on a remote Ubuntu 22.04 VM accessed via SSH.
Shares nvim, zellij, zsh, direnv, and ghostty configs from the same
dotfiles repo via mkOutOfStoreSymlink (no rebuilds on config edits).
CLI tool set mirrors the dev-tool subset of meta/base.txt; sysadmin
tools (procs, gdu, duf), lazygit, and node/yarn (only needed for
markdown-preview on GUI hosts) are excluded.
bootstrap.sh is one-shot: installs Nix via Determinate Systems
installer, clones the repo to ~/.local/share/dotfiles, runs
home-manager switch, and chshes to the nix-store zsh.
dot_config/zsh/dot_zshrc loses its hardcoded Arch plugin/git-prompt
paths in favour of a fallback search: Arch path first, then
$HOME/.nix-profile/share/. Same file works on host and VM.
.chezmoiignore: exclude remote-dev/ from chezmoi deploy on the host.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
`zstyle ':completion:*' rehash true` makes zle re-scan $PATH directories
on every TAB instead of caching the hash table at shell startup. Cost is
trivial (one stat() per PATH entry per completion), benefit is that newly
installed binaries — from paru, cargo install, pip install --user, npm
install -g, manual /usr/local/bin drops, anything — show up immediately
without an explicit `hash -r` or new shell.
The pacman-hook alternative at https://wiki.archlinux.org/title/Zsh#Persistent_rehash
only catches paru/pacman installs, missing cargo/pip/manual; rehash=true
catches them all for the same negligible cost.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
doas's one-shot password and absent 'sudo -v' kept wasting hour-long
paru AUR builds. sudo-rs is a memory-safe Rust rewrite (ISRG/Ferrous
Systems), drop-in CLI compatible, and the same one Ubuntu 25.10 ships
as default. We follow the Arch wiki 'Using sudo-rs without the sudo
package' recipe verbatim — no custom shims.
- meta/base.txt: -doas-sudo-shim +sudo-rs
- etc/sudoers-rs (mode 0440): wiki minimal config + NOPASSWD reboot/poweroff
- etc/pam.d/sudo: 4-line copy of upstream sudo's PAM file
- run_onchange_after_deploy-etc.sh.tmpl: use real sudo, deploy sudoers-rs
at 0440, create /etc/pam.d/sudo-i and /usr/local/bin/{sudo,sudoedit,
su,visudo} → sudo-rs symlinks idempotently
- delete etc/doas.conf, dot_local/bin/{doasedit,sudo}
- zshrc: drop sudo=doas/sudoedit=doasedit aliases; rewrite ss/gimme/
pacdiff/ssys to call sudo
- justfile: s/doas/sudo/g (status/diff/restore helpers)
- nvim: rename :DoasWrite → :SudoWrite (uses sudo -S)
- sway config: reboot/poweroff buttons call sudo
- bootstrap.sh: update step-5 comment
- README/KEYBINDS/copilot-instructions: flip the privesc convention
No Defaults overrides: sudo's defaults (passwd_tries=3,
timestamp_timeout=5) already fix the doas pain, and paru SudoLoop
(kept) refreshes the 5-min window via real sudo -v.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Install Nix (multi-user daemon) on Arch and wire up direnv so any project
can declare its toolchain in a flake.nix and get a hermetic dev shell on
cd. No NixOS, no home-manager, no migration off paru/chezmoi — just one
new package manager scoped to project dev shells.
- meta/nix.txt: nix from extra repo
- meta/dev.txt: direnv (general-purpose, not nix-specific)
- systemd-units/system/nix.txt: nix-daemon.socket (socket-activated)
- etc/nix/nix.conf: enable flakes + nix-command, trusted-users=@wheel,
auto-optimise-store, keep-outputs/derivations so direnv envs survive GC
- dot_config/direnv/direnvrc: load nix-direnv 3.1.1 via source_url with
pinned sha256 (not packaged for Arch; refusing -git AUR)
- dot_config/nix/templates/{flake.nix,dev/}: flake template usable via
'nix flake init -t ~/.config/nix/templates'
- dot_config/zsh/dot_zshrc: 'eval "$(direnv hook zsh)"'
|
| |
|
|
|
| |
Double-quoting a zsh array slice joins elements with spaces; use the
(F) parameter expansion flag to join with newlines instead.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Zellij has no native "copy last command output" feature, and ghostty's
jump_to_prompt (Ctrl+Shift+J/K, via OSC 133) can't work inside zellij
because zellij sits between the shell and the terminal emulator.
Build it ourselves: a zle widget runs 'zellij action dump-screen --full',
finds the last two lines matching the prompt prefix (user@host:), and
pipes everything between them to wl-copy. Bound to Alt+Shift+Y.
Requires running inside zellij and at least two prompts in the scrollback.
|
| |
|
|
|
| |
wlc pipes stdin to stdout (visible) AND to wl-copy (clipboard).
Usage: `somecmd | wlc`
|
| |
|
|
|
|
|
| |
Re-exports WAYLAND_DISPLAY, SWAYSOCK, DBUS, SSH_AUTH_SOCK etc. from the
currently running sway process, so a zellij pane whose server was
started in a different session (SSH-attached, logout/login, etc.)
regains working GUI/clipboard/systemctl --user.
|
| |
|
|
|
|
|
|
|
|
|
| |
- zprofile: set QT_QPA_PLATFORM="wayland;xcb" (xcb fallback for bundled
Qt), SDL_VIDEODRIVER="wayland,x11" (SDL2 defaults to X11). Drop
MOZ_ENABLE_WAYLAND (Firefox 121+ default).
- meta/wayland: add qt5-wayland and qt6-wayland so QT_QPA_PLATFORM=wayland
actually resolves.
- electron-flags.conf: global --ozone-platform=wayland, Wayland window
decorations, GTK4. Applies to all apps using the Arch electron wrapper.
Bundled-electron apps (slack-desktop, etc.) unaffected.
|
| |
|
|
|
|
|
|
| |
Sway sets DISPLAY in its own environment at compositor startup when
xwayland support is enabled and the Xwayland binary is available, so
all children (terminals, scripts) inherit it automatically. The
zprofile override was only needed as a workaround while xorg-xwayland
was missing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sway's XWayland is lazy — DISPLAY isn't set in sway's env until the
first X client connects, which means systemctl/dbus import-environment
runs too early and nothing downstream sees DISPLAY.
Setting DISPLAY=:0 in zprofile before 'exec sway' ensures sway itself
inherits it, and therefore so do all its child processes (terminals,
scripts, systemd user services via import-environment). XWayland will
spawn on demand when a client actually connects to :0.
Also drop the redundant fallback from rqr now that the session-wide
export covers it.
|
| |
|
|
|
|
|
|
|
|
| |
Inline directives for cases where the linter's shell/language dialect
doesn't match reality:
- init.lua: _G.P helper is intentional
- dot_zprofile: zsh tied arrays, $+commands, optional sourcing
- dot_zshrc: zsh brace-group-as-function-body
- ipython_config: 'c' is injected by IPython at load time
- doasedit: /bin/sh on Arch is bash, -O test is supported
|
| |
|
|
|
|
|
|
|
| |
- mold moves cpp→dev (broader home; used by both Rust and C++ builds)
- choose/curlie/dog restored to base (actively used)
- restore 'alias curl=curlie' to match
linux-headers stays only in nvidia.txt (pulled by nvidia-dkms; no
other DKMS packages in the set).
|
| | |
|
| | |
|
|
|
Rename home/ contents to chezmoi naming conventions:
- dot_ prefix for dotfiles and dot-dirs
- private_dot_ for .gnupg and .ssh directories
- private_ for 0600 files (nym.pub)
- executable_ for scripts in .local/bin and display-toggle.sh
- symlink_ for mimeapps.list symlink
|
sommerfeld