| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Adds podman + helpers (crun, conmon, netavark, aardvark-dns,
slirp4netns, passt) to the home-manager profile, plus rootless-sane
registries.conf, storage.conf (overlay driver, kernel-native — VM
kernel 5.15 supports rootless overlay since 5.13, no fuse-overlayfs
needed), and policy.json.
Documents host-side prerequisites in remote-dev/README.md: install
uidmap, ensure subuid/subgid entries for the user, and enable cgroups
v2 (systemd.unified_cgroup_hierarchy=1) so rootless resource limits
work on Ubuntu 20.04.
|
| |
|
|
|
| |
git config defines a mergiraf merge driver; install it on the VM so
.gitattributes references actually resolve.
|
| |
|
|
|
|
|
|
|
| |
mkOutOfStoreSymlink exposes the working-tree file's perms. Under
Ubuntu's default umask 002, git checks out private_dot_ssh/config
as 0664; OpenSSH refuses any group-writable ssh_config.
Replace the home.file symlink with a home-manager activation step
that copies the file to a real ~/.ssh/config with 0600.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mason's pypi distribution of basedpyright pulls nodejs-wheel-binaries
which only ships manylinux_2_28 Linux wheels. uv's python-build-
standalone interpreter is tagged manylinux2014 (glibc 2.17 for max
portability) and rejects those wheels; pip then falls back to building
Node 24 from source, which fails on Ubuntu 20.04's gcc 9.4 (needs
gcc >=10 for -std=gnu++20).
Provide basedpyright via the system package manager instead:
- pacman on Arch (added to meta/base.txt)
- pkgs.basedpyright on the VM (added to remote-dev/home.nix)
Drop it from mason-tool-installer's ensure_installed; lspconfig picks
it up from PATH. Document the exception in remote-dev/README.md.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The deadsnakes PPA may not be reachable on every VM (corporate apt
proxy, Ubuntu derivatives that add-apt-repository misdetects, etc.).
`uv python install 3.11` works on any distro: it fetches a portable
python-build-standalone CPython into ~/.local/share/uv/python/, which
is manylinux-wheel-compatible.
Symlink the resulting binary to ~/.local/bin/python3.11 (already on
PATH from zprofile). Move the step to after `home-manager switch`
since uv comes from the nix profile.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Nix's python rejects manylinux wheels by design (its libc is patched),
which forced pip in Mason's per-pkg venvs to compile nodejs-wheel-binaries
(pulled in by basedpyright) from source. That source build then failed on
Ubuntu 20.04's gcc 9.4 — Node 24 requires C++20 (g++ >= 12.2.0).
Replace the nix python311-versioned-only derivation with an Ubuntu-native
python3.11 from the deadsnakes PPA. It satisfies Mason's >=3.10 version
requirement, accepts manylinux wheels, and the versioned binary name
leaves /usr/bin/python3 untouched (leaf-tools policy preserved).
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
User policy: Mason should install everything it lists regardless of
host-provided versions. Revert the PATH-filtering wrapper around
ensure_installed (b2f129e) — back to a plain table literal.
For shellharden specifically, Mason's only install source is
`cargo install`. The Arch host has cargo via base-devel/rustup; the
VM previously didn't, so Mason errored "ENOENT cargo". Add `cargo`
and `rustc` to the remote-dev nix profile so Mason can build it on
the VM too. Drop the shellharden package from home.nix — Mason owns
it now, no more provider competition with the nix-profile binary.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ubuntu 20.04's stock python3 is 3.8.10, which fails Mason's pep440
checks for autotools-language-server, codespell, mdformat,
nginx-language-server, systemdlint, yamllint (all want >=3.9 or
>=3.10).
Mason's pypi installer (verified against upstream
lua/mason-core/installer/managers/pypi.lua) probes python3.6 through
python3.14 in PATH in addition to plain python3, so providing
python3.11 alone (without python3) is enough.
Add a thin runCommand derivation that symlinks ONLY
pkgs.python311/bin/python3.11 into the profile — not python3 or
python — so we don't shadow Ubuntu's /usr/bin/python3 and keep the
leaf-tools policy intact.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
JRE/shellharden/python3-venv
copilot.lua was hard-coding the chezmoi-pinned Node 24 at
~/.local/share/copilot-node/bin/node, which only exists on the Arch
host where chezmoi runs run_onchange_after_install-copilot-node.sh.
On the remote-dev VM the path is absent, so copilot-language-server
spawned with cmd[0]=<missing> and printed 'Could not determine
Node.js version'. Probe the pinned path with vim.fn.executable() and
fall back to 'node' from PATH otherwise.
For the VM PATH 'node' to be a supported version, switch home.nix
from the rolling 'nodejs' alias to 'nodejs_24' (the version the
chezmoi script also pins on the host).
Address the cluster of Mason install failures on the VM:
- autotools-language-server, codespell, mdformat,
nginx-language-server, systemdlint -- pip-installed; fail because
Ubuntu's python3 ships without venv. bootstrap.sh now apt-installs
python3-venv; README documents the manual command for existing VMs.
- groovy-language-server -- needs a JRE. Add 'jre' to home.packages.
- shellharden -- Mason's cargo fallback can't run under our
leaf-tools policy. Provide the binary via nix-profile instead so
Mason finds it on PATH.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Wraps the bootstrap-day-2 incantations so you don't have to remember
`home-manager switch --impure --flake '.#vm' -b backup` and its zsh
quoting gotcha. Recipes:
- `just update` — pull + switch (the everyday one)
- `just pull` — config-only changes, no nix rebuild
- `just switch` — rebuild HM from the current checkout
- `just gc` — expire HM generations >7d and gc the nix store
README updated to use these.
|
| |
|
|
|
|
|
|
| |
The flake set `allowUnfree = false` so `home-manager switch` failed
with "Refusing to evaluate package 'claude-code-...' because it has
an unfree license". Switch to `allowUnfreePredicate` with an explicit
name allowlist — keeps the door closed for everything else while
permitting just the two AI agents we actually want.
|
| |
|
|
|
|
| |
`home-manager switch --flake .#vm` fails under our zsh (which sets
`extendedglob`) because `#` then becomes a glob qualifier and `.#vm`
parses as an unmatched pattern. Quoting the ref sidesteps it.
|
| |
|
|
|
| |
So the dotfiles `justfile` (and any in-tree project justfiles the user
checks out on the VM) work without falling back to make/scripts.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSH-format signing
home.nix:
- Add zoxide (fixes 'command not found' on shell start), clang-tools
(no compiler driver), nodejs (Mason npm LSPs), uv (Mason python LSPs;
does not install python3 in PATH, so Ubuntu's /usr/bin/python3 stays
the system default), claude-code, github-copilot-cli.
- Refine the leaf-tools policy comment: explicit denylist of build-
toolchain binaries that would shadow Ubuntu's via PATH, plus a
carve-out for editor/AI runtimes (node, uv, clang-tools).
- Symlink ~/.config/git/{config,attributes,ignore} and ~/.ssh/config
from the dotfiles tree.
dot_config/zsh/dot_zshrc: guard direnv/zoxide/fzf inits with
'command -v X >/dev/null &&' so a fresh machine without one of them
no longer prints a stderr error on every shell start.
dot_config/git/config: append unconditional '[include] path =
~/.config/git/config.local' for machine-local overrides (used on the
remote-dev VM to switch to SSH-format signing via the forwarded
agent). Git silently skips missing include files.
remote-dev/README.md: document the update flow (config-only vs HM
rebuild), the single-shell leaf-tools policy, and the one-time VM
setup for SSH-format commit signing (allowed_signers + config.local,
ForwardAgent yes on the host).
|
| | |
|
|
|
New remote-dev/ subdir with a Home-Manager flake that provisions a
headless dev environment on a remote Ubuntu 22.04 VM accessed via SSH.
Shares nvim, zellij, zsh, direnv, and ghostty configs from the same
dotfiles repo via mkOutOfStoreSymlink (no rebuilds on config edits).
CLI tool set mirrors the dev-tool subset of meta/base.txt; sysadmin
tools (procs, gdu, duf), lazygit, and node/yarn (only needed for
markdown-preview on GUI hosts) are excluded.
bootstrap.sh is one-shot: installs Nix via Determinate Systems
installer, clones the repo to ~/.local/share/dotfiles, runs
home-manager switch, and chshes to the nix-store zsh.
dot_config/zsh/dot_zshrc loses its hardcoded Arch plugin/git-prompt
paths in favour of a fallback search: Arch path first, then
$HOME/.nix-profile/share/. Same file works on host and VM.
.chezmoiignore: exclude remote-dev/ from chezmoi deploy on the host.
|
sommerfeld