From db4c6bdcd2af6aa2b95f587974f34c0246f62cb8 Mon Sep 17 00:00:00 2001 From: sommerfeld Date: Thu, 14 May 2026 10:58:14 +0100 Subject: feat(remote-dev): add zoxide/clang-tools/node/uv/AI agents; bring git+ssh; SSH-format signing home.nix: - Add zoxide (fixes 'command not found' on shell start), clang-tools (no compiler driver), nodejs (Mason npm LSPs), uv (Mason python LSPs; does not install python3 in PATH, so Ubuntu's /usr/bin/python3 stays the system default), claude-code, github-copilot-cli. - Refine the leaf-tools policy comment: explicit denylist of build- toolchain binaries that would shadow Ubuntu's via PATH, plus a carve-out for editor/AI runtimes (node, uv, clang-tools). - Symlink ~/.config/git/{config,attributes,ignore} and ~/.ssh/config from the dotfiles tree. dot_config/zsh/dot_zshrc: guard direnv/zoxide/fzf inits with 'command -v X >/dev/null &&' so a fresh machine without one of them no longer prints a stderr error on every shell start. dot_config/git/config: append unconditional '[include] path = ~/.config/git/config.local' for machine-local overrides (used on the remote-dev VM to switch to SSH-format signing via the forwarded agent). Git silently skips missing include files. remote-dev/README.md: document the update flow (config-only vs HM rebuild), the single-shell leaf-tools policy, and the one-time VM setup for SSH-format commit signing (allowed_signers + config.local, ForwardAgent yes on the host). --- remote-dev/home.nix | 35 ++++++++++++++++++++++++++++++++--- 1 file changed, 32 insertions(+), 3 deletions(-) (limited to 'remote-dev/home.nix') diff --git a/remote-dev/home.nix b/remote-dev/home.nix index a2b9392..184de6b 100644 --- a/remote-dev/home.nix +++ b/remote-dev/home.nix @@ -15,9 +15,19 @@ in home.stateVersion = "25.05"; # ── Packages ──────────────────────────────────────────────────────────────── - # Mirrors the dev-tool subset of `meta/base.txt` on the Arch host. Tools that - # only make sense on a workstation (procs/gdu/duf for sysadmin, lazygit - # unused, node/yarn only needed for markdown-preview on GUI) are excluded. + # Policy: this profile carries leaf CLI tools plus editor/AI-agent + # runtimes (node, uv). It must NEVER carry anything the project build + # might invoke. Forbidden on PATH (would shadow Ubuntu's and break + # builds against the system sysroot/libc): cc, c++, gcc, g++, clang, + # clang++, ld, ld.lld, ar, nm, objcopy, make, cmake, ninja, meson, + # pkg-config, autoconf, automake, libtool, python, python3, pip, + # cargo, rustc, go. If a project needs a newer toolchain, put it in + # a project-local flake.nix + direnv `.envrc`, NOT here. + # + # Allowed runtimes (used only by Mason/editor/AI agents): node, npm, + # npx (via `nodejs`), uv, uvx (via `uv` — does NOT install a python3, + # manages its own interpreters under XDG). clang-tools is allowed + # because it ships only formatters/linters/clangd, no compiler driver. home.packages = with pkgs; [ # Editor + multiplexer neovim @@ -30,6 +40,7 @@ in fzf sd choose + zoxide # Viewers bat @@ -66,6 +77,17 @@ in gnupg pass + # C/C++ source tooling (no compiler driver in PATH) + clang-tools + + # Editor/AI agent runtimes — NOT for project builds (see policy above) + nodejs # Mason npm LSPs; system python3 stays at /usr/bin/python3 + uv # Mason python LSPs in isolated venvs; brings `uv`/`uvx` only + + # AI coding agents + claude-code + github-copilot-cli # NB: pkgs.copilot-cli is AWS Copilot, NOT this + # Zsh and plugins (sourced from $HOME/.nix-profile/share/... by the shared zshrc) zsh zsh-syntax-highlighting @@ -90,8 +112,15 @@ in "zsh/.zprofile".source = link "dot_config/zsh/dot_zprofile"; "ghostty".source = link "dot_config/ghostty"; # for terminfo refs only "direnv/direnvrc".source = link "dot_config/direnv/direnvrc"; + "git/config".source = link "dot_config/git/config"; + "git/attributes".source = link "dot_config/git/attributes"; + "git/ignore".source = link "dot_config/git/ignore"; }; + # ~/.ssh/config from the dotfiles tree (read-only); keys + known_hosts + # stay machine-local on the VM. + home.file.".ssh/config".source = link "private_dot_ssh/config"; + # ZDOTDIR redirect so login shells find ~/.config/zsh/.zprofile etc. home.file.".zshenv".text = '' export ZDOTDIR="$HOME/.config/zsh" -- cgit v1.3.1