public/librenotes
1
0
Fork 0
Code Issues 4 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity
Files
main
librenotes/flake.nix
Michael Czechowski b409519661 Add reproducible dev environment 
- flake.nix: rebrand description, add Go 1.25, gopls, gotools,
  staticcheck, golangci-lint, gnumake to all dev shells. Add a
  plain `dev` shell (`nix develop .#dev`) that does not wrap the
  shell in the bubblewrap sandbox so contributors can use a
  standard Go toolchain.
- Dockerfile.dev: golang:1.22-bookworm with make, git, gopls and
  staticcheck, /workspace as default cwd. CGO disabled.
- README: document both nix and Docker dev paths.

flake.lock is committed for reproducibility.

Closes #6.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-28 21:58:59 +02:00

122 lines
3.5 KiB
Nix
Raw Permalink Blame History

{
description = "librenotes development environment";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
};
outputs = { self, nixpkgs, flake-utils }:
flake-utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs { inherit system; config.allowUnfree = true; };
packages = with pkgs; [
# Go toolchain
go_1_25
gopls
gotools
go-tools
golangci-lint
gnumake
# Project CLIs
tea
bubblewrap
];
shellFunctions = ''
yolo() { claude --dangerously-skip-permissions --resume; }
'';
shellFunctionsScript = pkgs.writeText "shell-functions.sh" shellFunctions;
sandboxScript = pkgs.writeShellScriptBin "enter-sandbox" ''
PROJECT_DIR="''${SANDBOX_PROJECT_DIR:-$PWD}"
BWRAP_ARGS=(
--unshare-all
--share-net
--die-with-parent
--ro-bind / /
--dev /dev
--proc /proc
--tmpfs "$HOME"
--bind "$PROJECT_DIR" "$PROJECT_DIR"
--bind "$HOME/.claude" "$HOME/.claude"
--bind "$HOME/.claude.json" "$HOME/.claude.json"
--ro-bind "$HOME/.gitconfig" "$HOME/.gitconfig"
--ro-bind "$HOME/.ssh" "$HOME/.ssh"
--setenv GIT_SSH_COMMAND "ssh -F ~/.ssh/config"
--ro-bind "$HOME/.config/tea" "$HOME/.config/tea"
--ro-bind "$HOME/.config/gh" "$HOME/.config/gh"
--ro-bind "$HOME/.local/bin" "$HOME/.local/bin"
--tmpfs /tmp
--setenv HOME "$HOME"
--setenv PATH "$PATH"
--setenv TERM "''${TERM:-xterm}"
--setenv SANDBOX_ACTIVE "1"
--chdir "$PROJECT_DIR"
)
mkdir -p "$HOME/.claude"
touch "$HOME/.claude.json"
if [ $# -gt 0 ]; then
exec ${pkgs.bubblewrap}/bin/bwrap "''${BWRAP_ARGS[@]}" "$@"
else
exec ${pkgs.bubblewrap}/bin/bwrap "''${BWRAP_ARGS[@]}" ${pkgs.bash}/bin/bash
fi
'';
in
{
devShells = {
default = pkgs.mkShell {
buildInputs = packages ++ [ sandboxScript ];
shellHook = ''
export SANDBOX_PROJECT_DIR="$PWD"
export SHELL_FUNCTIONS="${shellFunctionsScript}"
if [ ! -t 0 ] || [ -n "$NIX_DEVELOP_COMMAND" ]; then
echo "=== librenotes (sandbox: enter-sandbox) ==="
else
echo "=== librenotes Sandbox ==="
echo "WRITE: $PWD, ~/.claude"
exec enter-sandbox ${pkgs.bash}/bin/bash --rcfile <(cat << 'SANDBOX_BASHRC'
source "$SHELL_FUNCTIONS"
PS1="[sandbox] \w \$ "
SANDBOX_BASHRC
)
fi
'';
};
yolo = pkgs.mkShell {
buildInputs = packages;
shellHook = ''
${shellFunctions}
echo "=== librenotes (YOLO - no sandbox) ==="
'';
};
# Plain Go dev shell, no sandbox wrapping. For contributors who
# just want `nix develop .#dev` to get a working toolchain.
dev = pkgs.mkShell {
buildInputs = with pkgs; [
go_1_25 gopls gotools go-tools golangci-lint gnumake
];
shellHook = ''
echo "=== librenotes dev ==="
echo "go: $(go version)"
'';
};
};
}
);
}
Reference in New Issue View Git Blame Copy Permalink