xen/dev:latest

A modern portable sandboxed (dockerized) terminal-based vim-centric development environment.

Overpowered "dotfiles" intended to run in a number of ways; either within a:

• customized sandboxed gpu-accelerated terminal (recommended)
• x11docker-powered full, but minimal, desktop (interesting)
• terminal of your choice (minimal requirements)

Note: Developed on and for Linux; other host compatibility is unknown.

Quickstart

mkdir ~/src && cd ~/src
git clone https://github.com/xendarboh/xendev.git
cd xendev
cp .env-example .env
# edit .env to enable optionals or set specific versions
make build
./xendev

Tools

• Neovim: Vim-fork focused on extensibility and usability
  • LazyVim: Neovim config for the lazy (INSTALL_NVIM_LAZYVIM)
    • avante.nvim: Use your Neovim like using Cursor AI IDE!
    • better-escape.nvim: Escape from insert mode without delay when typing
    • markdown-preview.nvim: markdown preview plugin for (neo)vim
    • noir.nvim: A NeoVim plugin providing syntax highlighting and LSP support for Noir
    • nx.vmim: A simple tool providing the same features as the NX console does for vs-code
    • smart-splits.nvim: Smart, seamless, directional navigation and resizing of Neovim + terminal multiplexer splits
    • wakatime.nvim: Vim plugin for automatic time tracking and metrics generated from your programming activity
• Nix: Nix, the purely functional package manager (INSTALL_NIX)
• Node.js: Node.js JavaScript runtime
  • pnpm: Fast, disk space efficient package manager
  • yarn: Fast, reliable, and secure dependency management
  • fnm: Fast and simple Node.js version manager, built in Rust
  • npm-check-updates: Find newer versions of package dependencies than what your package.json allows
  • npm-check: Check for outdated, incorrect, and unused dependencies
• Rust: Empowering everyone to build reliable and efficient software
  • cargo-edit: A utility for managing cargo dependencies from the command line
  • rust-analyzer: A Rust compiler front-end for IDEs
  • rustup: The Rust toolchain installer
• Noir: Noir is a domain specific language for zero knowledge proofs (INSTALL_NOIR)
  • barretenberg: The ZK prover backend that provides succinct verifiability for Aztec. Also houses the Aztec VM
• Brave Browser (INSTALL_BROWSER_BRAVE)
• Chromium Browser: an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web (INSTALL_BROWSER_CHROMIUM)
• Tomb: the Crypto Undertaker (INSTALL_TOMB)
• aicommits: A CLI that writes your git commit messages for you with AI
• circom: zkSnark circuit compiler (INSTALL_CIRCOM)
• claude-code: an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and ...
• cpanminus: get, unpack, build and install modules from CPAN
• cypress: (deps) Fast, easy and reliable testing for anything that runs in a browser (INSTALL_CYPRESS_DEPS)
• deno: A modern runtime for JavaScript and TypeScript
• diff-so-fancy: Good-lookin' diffs. Actually… nah… The best-lookin' diffs
• exa: A modern replacement for ‘ls’
• fastmod: A tool to assist with large-scale codebase refactors
• fd: A simple, fast and user-friendly alternative to 'find'
• fish-shell: The user-friendly command line shell
  • fisher: A plugin manager for Fish
  • fish-exa: exa aliases for fish
  • fish-gruvbox: gruvbox theme for fish
  • fish-nx: Fish completions for Nx
  • nix-env.fish: Nix environment setup for the fish shell (INSTALL_NIX)
• fleek-cli: Use Fleek to deploy websites and apps on the open web: permissionless, trustless, censorship resistant, and free of centralized gatekeepers
• fzf: A command-line fuzzy finder
• git (latest stable version)
  • gh: GitHub’s official command line tool
  • git-absorb: git commit --fixup, but automatic
  • git-crypt: [fork] Transparent file encryption in git
  • git-filter-repo: Quickly rewrite git repository history (filter-branch replacement)
    • gfr-bfg-ish: A re-implementation of most of BFG Repo Cleaner, with new features and bug fixes
    • gfr-clean-ignore: Delete files from history which match current gitignore rules
    • gfr-insert-beginning: Add a new file (e.g. LICENSE/COPYING) to the beginning of history
    • gfr-lint-history: Run some lint command on all non-binary files in history
    • gfr-signed-off-by: Add a Signed-off-by tag to a range of commits
  • git-lfs: Git extension for versioning large files
  • lazygit: Simple terminal UI for git commands
• go: The Go programming language
• jq: Command-line JSON processor
• kpcli: A command line interface for KeePass
• llvm-project: (clang) A collection of modular and reusable compiler and toolchain technologies (INSTALL_LLVM)
• ncdu: NCurses Disk Usage
• ninja-build: A small build system with a focus on speed
• platformio-core: A professional collaborative platform for embedded development (INSTALL_PLATFORMIO)
• prettier: Prettier is an opinionated code formatter
• protobuf: Protocol Buffers - Google's data interchange format (INSTALL_PB)
  • buf: A new way of working with Protocol Buffers
• ranger: A VIM-inspired filemanager for the console
• ripgrep: recursively searches directories for a regex pattern while respecting your gitignore
• silversearcher-ag: A code-searching tool similar to ack, but faster
• solidity: Solidity, the Smart Contract Programming Language
• spacer: CLI tool to insert spacers when command output stops
• sqlite: a small, fast, self-contained, high-reliability, full-featured, SQL database engine
• starship: The minimal, blazing-fast, and infinitely customizable prompt for any shell!
• stow: a symlink farm manager
• tauri-cli: Build smaller, faster, and more secure desktop and mobile applications with a web frontend (INSTALL_TAURI)
• tmux: A terminal multiplexer
  • tpm: Tmux Plugin Manager
  • tmux-gruvbox: Gruvbox color scheme for Tmux
  • tmux-resurrect: Persists tmux environment across system restarts
  • tmux-window-name: A plugin to name your tmux windows smartly
• watchexec: Executes commands in response to file modifications
• websocat: Command-line client for WebSockets, like netcat (or curl) for ws:// with advanced socat-like functions
• xclip: Command line interface to the X11 clipboard
• zoxide: A smarter cd command
• INSTALL_DEVOPS
  • AWS CLI v2: enables interaction with AWS services
  • Ansible: a radically simple IT automation system
  • OpenTofu: declaratively manage your cloud infrastructure
  • Packer: a tool for creating identical machine images for multiple platforms from a single source configuration
  • Terraform: enables you to safely and predictably create, change, and improve infrastructure.
  • terraform-local: Terraform CLI wrapper to deploy your Terraform applications directly to LocalStack

Additionally (and optionally), the following are within the X11 base image:

• Xfce: A lightweight desktop environment for UNIX-like operating systems. It aims to be fast and low on system resources, while still being visually appealing and user friendly.
• kitty: Cross-platform, fast, feature-rich, GPU based terminal
  • kitty-gruvbox-theme: Gruvbox theme for kitty terminal
• ImageMagick: Software suite for displaying, converting, and editing raster image and vector image files
• nerd-fonts: Developer targeted fonts with a high number of glyphs (icons)
  • Hack: A typeface designed for source code

Powered-by:

• x11docker: Run GUI applications and desktops in docker and podman containers. Focus on security.

Build

Host Requirements

• docker or podman
• docker compose
• x11docker (not required for tty-only)
  • x11docker gpu support
• make (or manually run the commands in Makefile)

Configure

Edit .env to set specific versions and optional installations.

Build Image(s)

Build the full image with X11 support

make build

Or build the tty-only image

make build-tty

See all make commands

❯ make                                                                                                                                                                                                        2023-01-21 14:02:33
help                 print this help message with some nifty mojo
build                build docker image with X11 support
rebuild              rebuild docker image with X11 support
build-tty            build tty-only docker image
rebuild-tty          (re)build tty-only docker image with --no-cache --pull

Run Examples

Within a gpu-accelerated terminal

This is the recommended mode of operation with balance of sandboxed environment and host integration for optimal DX.

x11docker --gpu --clipboard --network -- xen/dev kitty

Within an x11docker-powered desktop

This mode illustrates interesting capabilities provided by x11docker with a fullly operational sandboxed desktop running within a window on the host.

x11docker --desktop --gpu --clipboard --network -- xen/dev

Within a terminal of your choice

Without X11

This is the mode of minimal host requirements, only docker|podman. It will work on a headless server, for example. Refer to xendev.tty as an example for mapping volumes from the host.

make build-tty
./xendev.tty

This also works with make build, just larger docker image.

with X11

In this mode, host clipboard will work with enhanced security provided by x11docker.

x11docker --tty --interactive --clipboard --network -- xen/dev

• Host terminal expectations, ideally:
  • truecolor support (use scripts in test/ to test support inside xendev)
  • patched font like one from nerd-fonts with powerline symbols

With directories shared from the host

See the xendev launcher script for a functional example that shares the host user's ssh, gpg, and git config with the container and provides writeable access to ~/src.

Note: Some applications need more privileges or capabilities than x11docker provides by default; refer to the x11docker docs on privilege checks.

Preferences & Philosophy

• modern latest greatest terminal utilities and versions
• reproducible personal development environment
• default to current LTS versions
• FROM ubuntu
• vi-style key bindings
• dark gruvbox color scheme
• LOCALE=en_US.UTF-8 (overridden by x11docker)
• analog choice of sandboxed security vs function

Tests

See the shell scripts within the test directory for tests to confirm host-mapped gpg support, terminal font rendering (truecolor, glyphs, italics) capabilities, etc.

Customization & Notes

See conf/ files.

git

To include xendev git config without replacing the local, add the following to ~/.config/git/config:

[includeIf "gitdir:/home/xendev"]
  path = ~/src/xendev/conf/gitconfig

• facilitates same git config on host and within xendev container
• only applied to git commands run within /home/xendev/
• recommendation is to share source between host/container with volume-mapped ~/src/

Local (machine-specific) Configuration

This configuration remains outside the image and is volume-mapped into the container at runtime.

cp -a conf.local-example conf.local

With the exception of conf.local/xendev/, the "dotfiles" of conf.local are stow'd in the user's homedir. For example, conf.local/.xyz gets symlinked from ~/.xyz.

Notable local conf files may include:

• conf.local/xendev/bash.sh: use to set custom config like GH_TOKEN or FLEEK_API_KEY
• conf.local/xendev/directory_map.txt
  • a list of from:to directory mappings to preserve current working directory in new windows (since tmux/kitty does not handle preserved symlinked directories)
  • you likely want a directory mapping for /home/xendev:/home/<USER>
• conf.local/.aicommits: aicommits configuration
• conf.local/.wakatime.cfg: wakatime or wakapi configuration
• conf.local/.aws: preserve local aws credentials... or anything else in this manner