neovim-ide/Dockerfile

FROM archlinux:latest

# ── Rolling release: full system update first, always ─────────────────────────
RUN pacman -Syu --noconfirm

# ── Crown Jewel #1: pacman ────────────────────────────────────────────────────
RUN pacman -S --noconfirm --needed \
    base-devel git curl wget unzip zip \
    zsh tmux screen mosh \
    zsh-syntax-highlighting zsh-autosuggestions zsh-history-substring-search \
    zsh-completions \
    neovim \
    starship \
    python python-pip python-pynvim \
    perl \
    pyright \
    bash-language-server \
    python-black ruff shellcheck shfmt \
    python-pylint \
    ripgrep fd bat eza fzf zoxide \
    git-delta lazygit \
    btop \
    ttf-nerd-fonts-symbols ttf-jetbrains-mono-nerd \
    man-db man-pages \
    jq tree wget \
    rsync \
    imagemagick chafa jp2a \
    && pacman -Scc --noconfirm

# ── Crown Jewel #2: AUR ───────────────────────────────────────────────────────
RUN useradd -m -s /bin/zsh -G wheel aurbuild && \
    echo 'aurbuild ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/aurbuild

RUN cd /tmp && \
    git clone --depth=1 https://aur.archlinux.org/yay-bin.git && \
    chown -R aurbuild:aurbuild yay-bin && \
    cd yay-bin && \
    sudo -u aurbuild makepkg -si --noconfirm && \
    cd / && rm -rf /tmp/yay-bin

RUN sudo -u aurbuild yay -S --noconfirm --needed \
    eza \
    wl-clipboard \
    trash-cli \
    tailscale \
    && sudo -u aurbuild yay -Scc --noconfirm

# ── Dev user ──────────────────────────────────────────────────────────────────
RUN useradd -m -s /bin/zsh -G wheel dev && \
    echo 'dev ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/dev

# ── Skeleton: bake dotfiles into /etc/skel-arch-dev/ ──────────────────────────
# This is the SOURCE OF TRUTH. The volume gets seeded from here on first run.
COPY --chown=dev:dev dotfiles/ /etc/skel-arch-dev/

# ── Initial seed of /home/dev so plugin bake works at build time ──────────────
RUN cp -an /etc/skel-arch-dev/. /home/dev/ && \
    chown -R dev:dev /home/dev

# ── Python tools ──────────────────────────────────────────────────────────────
RUN pip install --break-system-packages pynvim httpx requests

# ── Bake neovim plugins into /etc/skel-arch-dev so they seed too ─────────────
RUN sudo -u dev HOME=/home/dev XDG_DATA_HOME=/home/dev/.local/share \
    nvim --headless +"Lazy! sync" +qa 2>/dev/null; exit 0

RUN sudo -u dev HOME=/home/dev XDG_DATA_HOME=/home/dev/.local/share \
    nvim --headless \
    +"TSUpdateSync python bash lua json yaml toml markdown vim vimdoc regex" \
    +qa 2>/dev/null; exit 0

# Copy the fully-baked /home/dev back into the skel template
RUN cp -an /home/dev/.local /etc/skel-arch-dev/ && \
    cp -an /home/dev/.cache /etc/skel-arch-dev/ 2>/dev/null || true && \
    chown -R dev:dev /etc/skel-arch-dev

# ── Cleanup AUR build user ────────────────────────────────────────────────────
RUN userdel -r aurbuild && rm -f /etc/sudoers.d/aurbuild

# ── Entrypoint script ─────────────────────────────────────────────────────────
COPY entrypoint.sh /usr/local/bin/arch-dev-entrypoint
RUN chmod +x /usr/local/bin/arch-dev-entrypoint

# ── Final permissions ─────────────────────────────────────────────────────────
RUN chown -R dev:dev /home/dev

USER dev
WORKDIR /workspace

ENTRYPOINT ["/usr/local/bin/arch-dev-entrypoint"]
CMD ["/bin/zsh"]
v1.7: stateful home with git-backed snapshot/rollback 2026-04-27 11:41:59 -04:00			`FROM archlinux:latest`

			`# ── Rolling release: full system update first, always ─────────────────────────`
			`RUN pacman -Syu --noconfirm`

			`# ── Crown Jewel #1: pacman ────────────────────────────────────────────────────`
			`RUN pacman -S --noconfirm --needed \`
			`base-devel git curl wget unzip zip \`
			`zsh tmux screen mosh \`
			`zsh-syntax-highlighting zsh-autosuggestions zsh-history-substring-search \`
			`zsh-completions \`
			`neovim \`
			`starship \`
			`python python-pip python-pynvim \`
			`perl \`
			`pyright \`
			`bash-language-server \`
			`python-black ruff shellcheck shfmt \`
			`python-pylint \`
			`ripgrep fd bat eza fzf zoxide \`
			`git-delta lazygit \`
			`btop \`
			`ttf-nerd-fonts-symbols ttf-jetbrains-mono-nerd \`
			`man-db man-pages \`
			`jq tree wget \`
			`rsync \`
v2.1: add imagemagick, chafa, jp2a for ASCII workflow 2026-04-27 18:45:09 -04:00			`imagemagick chafa jp2a \`
v1.7: stateful home with git-backed snapshot/rollback 2026-04-27 11:41:59 -04:00			`&& pacman -Scc --noconfirm`

			`# ── Crown Jewel #2: AUR ───────────────────────────────────────────────────────`
			`RUN useradd -m -s /bin/zsh -G wheel aurbuild && \`
			`echo 'aurbuild ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/aurbuild`

			`RUN cd /tmp && \`
			`git clone --depth=1 https://aur.archlinux.org/yay-bin.git && \`
			`chown -R aurbuild:aurbuild yay-bin && \`
			`cd yay-bin && \`
			`sudo -u aurbuild makepkg -si --noconfirm && \`
			`cd / && rm -rf /tmp/yay-bin`

			`RUN sudo -u aurbuild yay -S --noconfirm --needed \`
			`eza \`
			`wl-clipboard \`
			`trash-cli \`
v2.2: bake in tailscale (AUR) + tun device + NET_ADMIN cap 2026-04-27 22:34:44 -04:00			`tailscale \`
v1.7: stateful home with git-backed snapshot/rollback 2026-04-27 11:41:59 -04:00			`&& sudo -u aurbuild yay -Scc --noconfirm`

			`# ── Dev user ──────────────────────────────────────────────────────────────────`
			`RUN useradd -m -s /bin/zsh -G wheel dev && \`
			`echo 'dev ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/dev`

			`# ── Skeleton: bake dotfiles into /etc/skel-arch-dev/ ──────────────────────────`
			`# This is the SOURCE OF TRUTH. The volume gets seeded from here on first run.`
			`COPY --chown=dev:dev dotfiles/ /etc/skel-arch-dev/`

			`# ── Initial seed of /home/dev so plugin bake works at build time ──────────────`
			`RUN cp -an /etc/skel-arch-dev/. /home/dev/ && \`
			`chown -R dev:dev /home/dev`

			`# ── Python tools ──────────────────────────────────────────────────────────────`
			`RUN pip install --break-system-packages pynvim httpx requests`

			`# ── Bake neovim plugins into /etc/skel-arch-dev so they seed too ─────────────`
			`RUN sudo -u dev HOME=/home/dev XDG_DATA_HOME=/home/dev/.local/share \`
			`nvim --headless +"Lazy! sync" +qa 2>/dev/null; exit 0`

			`RUN sudo -u dev HOME=/home/dev XDG_DATA_HOME=/home/dev/.local/share \`
			`nvim --headless \`
			`+"TSUpdateSync python bash lua json yaml toml markdown vim vimdoc regex" \`
			`+qa 2>/dev/null; exit 0`

			`# Copy the fully-baked /home/dev back into the skel template`
			`RUN cp -an /home/dev/.local /etc/skel-arch-dev/ && \`
			`cp -an /home/dev/.cache /etc/skel-arch-dev/ 2>/dev/null \|\| true && \`
			`chown -R dev:dev /etc/skel-arch-dev`

			`# ── Cleanup AUR build user ────────────────────────────────────────────────────`
			`RUN userdel -r aurbuild && rm -f /etc/sudoers.d/aurbuild`

			`# ── Entrypoint script ─────────────────────────────────────────────────────────`
			`COPY entrypoint.sh /usr/local/bin/arch-dev-entrypoint`
			`RUN chmod +x /usr/local/bin/arch-dev-entrypoint`

			`# ── Final permissions ─────────────────────────────────────────────────────────`
			`RUN chown -R dev:dev /home/dev`

			`USER dev`
			`WORKDIR /workspace`

			`ENTRYPOINT ["/usr/local/bin/arch-dev-entrypoint"]`
			`CMD ["/bin/zsh"]`