wayne/neovim-ide
wayne/neovim-ide
1
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

v2.2: bake in tailscale (AUR) + tun device + NET_ADMIN cap

Browse Source
This commit is contained in:
Wayne Hayes 2026-04-27 22:34:44 -04:00
parent 942014eeb8
commit d67ae30a99
3 changed files with 45 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfile
View File

@ -42,6 +42,7 @@ RUN sudo -u aurbuild yay -S --noconfirm --needed \
eza \ eza \
wl-clipboard \ wl-clipboard \
trash-cli \ trash-cli \
tailscale \
&& sudo -u aurbuild yay -Scc --noconfirm && sudo -u aurbuild yay -Scc --noconfirm
# ── Dev user ────────────────────────────────────────────────────────────────── # ── Dev user ──────────────────────────────────────────────────────────────────

40
README.md
View File

@ -24,7 +24,7 @@ Kanagawa Wave · rolling release · AUR-powered · git-snapshotted home
- Claude Code CLI (snapshot after install + login) - Claude Code CLI (snapshot after install + login)
- Gemini CLI - Gemini CLI
- Aider - Aider
- nvm + Node.js (for any AI tool that needs it) - nvm + Node.js (for AI tools that need it)
### v2.1 — Image & ASCII tooling ### v2.1 — Image & ASCII tooling
- ImageMagick — image manipulation - ImageMagick — image manipulation
@ -33,6 +33,26 @@ Kanagawa Wave · rolling release · AUR-powered · git-snapshotted home
Workflow: AI rough sketch → `chafa --symbols ascii` → hand-tweak Workflow: AI rough sketch → `chafa --symbols ascii` → hand-tweak
### v2.2 — Tailscale
- Tailscale baked in via AUR
- `/dev/net/tun` device pass-through for kernel-mode networking
- `NET_ADMIN` + `NET_RAW` capabilities granted
- First-run auth, then `snap tailscale` for persistence
```bash
# Inside container, first time:
sudo tailscaled &
sudo tailscale up # follow auth URL
snap tailscale "authenticated to tailnet"
```
### v2.3 — Companion plugin (separate repo)
**`tailscale.nvim`** — original FOSS work, no equivalent exists yet:
- Lualine status component
- Telescope peer picker
- Quick IP copy + status window
- Repo: github.com/<you>/tailscale.nvim
--- ---
## v1.7 — What's there now ## v1.7 — What's there now
@ -85,6 +105,21 @@ Reset home to factory: `docker volume rm <project>_arch-dev-home`
--- ---
## Container Capabilities
The container drops ALL capabilities then re-adds only what's needed:
| Cap | Why |
|---|---|
| `NET_BIND_SERVICE` | Bind to ports < 1024 (mosh) |
| `SETUID` / `SETGID` | sudo |
| `AUDIT_WRITE` | sudoers_audit plugin |
| `NET_ADMIN` / `NET_RAW` | Tailscale |
Plus device pass-through for `/dev/net/tun` (Tailscale kernel mode).
---
## State Tracking — Two Systems ## State Tracking — Two Systems
| System | What | Where | | System | What | Where |
@ -105,3 +140,6 @@ Set `MOBILE=1` in Termius host profile env vars to activate:
- habamax colorscheme (kanagawa needs truecolor) - habamax colorscheme (kanagawa needs truecolor)
- termguicolors disabled in neovim - termguicolors disabled in neovim
- Bufferline disabled - Bufferline disabled
With Tailscale (v2.2+), you can reach arch-dev from any device on your
tailnet without exposing ports — perfect for mobile dev anywhere.

5
docker-compose.yml
View File

@ -30,6 +30,11 @@ services:
- SETUID - SETUID
- SETGID - SETGID
- AUDIT_WRITE - AUDIT_WRITE
- NET_ADMIN
- NET_RAW
devices:
- /dev/net/tun:/dev/net/tun
volumes: volumes:
arch-dev-home: arch-dev-home: