From 3a74a298a54243a2ecbd66d74f91aba41a798f26 Mon Sep 17 00:00:00 2001 From: Michael Czechowski Date: Wed, 25 Feb 2026 17:02:01 +0100 Subject: [PATCH] Initial project setup with Nix flake and gitignore Nix devshell with gh, bubblewrap sandbox, and yolo mode. Gitignore for .claude, .wave internals, secrets. Co-Authored-By: Claude Opus 4.6 --- .gitignore | 11 ++++++ flake.nix | 100 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 111 insertions(+) create mode 100644 .gitignore create mode 100644 flake.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3224e2d --- /dev/null +++ b/.gitignore @@ -0,0 +1,11 @@ +.claude/* +!.claude/commands/ +.archive/ +.idea/ +.wave/* +!.wave/pipelines/ +!.wave/personas/ +!.wave/contracts/ +!.wave/prompts/ +wave.yaml +.env diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..8088c07 --- /dev/null +++ b/flake.nix @@ -0,0 +1,100 @@ +{ + description = "Notesium notes environment"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + flake-utils.url = "github:numtide/flake-utils"; + }; + + outputs = { self, nixpkgs, flake-utils }: + flake-utils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { inherit system; config.allowUnfree = true; }; + + packages = with pkgs; [ + # claude-code + gh + bubblewrap + ]; + + shellFunctions = '' + yolo() { claude --dangerously-skip-permissions --resume; } + ''; + + shellFunctionsScript = pkgs.writeText "shell-functions.sh" shellFunctions; + + sandboxScript = pkgs.writeShellScriptBin "enter-sandbox" '' + PROJECT_DIR="''${SANDBOX_PROJECT_DIR:-$PWD}" + + BWRAP_ARGS=( + --unshare-all + --share-net + --die-with-parent + + --ro-bind / / + --dev /dev + --proc /proc + + --tmpfs "$HOME" + + --bind "$PROJECT_DIR" "$PROJECT_DIR" + --bind "$HOME/.claude" "$HOME/.claude" + --bind "$HOME/.claude.json" "$HOME/.claude.json" + + --ro-bind "$HOME/.gitconfig" "$HOME/.gitconfig" + --ro-bind "$HOME/.ssh" "$HOME/.ssh" + --ro-bind "$HOME/.config/gh" "$HOME/.config/gh" + --ro-bind "$HOME/.local/bin" "$HOME/.local/bin" + + --tmpfs /tmp + + --setenv HOME "$HOME" + --setenv PATH "$PATH" + --setenv TERM "''${TERM:-xterm}" + --setenv SANDBOX_ACTIVE "1" + --chdir "$PROJECT_DIR" + ) + + mkdir -p "$HOME/.claude" + touch "$HOME/.claude.json" + + if [ $# -gt 0 ]; then + exec ${pkgs.bubblewrap}/bin/bwrap "''${BWRAP_ARGS[@]}" "$@" + else + exec ${pkgs.bubblewrap}/bin/bwrap "''${BWRAP_ARGS[@]}" ${pkgs.bash}/bin/bash + fi + ''; + in + { + devShells = { + default = pkgs.mkShell { + buildInputs = packages ++ [ sandboxScript ]; + shellHook = '' + export SANDBOX_PROJECT_DIR="$PWD" + export SHELL_FUNCTIONS="${shellFunctionsScript}" + + if [ ! -t 0 ] || [ -n "$NIX_DEVELOP_COMMAND" ]; then + echo "=== Notesium (sandbox: enter-sandbox) ===" + else + echo "=== Notesium Sandbox ===" + echo "WRITE: $PWD, ~/.claude" + exec enter-sandbox ${pkgs.bash}/bin/bash --rcfile <(cat << 'SANDBOX_BASHRC' + source "$SHELL_FUNCTIONS" + PS1="[sandbox] \w \$ " +SANDBOX_BASHRC + ) + fi + ''; + }; + + yolo = pkgs.mkShell { + buildInputs = packages; + shellHook = '' + ${shellFunctions} + echo "=== Notesium (YOLO - no sandbox) ===" + ''; + }; + }; + } + ); +}