feat: dev fix mkcert and ddev reachability

hosts/dev/channel

@@ -0,0 +1 @@
+https://channels.nixos.org/nixos-25.11

hosts/dev/configuration.nix

@@ -1,17 +1,17 @@
 { config, lib, pkgs, ... }:
 
 let
-  # === CONFIGURABLE SETTINGS ===
   projectsDir = "projects";  # Relative to /home/dominik
 
   repositories = [
-    { url = "gitea@git.cloonar.com:Cloonar/wohnservice-wien-typo3.git"; path = "projects/cloonar/wohnservice-wien"}
+    { url = "gitea@git.cloonar.com:Cloonar/wohnservice-wien-typo3.git"; path = "cloonar/wohnservice-wien"; }
     # Add repos here: { url = "git@..."; path = "relative/path"; }
   ];
-  # === END CONFIGURABLE ===
 
   cloneScript = pkgs.writeShellScript "clone-repos" ''
     set -eu
+    export PATH="${pkgs.openssh}/bin:$PATH"
+    export GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh"
     HOME_DIR="/home/dominik"
     PROJECTS_DIR="$HOME_DIR/${projectsDir}"
 
@@ -20,7 +20,7 @@ let
 
     ${lib.concatMapStrings (repo: ''
       if [ ! -d "$PROJECTS_DIR/${repo.path}" ]; then
-        ${pkgs.sudo}/bin/sudo -u dominik ${pkgs.git}/bin/git clone ${repo.url} "$PROJECTS_DIR/${repo.path}" || true
+        ${pkgs.sudo}/bin/sudo -u dominik -E ${pkgs.git}/bin/git clone ${repo.url} "$PROJECTS_DIR/${repo.path}" || true
       fi
     '') repositories}
   '';
@@ -31,12 +31,17 @@ in
   ];
 
   networking.hostName = "dev";
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 22 80 443 ];
+  };
   system.stateVersion = "22.05";
   time.timeZone = "Europe/Vienna";
 
   # User configuration
   users.users.dominik = {
     isNormalUser = true;
+    uid = 1000;
     home = "/home/dominik";
     extraGroups = [ "wheel" "docker" ];
     openssh.authorizedKeys.keys = [
@@ -50,6 +55,22 @@ in
   programs.zsh.enable = true;
   users.defaultUserShell = pkgs.zsh;
 
+  # Auto-attach to tmux on SSH login
+  environment.interactiveShellInit = ''
+    if [[ -n "$SSH_CONNECTION" ]] && [[ -z "$TMUX" ]]; then
+      tmux attach-session -t main 2>/dev/null || tmux new-session -s main
+    fi
+  '';
+
+  # Passwordless sudo for dominik
+  security.sudo.extraRules = [{
+    users = [ "dominik" ];
+    commands = [{
+      command = "ALL";
+      options = [ "NOPASSWD" ];
+    }];
+  }];
+
   # Clone repos as dominik user on boot
   systemd.services.clone-repos = {
     description = "Clone configured git repositories";
@@ -62,4 +83,25 @@ in
       RemainAfterExit = true;
     };
   };
+
+  # Create ddev global config to bind on all interfaces (allows access from other devices)
+  systemd.services.ddev-config = {
+    description = "Create ddev global config";
+    after = [ "local-fs.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      User = "dominik";
+      Group = "users";
+    };
+    script = ''
+      mkdir -p /home/dominik/.ddev
+      if [ ! -f /home/dominik/.ddev/global_config.yaml ]; then
+        cat > /home/dominik/.ddev/global_config.yaml << 'EOF'
+router_bind_all_interfaces: true
+EOF
+      fi
+    '';
+  };
 }

hosts/dev/modules/dev-tools.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
   nixpkgs.overlays = [
-    (import ../../utils/overlays/packages.nix)
+    (import ../utils/overlays/packages.nix)
   ];
 
   environment.systemPackages = with pkgs; [
@@ -10,6 +10,8 @@
     docker-compose
     git
     git-lfs
+    mkcert
+    screen
 
     # PHP
     php
@@ -27,9 +29,24 @@
     wget
     curl
     htop
-    tmux
   ];
 
+  # Persistent SSH sessions with tmux
+  programs.tmux = {
+    enable = true;
+    clock24 = true;
+    historyLimit = 50000;
+    terminal = "screen-256color";
+    extraConfig = ''
+      # Enable mouse support
+      set -g mouse on
+
+      # Start windows and panes at 1, not 0
+      set -g base-index 1
+      setw -g pane-base-index 1
+    '';
+  };
+
   # Docker for ddev
   virtualisation.docker.enable = true;
   users.users.dominik.extraGroups = [ "docker" ];

hosts/dev/utils

@@ -0,0 +1 @@
+../../utils