xen/dev:latest

Overpowered dotfiles in a box. A sandboxed, GPU-accelerated, terminal-first development environment.

Run it as a:

• TTY-only terminal for headless servers
• GPU-accelerated terminal with clipboard integration ← recommended
• Full desktop environment in a window (x11docker)
• Docker-in-Docker environment for nested containers (sysbox)

Developed on and for Linux. Other platforms untested.

Quickstart

git clone https://github.com/xendarboh/xendev.git ~/src/xendev
cd ~/src/xendev
cp .env-example .env                 # edit to enable optional tools
cp -a conf.local-example conf.local  # local overrides (see Customization)
make build
./xendev

Philosophy

• Open Source!
• Latest greatest terminal tools, LTS versions, vi-bindings
• Unified theming via tinty with native Neovim colorscheme sync
• Reproducible environment from Ubuntu base
• Security via sandboxing with analog control over isolation vs. functionality

Host Dependencies

Dependency	Required For	Notes
docker or podman	Core	Container runtime
docker compose	Building	Build orchestration
make	Building	Recommended; or run Makefile commands manually
x11docker	max, min, sys modes	Not needed for tty mode
sysbox	sys mode	Recommended for Docker-in-Docker
rofi / dmenu / fzf	Launcher	Any one; detected in order
Nerd Font	tty mode	Container provides fonts for GUI modes

Run

Launcher

The ./xendev launcher provides an interactive menu (via rofi, dmenu, or fzf) for selecting modes, naming containers, and toggling volume mounts.

Mode	Description	X11	GPU	Use Case
max	Most host integration, direct GPU	Yes	Direct	Daily development
min	Minimal host integration, fallback GPU	Yes	Fallback	Sandboxed agents, untrusted code
sys	Docker-in-Docker via sysbox	Yes	Fallback	Stronger isolation, run containers
tty	TTY-only, no X11	No	No	Headless servers, SSH sessions

All modes are containerized and sandboxed; the difference is capability and host integration.

Selector: The launcher probes for an available selector. Override with XENDEV_SELECTOR or ./xendev -s fzf.

No Launcher

Run directly without the interactive menu, for example:

# GPU-accelerated terminal with clipboard
x11docker --gpu --clipboard --network --user=RETAIN -- --tmpfs=/tmp:exec -- xen/dev

# Full desktop in a window
x11docker --desktop --gpu --clipboard --network -- xen/dev

# TTY-only (no x11docker needed)
docker run -it --rm --network=host xen/dev

Docker-in-Docker (Sysbox)

The sys mode uses sysbox for secure, rootless Docker-in-Docker without --privileged.

Tradeoffs: No direct GPU (uses --gpu fallback), bridged networking (no --network=host).

Persistence: Inner Docker data stored at ~/.local/share/xendev/sysbox/var-lib-docker.

Tools

Powered By

• x11docker: Secure GUI containers
• Sysbox: Rootless system containers, enabling Docker-in-Docker
• Xen: Elven Tech Wizard

Editor & Plugins

• Neovim: Vim-fork focused on extensibility and usability
  • LazyVim: Neovim config for the lazy (INSTALL_NVIM_LAZYVIM)
    • avante.nvim: Use your Neovim like using Cursor AI IDE!
    • better-escape.nvim: Escape from insert mode without delay
    • gruvbox.nvim: Gruvbox colorscheme
    • markdown-preview.nvim: Markdown preview plugin
    • noir.nvim: Syntax highlighting and LSP for Noir
    • nx.nvim: NX console features for Neovim
    • smart-splits.nvim: Seamless navigation and resizing
    • tinted-nvim: Tinty colorscheme sync with native fallback
    • tokyonight.nvim: Tokyo Night colorscheme
    • wakatime.nvim: Automatic time tracking

AI/Agentic Coding

• aicommits: AI-written git commit messages
• claude-code: Agentic coding tool in your terminal
• OpenCode: Open source coding agent (INSTALL_OPENCODE)
  • oh-my-opencode: Batteries-included agent harness
  • opencode-wakatime: OpenCode usage time tracking
• repomix: Pack repository into AI-friendly file

Shell & Terminal

• ack: Grep-like tool for searching code
• bat: A cat(1) clone with syntax highlighting
• exa: Modern replacement for 'ls'
• fd: Simple, fast alternative to 'find'
• fish-shell: User-friendly command line shell
  • fish-exa: exa aliases for fish
  • fish-nx: Fish completions for Nx
  • fisher: Plugin manager for Fish
  • nix-env.fish: Nix environment for fish (INSTALL_NIX)
• fzf: Command-line fuzzy finder
• htop: Interactive process viewer
• jq: Command-line JSON processor
• ripgrep: Fast regex search respecting gitignore
• silversearcher-ag: Code search faster than ack
• spacer: Insert spacers in command output
• starship: Minimal, fast, customizable prompt
• stow: Symlink farm manager
• tinty: Unified colorscheme manager for 70+ apps
• tmux: Terminal multiplexer
  • tmux-resurrect: Persist environment across restarts
  • tmux-window-name: Smart window naming
  • tpm: Tmux Plugin Manager
• tree: Directory tree viewer
• zoxide: Smarter cd command

Git & Version Control

• diff-so-fancy: Best-lookin' diffs
• git: Latest stable version
  • gh: GitHub's official CLI
  • git-absorb: Automatic fixup commits
  • git-crypt: Transparent file encryption [fork]
  • git-filter-repo: Rewrite git history fast
    • gfr-bfg-ish: BFG Repo Cleaner reimplementation
    • gfr-clean-ignore: Remove gitignored files from history
    • gfr-insert-beginning: Insert a file at history start
    • gfr-lint-history: Lint all non-binary files across history
    • gfr-signed-off-by: Add Signed-off-by tags to commit range
  • git-lfs: Large file versioning
  • lazygit: Terminal UI for git

Languages & Runtimes

• Bun: Fast JS runtime, bundler, test runner, package manager
• Deno: Modern JavaScript/TypeScript runtime
• Go: The Go programming language
• LLVM: Clang toolchain (INSTALL_LLVM)
• Nix: Purely functional package manager (INSTALL_NIX)
• Node.js: JavaScript runtime
  • fnm: Fast Node.js version manager
  • npm-check-updates: Find newer package versions
  • npm-check: Check for outdated dependencies
  • pnpm: Fast, disk space efficient package manager
  • yarn: Dependency management
• Ruby: Dynamic programming language
  • rake: Ruby build automation tool
• Rust: Reliable and efficient software
  • cargo-edit: Manage cargo dependencies from CLI
  • rust-analyzer: Rust compiler front-end for IDEs
  • rustup: Rust toolchain installer

ZK & Blockchain

• circom: zkSnark circuit compiler (INSTALL_CIRCOM)
• Noir: DSL for zero knowledge proofs (INSTALL_NOIR)
  • barretenberg: ZK prover backend
• Solidity: Smart contract language

DevOps (INSTALL_DEVOPS)

• Ansible: IT automation
• AWS CLI v2: AWS interaction
• OpenTofu: Open source Terraform alternative
• Packer: Machine image builder
• terraform-local: Deploy to LocalStack
• Terraform: Infrastructure as code

Utilities

• cpanminus: CPAN module installer
• cypress: Browser testing deps (INSTALL_CYPRESS_DEPS)
• fastmod: Large-scale codebase refactors
• ImageMagick: Image manipulation
• kpcli: KeePass CLI
• ncdu: NCurses Disk Usage
• ninja-build: Fast build system
• platformio-core: Embedded development (INSTALL_PLATFORMIO)
• prettier: Opinionated code formatter
• protobuf: Protocol Buffers (INSTALL_PB)
  • buf: Modern protobuf workflow
• ranger: VIM-inspired file manager
• sqlite: SQL database engine
• tauri-cli: Build desktop apps (INSTALL_TAURI)
• Tomb: Crypto Undertaker (INSTALL_TOMB)
• tree-sitter-cli: Parser generator for syntax trees
• watchexec: Execute on file changes
• websocat: WebSocket CLI client

X11 Desktop

• Brave browser (INSTALL_BROWSER_BRAVE)
• Chromium (INSTALL_BROWSER_CHROMIUM)
• kitty: GPU-accelerated terminal
• Nerd Fonts: Developer fonts with icons
  • Hack: Typeface for code
• xclip: X11 clipboard CLI
• Xfce: Lightweight desktop environment
  • xfce4-notifyd: Desktop notification daemon
  • xfce4-taskmanager: Process/task manager
  • xfce4-terminal: Terminal emulator

Sysbox Runtime

• docker: The Docker CLI
  • docker-compose: Orchestrate multi-container Docker apps

Runtime Scripts

Optional tools installed on-demand via setup.d/:

• Aztec: Privacy-first L2 (requires sys mode)
• WhisperX: Speech recognition with timestamps

Build

Configure

Edit .env to set versions and enable optional tools (copy from .env-example).

Build Images

make build      # Full image with X11 support
make build-tty  # TTY-only image (smaller, no X11)
make help       # All available targets

Customization

Dotfiles

• conf/ — Built-in configs, shipped with xendev source, baked into image
• conf.local/ — Your customizations go here; gitignored, volume-mapped at runtime

Both directories are stow'd to the user's home directory at container start (ex: conf.local/.aws/ → ~/.aws/).

cp -a conf.local-example conf.local

Notable files in conf.local/, for example:

File	Purpose
xendev/bash.sh	Custom env vars (GH_TOKEN, FLEEK_API_KEY, etc.)
xendev/directory_map.txt	Path mappings for tmux/kitty CWD preservation
.aicommits	aicommits configuration
.wakatime.cfg	Wakatime/Wakapi config
.aws/	AWS credentials

Git Config

Include xendev's git config conditionally:

# ~/.config/git/config
[includeIf "gitdir:/home/xendev"]
  path = ~/src/xendev/conf/gitconfig

Themes

Colorschemes are managed by tinty, providing unified theming across apps.

Set OPTIONS_THEME in .env for the image build-time default.

Neovim listens for theme changes and applies the corresponding native plugin (tokyonight, gruvbox) when available.

Change theme at runtime:

tinty cycle                          # cycle through preferred schemes
tinty apply base24-tokyo-night-dark  # or any scheme from `tinty list`

Tests

Verify terminal capabilities with scripts in test/:

./test/truecolor.sh  # Terminal color support
./test/glyphs.sh     # Nerd font rendering
./test/italics.sh    # Italic text
./test/gpg.sh        # GPG volume mapping