Tools on hxmn.devhttps://hxmn.dev/tools/Recent content in Tools on hxmn.devHugo -- gohugo.ioen-usThu, 16 Apr 2026 10:00:00 +0300My Networking Setuphttps://hxmn.dev/tools/my-networking-setup/Thu, 16 Apr 2026 10:00:00 +0300https://hxmn.dev/tools/my-networking-setup/<p>I run machines in a few different places — a home lab, a cloud VPS, a laptop that travels with me. Keeping them all on one coherent private network, with stable names and encrypted transport, is the thing I did not want to think about every day. This page collects the pieces I landed on.</p> <h2 id="service-connectivity"><a href="#service-connectivity" class="header-anchor"></a>Service Connectivity </h2><p>For the private network I use <a class="link" href="https://headscale.net/" target="_blank" rel="noopener" >headscale</a> — an open-source, self-hosted implementation of the Tailscale control server. Clients are the unmodified Tailscale clients; only the coordination server is mine.</p> <pre class="mermaid" style="visibility:hidden">flowchart LR HS[Headscale<br/>control server] subgraph tailnet [Tailnet] L[Laptop] V[Cloud VPS] R[Subnet router<br/>home lab] end DB[(Postgres<br/>10.0.0.5)] D[DERP relay] L -. keys / ACLs .-> HS V -. keys / ACLs .-> HS R -. keys / ACLs .-> HS L <== WireGuard ==> V L <== WireGuard ==> R R --> DB L <-. fallback .-> D V <-. fallback .-> D</pre><p>The control plane (dotted lines) only hands out keys and policy; all service traffic (thick lines) is direct WireGuard between peers. DERP is a relay used only when a direct path cannot be established.</p> <h3 id="why-headscale"><a href="#why-headscale" class="header-anchor"></a>Why headscale </h3><ul> <li><strong>Sovereignty.</strong> Account, keys, and ACLs live on a box I control. No SaaS account to expire, no per-device limits, no upstream outage breaking my mesh re-keying.</li> <li><strong>Zero-config client side.</strong> Every node — macOS, Linux, iOS, router — runs the same Tailscale client I would use anyway. No custom builds.</li> <li><strong>WireGuard underneath.</strong> Fast, modern, encrypted by default. I do not run a classic VPN gateway.</li> </ul> <h3 id="typical-deployment"><a href="#typical-deployment" class="header-anchor"></a>Typical deployment </h3><p>The server is a small VPS with a public IP. A single Go binary (<code>headscale serve</code>) listens on <code>localhost:8080</code> and a reverse proxy (Caddy, in my case) terminates TLS for <code>https://headscale.example.com</code>. Configuration lives in <code>/etc/headscale/config.yaml</code> — the defaults are close enough that I only touched a handful of fields:</p> <ul> <li><code>server_url</code> — the public URL.</li> <li><code>listen_addr</code> — loopback, since Caddy fronts it.</li> <li><code>ip_prefixes</code> — the CGNAT range for the tailnet (the default <code>100.64.0.0/10</code> is fine).</li> <li><code>dns.magic_dns: true</code> — so every node gets a stable DNS name inside the tailnet.</li> </ul> <p>State is a single SQLite file; backing it up is <code>cp</code>.</p> <h3 id="onboarding-a-node"><a href="#onboarding-a-node" class="header-anchor"></a>Onboarding a node </h3><ol> <li>Create a user on the control server: <code>headscale users create ilya</code>.</li> <li>Issue a short-lived pre-auth key: <code>headscale preauthkeys create -u ilya --expiration 1h</code>.</li> <li>On the new node: <code>tailscale up --login-server https://headscale.example.com --authkey &lt;key&gt;</code>.</li> </ol> <p>That is the whole provisioning flow. The node joins the mesh, picks up its tailnet address, and is reachable by MagicDNS name from every other node.</p> <h3 id="reaching-services"><a href="#reaching-services" class="header-anchor"></a>Reaching services </h3><p>With the mesh in place, service connectivity becomes boring in the best way:</p> <ul> <li><strong>Stable names.</strong> A Postgres instance on a home-lab host is just <code>homelab-db:5432</code> from anywhere on the tailnet.</li> <li><strong>ACLs.</strong> Headscale supports Tailscale-style policy files. I scope which tags can reach which ports — the laptop can reach <code>tag:dev</code>, CI runners can reach <code>tag:infra</code>, nothing else.</li> <li><strong>Subnet routers.</strong> A single node advertises <code>10.0.0.0/24</code> from the home lab so I can reach devices that do not run Tailscale (a NAS, a switch&rsquo;s management interface).</li> <li><strong>No inbound ports.</strong> Services never need to be reachable on the public internet. WireGuard punches out; the control server only coordinates.</li> </ul> <h3 id="derp"><a href="#derp" class="header-anchor"></a>DERP </h3><p>Two nodes that cannot reach each other directly (both behind strict NATs) fall back to a DERP relay. I use Tailscale&rsquo;s public DERP pool for this — headscale lets me mix in my own later if I ever need guaranteed-path control, but I have not needed to.</p>My Neovim Setuphttps://hxmn.dev/tools/neovim-setup/Mon, 06 Apr 2026 11:00:00 +0300https://hxmn.dev/tools/neovim-setup/<p>I have been using Neovim as my primary editor for several years. The setup has gone through many iterations and landed on something minimal and fast.</p> <h2 id="philosophy"><a href="#philosophy" class="header-anchor"></a>Philosophy </h2><p>Less is more. Every plugin must earn its place. If I can do it with a keymap and a built-in command, I skip the plugin.</p> <h2 id="core-plugins"><a href="#core-plugins" class="header-anchor"></a>Core Plugins </h2><ul> <li><strong>lazy.nvim</strong> — plugin manager. Lazy-loads everything.</li> <li><strong>nvim-lspconfig</strong> — LSP configuration for gopls, typescript-language-server, lua_ls.</li> <li><strong>nvim-cmp</strong> — completion engine. Sources: LSP, buffer, path.</li> <li><strong>treesitter</strong> — syntax highlighting, text objects, incremental selection.</li> <li><strong>telescope.nvim</strong> — fuzzy finder for files, grep, LSP symbols.</li> <li><strong>oil.nvim</strong> — file explorer as a buffer. Edit the filesystem like text.</li> </ul> <h2 id="lsp-configuration"><a href="#lsp-configuration" class="header-anchor"></a>LSP Configuration </h2><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-lua" data-lang="lua"><span class="line"><span class="cl"><span class="kd">local</span> <span class="n">lspconfig</span> <span class="o">=</span> <span class="n">require</span><span class="p">(</span><span class="s1">&#39;lspconfig&#39;</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">lspconfig.gopls</span><span class="p">.</span><span class="n">setup</span><span class="p">({</span> </span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">gopls</span> <span class="o">=</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">analyses</span> <span class="o">=</span> <span class="p">{</span> <span class="n">unusedparams</span> <span class="o">=</span> <span class="kc">true</span> <span class="p">},</span> </span></span><span class="line"><span class="cl"> <span class="n">staticcheck</span> <span class="o">=</span> <span class="kc">true</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="p">},</span> </span></span><span class="line"><span class="cl"> <span class="p">},</span> </span></span><span class="line"><span class="cl"><span class="p">})</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">lspconfig.ts_ls</span><span class="p">.</span><span class="n">setup</span><span class="p">({})</span> </span></span></code></pre></div><h2 id="key-mappings"><a href="#key-mappings" class="header-anchor"></a>Key Mappings </h2><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-lua" data-lang="lua"><span class="line"><span class="cl"><span class="n">vim.keymap</span><span class="p">.</span><span class="n">set</span><span class="p">(</span><span class="s1">&#39;n&#39;</span><span class="p">,</span> <span class="s1">&#39;gd&#39;</span><span class="p">,</span> <span class="n">vim.lsp</span><span class="p">.</span><span class="n">buf.definition</span><span class="p">)</span> </span></span><span class="line"><span class="cl"><span class="n">vim.keymap</span><span class="p">.</span><span class="n">set</span><span class="p">(</span><span class="s1">&#39;n&#39;</span><span class="p">,</span> <span class="s1">&#39;gr&#39;</span><span class="p">,</span> <span class="n">vim.lsp</span><span class="p">.</span><span class="n">buf.references</span><span class="p">)</span> </span></span><span class="line"><span class="cl"><span class="n">vim.keymap</span><span class="p">.</span><span class="n">set</span><span class="p">(</span><span class="s1">&#39;n&#39;</span><span class="p">,</span> <span class="s1">&#39;K&#39;</span><span class="p">,</span> <span class="n">vim.lsp</span><span class="p">.</span><span class="n">buf.hover</span><span class="p">)</span> </span></span><span class="line"><span class="cl"><span class="n">vim.keymap</span><span class="p">.</span><span class="n">set</span><span class="p">(</span><span class="s1">&#39;n&#39;</span><span class="p">,</span> <span class="s1">&#39;&lt;leader&gt;rn&#39;</span><span class="p">,</span> <span class="n">vim.lsp</span><span class="p">.</span><span class="n">buf.rename</span><span class="p">)</span> </span></span><span class="line"><span class="cl"><span class="n">vim.keymap</span><span class="p">.</span><span class="n">set</span><span class="p">(</span><span class="s1">&#39;n&#39;</span><span class="p">,</span> <span class="s1">&#39;&lt;leader&gt;ca&#39;</span><span class="p">,</span> <span class="n">vim.lsp</span><span class="p">.</span><span class="n">buf.code_action</span><span class="p">)</span> </span></span></code></pre></div><h2 id="what-i-skipped"><a href="#what-i-skipped" class="header-anchor"></a>What I Skipped </h2><p>No file tree (oil.nvim is better). No status line plugin (the built-in one is fine). No git gutter (I use the CLI). No AI completion (I prefer explicit requests).</p>Taskfile: A Modern Alternative to Makehttps://hxmn.dev/tools/taskfile/Sat, 04 Apr 2026 14:00:00 +0300https://hxmn.dev/tools/taskfile/<p>Makefiles work. They have worked for decades. But they have sharp edges — tab sensitivity, implicit rules, <code>.PHONY</code> everywhere, and arcane syntax for anything beyond the basics.</p> <p>Taskfile is a YAML-based task runner that does what most people actually use Make for, without the footguns.</p> <h2 id="installation"><a href="#installation" class="header-anchor"></a>Installation </h2><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">brew install go-task </span></span></code></pre></div><h2 id="basic-taskfile"><a href="#basic-taskfile" class="header-anchor"></a>Basic Taskfile </h2><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s1">&#39;3&#39;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nt">tasks</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">build</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">desc</span><span class="p">:</span><span class="w"> </span><span class="l">Build the application</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cmds</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">go build -o bin/app ./cmd/app</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">test</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">desc</span><span class="p">:</span><span class="w"> </span><span class="l">Run all tests</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cmds</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">go test ./...</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">lint</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">desc</span><span class="p">:</span><span class="w"> </span><span class="l">Run linters</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cmds</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">golangci-lint run</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">dev</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">desc</span><span class="p">:</span><span class="w"> </span><span class="l">Run with live reload</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">deps</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="l">build]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cmds</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">air</span><span class="w"> </span></span></span></code></pre></div><h2 id="what-i-like"><a href="#what-i-like" class="header-anchor"></a>What I Like </h2><p><strong>Variables and environment files:</strong></p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">tasks</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">deploy</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">dotenv</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s1">&#39;.env&#39;</span><span class="p">]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cmds</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">flyctl deploy --app {{.APP_NAME}}</span><span class="w"> </span></span></span></code></pre></div><p><strong>Task dependencies with parallelism:</strong></p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">tasks</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ci</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">deps</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="l">lint, test, build]</span><span class="w"> </span></span></span></code></pre></div><p>Dependencies run in parallel by default. No need to wire up <code>&amp;</code> and <code>wait</code>.</p> <p><strong>Conditional execution:</strong></p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">tasks</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">generate</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">sources</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s1">&#39;proto/**/*.proto&#39;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">generates</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s1">&#39;gen/**/*.go&#39;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cmds</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">buf generate</span><span class="w"> </span></span></span></code></pre></div><p>The task only runs if source files are newer than generated files.</p> <h2 id="when-to-keep-make"><a href="#when-to-keep-make" class="header-anchor"></a>When to Keep Make </h2><p>If your project already has a Makefile and the team is comfortable with it, switching gains you nothing. Taskfile shines on new projects and for teams that are tired of debugging tab-vs-space issues.</p>Nix for Reproducible Dev Environmentshttps://hxmn.dev/tools/nix-for-dev-environments/Thu, 02 Apr 2026 10:00:00 +0300https://hxmn.dev/tools/nix-for-dev-environments/<p>Every project has a list of dependencies: Go 1.22, Node 20, PostgreSQL 16, protoc, golangci-lint. The traditional approach is a wiki page that says &ldquo;install these things.&rdquo; It is always out of date.</p> <p>Nix solves this by declaring dependencies in a file that deterministically provides the exact versions you need, isolated from the rest of your system.</p> <h2 id="getting-started-with-devenv"><a href="#getting-started-with-devenv" class="header-anchor"></a>Getting Started with devenv </h2><p>devenv is a friendly wrapper around Nix for development environments. Install it:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">nix-env -iA devenv -f https://github.com/NixOS/nixpkgs/tarball/nixpkgs-unstable </span></span></code></pre></div><p>Create a <code>devenv.nix</code> in your project:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="p">{</span> <span class="n">pkgs</span><span class="o">,</span> <span class="o">...</span> <span class="p">}:</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">languages</span><span class="o">.</span><span class="n">go</span><span class="o">.</span><span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="n">languages</span><span class="o">.</span><span class="n">go</span><span class="o">.</span><span class="n">package</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">go_1_22</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="n">packages</span> <span class="o">=</span> <span class="p">[</span> </span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">golangci-lint</span> </span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">buf</span> </span></span><span class="line"><span class="cl"> <span class="n">pkgs</span><span class="o">.</span><span class="n">postgresql_16</span> </span></span><span class="line"><span class="cl"> <span class="p">];</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="n">services</span><span class="o">.</span><span class="n">postgres</span> <span class="o">=</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="n">initialDatabases</span> <span class="o">=</span> <span class="p">[{</span> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;myapp&#34;</span><span class="p">;</span> <span class="p">}];</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><p>Enter the environment:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">devenv shell </span></span></code></pre></div><p>You now have the exact Go version, tools, and a running PostgreSQL instance. No global installs. No version conflicts.</p> <h2 id="direnv-integration"><a href="#direnv-integration" class="header-anchor"></a>direnv Integration </h2><p>Add a <code>.envrc</code> file:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">use devenv </span></span></code></pre></div><p>Now every time you <code>cd</code> into the project, your shell automatically loads the right tools. Leave the directory, and they disappear.</p> <h2 id="why-this-matters"><a href="#why-this-matters" class="header-anchor"></a>Why This Matters </h2><ul> <li>New team members run <code>devenv shell</code> and they are ready. No setup docs.</li> <li>CI uses the same Nix definitions, so local and CI environments are identical.</li> <li>Upgrading a tool is a one-line change in <code>devenv.nix</code>, reviewed in a PR like any other code change.</li> </ul>