Can we do this without forcing everyone onto VS Code?

Yes. Default to devcontainers because they remove the most friction for the most people. If some developers prefer Neovim/JetBrains, they can attach to the running container or use Nix. Don’t staff alternative paths; support the default.

What about teams already deep into Nix?

If you have Nix competence, it’s a great paved road—reproducible, editor-agnostic. Start with a flake that installs the same toolchain CI uses. The trade-off is ramp-up and maintenance. For orgs new to Nix, we recommend devcontainers first, then consider Nix later.

How do we keep secrets safe locally?

Use short-lived credentials and tools like 1Password CLI, aws-vault, or sops. Never bake secrets into images. Provide `make login` targets that fetch credentials on demand and expire automatically.

Will this slow down local dev because of Docker?

Not if you keep images slim, use layer caching, and avoid heavy Docker Desktop defaults. On macOS, Colima performs well. For CPU-heavy tasks, run tests inside the container to maintain parity and predictable performance.

How do we prevent template drift over time?

Treat the template like code: owners, versioned releases, CHANGELOG, and an upgrade guide. Periodically run repo-wide updates via tooling (e.g., Renovate for base images, a simple script for Makefile targets). Enforce deviations via lightweight design review.

Platform-productivity · Nov 30, 2025 · 10 minute read

Stop Burning Sprints on Laptop Setup: A Paved-Road Dev Environment That Just Works

Standardize your development environment, kill setup friction, and make “works on my machine” a relic. Favor boring defaults. Ship faster.

Back to all posts

Stop Burning Sprints on Laptop Setup: A Paved-Road Dev Environment That Just Works

Key takeaways

Implementation checklist