lawless-m/claude-skills
Overview
This skill implements the 9P2000 protocol for .NET to connect Windows and Linux hosts to 9front/Plan 9 services. It provides client and server components, authentication servers, and a CPU-style remote shell with namespace export. The projects include tools to serve directories, mount remote filesystems, run an auth daemon, and CPU into a 9front instance.
How this skill works
Nawin speaks the 9P2000 wire protocol and implements transport, protocol framing, client sessions, and server file-tree interfaces in C#. It includes auth implementations (none, simple, p9sk1, dp9ik) and an auth server that can be used by 9front for CPU logins. Command-line frontends let you run an interactive client, a FUSE/ProjFS mount, a file server replacement, and a remote CPU shell that can export local directories into the remote namespace.
When to use it
- Share a local directory to 9front/Plan 9 clients from a Windows or Linux host.
- Mount a 9P filesystem locally via FUSE (Linux) or ProjFS (Windows) for direct access.
- Run or test Plan 9 CPU-style remote shells into 9front using local authentication.
- Deploy an auth server to support p9sk1 or dp9ik authentication for 9front clients.
- Integrate /dev/draw or other device exports using the Jerq graphics component.
Best practices
- Run services on a high port (e.g. 5640) during development to avoid root privileges; use sudo only when needed.
- Use dp9ik for modern 9front setups and p9sk1 only when interacting with legacy Plan 9 systems.
- Run the auth server as a systemd service in production and manage keys under a secure ~/.nawin/keys location.
- When binding privileged port 564, either run with sudo or grant cap_net_bind_service to the published binary.
- Test CPU connections against a local 9front VM and point the client to the auth server port when using p9sk1/dp9ik.
Example use cases
- Expose /home/user/share to a 9front host: dotnet run --project Nawin.Serve -- -p 5640 --auth simple:matt:secret /home/matt/share
- List files on a remote 9front server: dotnet run --project Nawin.Cli -- -H 9front.local -u glenda -p password -a dp9ik ls /
- Mount a remote 9P filesystem on Linux with FUSE: dotnet run --project Nawin.Cli -- -H 9front.local -u glenda -a dp9ik mount -f /mnt/9front
- Start a local auth server: dotnet run --project Nawin.Auth -- serve --port 567 --authdom mydom --keys ~/.nawin/keys
FAQ
Use dp9ik for modern 9front deployments; it uses ChaCha20-Poly1305 and PBKDF2 for stronger security.
How do I avoid running as root for port 564?
Use a high port such as 5640 during development or publish the binary and grant cap_net_bind_service to allow binding 564 without root.
Can I export a local directory into a CPU session?
Yes. Use Nawin.Cpu with the --export option to make a local directory visible inside the remote namespace.