samuel/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
48 commits 1 branch 0 tags 240 KiB
Find a file
Exact
Samuel Mellert 30643accd4
 feat(midnight-commander): Add midnight-commander configuration + skin
2026-02-08 21:43:27 +01:00
.githooks feat(secrets): Add git pre-commit hook to ensure secrets are up-to-date 2025-12-30 10:36:16 +01:00
files feat(midnight-commander): Add midnight-commander configuration + skin 2026-02-08 21:43:27 +01:00
roles feat(midnight-commander): Add midnight-commander configuration + skin 2026-02-08 21:43:27 +01:00
secrets fix(m1): Add ssh config for m1 2026-02-05 08:15:22 +01:00
.gitignore feat(lazygit): Add lazygit configuration 2025-12-30 09:40:27 +01:00
.sops.yaml Add base setup with dev-tools (ssh, git, terminal emulators, prompt) 2025-12-28 22:15:28 +01:00
ansible.cfg Add initial bootstrap code 2025-12-28 18:38:39 +01:00
bootstrap.sh fix(sudo): Keep sudo alive for the duration of the script execution 2026-02-07 11:39:40 +01:00
inventory Add initial bootstrap code 2025-12-28 18:38:39 +01:00
playbook.yml feat(midnight-commander): Add midnight-commander configuration + skin 2026-02-08 21:43:27 +01:00
PROJECT_MISSION.md Add initial bootstrap code 2025-12-28 18:38:39 +01:00
README.md Update documentation 2025-12-30 08:45:38 +01:00
update_secrets.sh feat(secrets): Add git pre-commit hook to ensure secrets are up-to-date 2025-12-30 10:36:16 +01:00

README.md

Dotfiles 🚀

Automated, reproducible macOS development environment setup using Ansible, GNU Stow, Mise, and SOPS.

Quick Start

One-Liner (Recommended)

/bin/bash -c "$(curl -fsSL https://git.smlit.de/samuel/dotfiles/raw/branch/main/bootstrap.sh)"

Manual Setup

  1. Clone the repository:
git clone https://git.smlit.de/samuel/dotfiles.git ~/development/dotfiles
cd ~/development/dotfiles

  1. Ensure Age Key exists: Place your Age secret key at ~/.config/sops/age/keys.txt. This is required to decrypt secrets (Git identities, etc.).

  2. Run Bootstrap:

./bootstrap.sh
  • Installs Homebrew & Ansible (if missing).
  • Installs Core Tools & Apps.
  • Symlinks Dotfiles.
  • Decrypts Secrets.

Manual Steps

Due to macOS security restrictions (TCC/SIP), some things cannot be automated:

  1. Full Disk Access: Grant "Full Disk Access" to your terminal (Ghostty/Kitty/WezTerm) in System Settings -> Privacy & Security.
  2. WireGuard: Open the WireGuard app and import tunnels from ~/development/dotfiles/files/wireguard/.
  3. Safari Extensions: Enable 1Password and AdGuard extensions in Safari Settings.

🏗 Architecture

  • Orchestration: Ansible (Local Playbook).
  • Package Management:
    • Homebrew: GUI Apps (Casks) & CLI Utilities (git, starship, atuin).
    • Mise: Runtimes (node, python, go) & Infra Tools (sops, age, direnv). pinned versions.
  • Dotfile Management: GNU Stow.
    • Symlinks configurations from files/ to ~/.config/ or ~/.
  • Secrets: SOPS + Age.
    • Encrypted files live in secrets/.
    • Decrypted on bootstrap to files/ (gitignored).

🛠 Features

Shell & Terminal

  • Terminals: Configurations for Ghostty, Kitty, and WezTerm.
  • Shell: Zsh with starship prompt, atuin history, zoxide navigation, and eza ls-replacement.

Git Setup

  • Identity Management: Context-aware configs via [includeIf].
  • Signing: SSH Signing configured via 1Password.
  • Aliases: Pre-configured shortcuts (git s, git co, git lg).

🔐 Secrets Workflow

To update a secret:

  1. Edit the plaintext file locally (e.g. files/git/.config/git/identity-work).
  2. Run the update script to re-encrypt into secrets/: 
    ./update_secrets.sh
  3. Commit the changes in secrets/.

📂 Repository Structure

├── bootstrap.sh        # Entry point
├── playbook.yml        # Main Ansible Playbook
├── inventory           # Localhost definition
├── roles/
│   ├── core/           # Brew, Mise, MAS
│   ├── dotfiles/       # Stow, Secrets, Backups
│   └── term/           # (Deprecated/Merged)
├── files/              # Plaintext Configs (Stow Source)
└── secrets/            # Encrypted Secrets (SOPS Source)