There's no place like 🏡
This repository contains all the dotfiles I use on my work computer, which currently supports Arch Linux and macOS
All the files are managed using chezmoi, but the secrets and sensitive information are stored using pass
-
All OSes:
-
Arch Linux:
- yay (Arch Linux only)
- base-devel
- User sudo enabled
-
macOS:
-
Install needed software
-
Import my gpg keys
-
Clone password store
[email protected]:ribugent/$SECRETS.git ~/.password-store
-
Create
~/.config/chezmoi/chezmoi.toml
and fill it with the information[diff] command = "delta" args = ["--pager=never"] [data.git] name = "<your name>" [data.git.work] email = "<work email>" signkey = "<work gpg sign key>" remotePrefix = "<work git remote prefix>" [data.git.personal] email = "<personal email>" signkey = "<personal gpg sign key>" remotePrefix = "<personal git remote prefix>" [date.noisetorch] device_unit = "<microphone device unit>" device_name = "<microphone device name>"
-
Finally apply
chezmoi init --apply [email protected]:ribugent/dotfiles.git
Drop-in files for $PATH
management:
Set some default env variables in order to:
- (Linux only) Disable ugly GTK+ options
- (Linux only) Default(terminal) editor to
vim
- (Linux only) Set
$BROWSER
to usexdg-open
- Enable colors on man pages
- Aliases
Currently, I'm using oh-my-fish. The repo includes:
- Installs it automatically
- Trigger install when the packages list is updated
- Sets my favorite theme
- Setups globally my work information
- Setup specific dirs to use my personal information
- Enables company git hooks software only in specific dir
- Enables verbose doing commits
- Customize diff tool
- Customize colours
main
as a default branch on init- Use gitdelta as (terminal) diff viewer
- Use git-interactive-rebase-tool as interactive rebase tool
Set pinentry-qt
as the default pinentry program in Linux and set $GPG_TTY
environment variable to allow pinentry-curses working in macOS.
Disable ram consuming gradle daemon... I have 16GB of RAM, but it's not enough sometimes.
ℹ️ Linux Only
Automatically register and refresh jdk versions using systemd user units
Basic ssh configuration with known hosts and rendering work sensitive hosts from the secret store using a template.
ℹ️ Arch Linux Only
Installing automatically packages and optional package dependencies using yay, the lists can be found in [1] and [2].
Some drop-in configuration system files are installed using makepkg
:
- SDDM
- Enable HiDPI in Wayland
- Disable listening tcp connections in xorg
- Plasma Desktop settings
- Kernel parameters
- Hardening
- Restrict
dmesg
to root only - Disable
kexec
syscall - Restrict pointers in proc filesystem
- Restrict
- Set swappiness to 20
- Hardening
- Reflector: Options for selecting the mirrors
- Faillock: block accounts after 5 consecutive authentication failures
- Systemd resolved
- Disables default DNS servers
- Enable stub listener to be integrated with Docker (this solve issues DNS resolutions with custom domains on VPN connections)
- xorg: Enforce 1080p resolution on my Dell XPS 13 laptop with 4k screen
ℹ️ macOS Only
- Installing automatically packages from a Brewfile
- GNU coreutils and recent version of curl in
$PATH
- Fix keybindings for Home/End keys using a regular keyboard
- Quarantine bit auto-removal from few specific apps
- Setup qtpass to find out git and gpg utlities from brew
- Enable uptimed and locate services
- Enable fingerprint for sudo
ℹ️ Linux Only
- Installs ClamAV
- Enables update signatures services
- Tune up the daemon configuration
Set up daily scanning and reporting via notification
ℹ️ Linux Only
Enable the firewalld by default, and integrate the docker interface to the specified zone.
ℹ️ Linux Only
Set up dropdown terminal with Fira Code nerdfonts
ℹ️ macOS Only
Set up dropdown terminal with Fira Code nerdfonts
ℹ️ Linux Only
Setup system java, perl and python versions to avoid issues when building packages. Third-party account settings
- Increase AWS S3 concurrent requests
- Docker registries
- npm private registry
- Databricks service
For those who want to reuse these dotfiles, this requires the following structure:
Password Store
├── aws
│ ├── accountId -> password
│ └── region -> password
├── databricks
│ ├── prod -> password(api key), fields(host)
│ └── staging -> password(api key), fields(host)
├── docker
│ ├── dockerRegistry -> password(token)
│ └── githubRegistry -> password(token)
├── npm
│ └── github -> password(token)
└── ssh
├── hosts -> raw(json array equivalent of ssh regular config, see how is rendered in .chezmoitemplates/ssh_config_host )
└── keys
├── arch-aur -> raw(ssh key)
├── github -> raw(ssh key)
└── work -> raw(ssh key)
Every entry details how is stored the info, as password, password with fields or just raw; in brackets some clarifications are specified.