- Some macOS settings are changed in the
..macos-settings.shChezmoi script in.chezmoiscripts/.
These are not installed by chezmoi, so must be installed manually.
- Docker
- YabaiIndicator
- Firefox extensions:
- Sidebery (horizontal tabs)
- Vimium
- Firenvim
[!TODO]
- Currently we have to manually sync any changes to workflow yamls. If we change workflow in private repo and try to sync, we get a permission error even though repos appear to be configured to allow bots to change workflows.
- Finish setup for handling no error on empty diff between private and public.
- Add step to
rm -fencrypted_chezmoi files before committing to public, making clone and initial setup easier for others.
- Initialize a local repo:
git init. - Copy
.github/to the local public repo. - Commit and push to remote public repo.
- Run 'Initial Public Repo Setup' action on GitHub in the public repo.
We have a pre-commit hook that scans for secrets with gitleaks on every commit. This is installed with our Homebrew packages and set up with .pre-commit-config.yaml, .gitleaksignore, and run_after_2-install-various.sh.
-
Save
jsonextra.tmplin root dir:[{{ $lastFinding := (sub (len . ) 1) }} {{- range $i, $finding := . }}{{with $finding}} { "Description": {{ quote .Description }}, "StartLine": {{ .StartLine }}, "EndLine": {{ .EndLine }}, "StartColumn": {{ .StartColumn }}, "EndColumn": {{ .EndColumn }}, "Line": {{ quote .Line }}, "Match": {{ quote .Match }}, "Secret": {{ quote .Secret }}, "File": "{{ .File }}", "SymlinkFile": {{ quote .SymlinkFile }}, "Commit": {{ quote .Commit }}, "Entropy": {{ .Entropy }}, "Author": {{ quote .Author }}, "Email": {{ quote .Email }}, "Date": {{ quote .Date }}, "Message": {{ quote .Message }}, "Tags": [{{ $lastTag := (sub (len .Tags ) 1) }}{{ range $j, $tag := .Tags }}{{ quote . }}{{ if ne $j $lastTag }},{{ end }}{{ end }}], "RuleID": {{ quote .RuleID }}, "Fingerprint": {{ quote .Fingerprint }} }{{ if ne $i $lastFinding }},{{ end }} {{- end}}{{ end }} ] -
Run
gitleaks git --report-path "gitleaks-report.json" --report-format template --report-template jsonextra.tmpl
- "Source state" refers to the dirs/files in the chezmoi directory.
- "Destination state" refers to the current dirs/files in local environment.
- "Target state" refers to the desired dir/file state that chezmoi will apply to the local environment.
- Setting up externally modified files (e.g. settings which programs can alter at runtime, see
btop.conforkarabiner.json) chezmoi edit <file>will open the file in the editor specified in theEDITORenvironment variable.chezmoi applywill apply the changes to the "source" files.chezmoi diffwill show the differences between the "source" files and the "destination" files.chezmoi cdwill change the working directory to the chezmoi directory.chezmoi updatewill pull from the chezmoi repository and apply the changes.sh -c "$(curl -fsLS get.chezmoi.io)" -- init --apply [email protected]:krbylit/dotfiles.gitwill install chezmoi and apply our configs on a new machine.
- https://www.chezmoi.io/user-guide/password-managers/1password/#1password-connect
- Using 1Pass Service Accounts, Chezmoi must be configured for
onepassword.mode="service"in the.chezmoi.toml OP_SERVICE_ACCOUNT_TOKENmust be set in environment or chezmoi will stop with an error
- Files encrypted with a passphrase
- With the setup in
.chezmoi.toml, chezmoi will prompt for the passphrase once first timechezmoi initis run, then will store the passphrase in the config file on the local machine - To edit encrypted files, we must use the typical Chezmoi workflow of
chezmoi edit <file>sincechezmoi.nvimwill not work with encrypted files.
- We have various config aliases in
fish/functions/. For nvim, runvc. - Since we have
chezmoi.nvim, any saved changes to files made with nvim in~/.local/share/chezmoiwill be automatically applied to the target state, so we don't need to runchezmoi applyafterwards.