Dotfiles

My personal dotfiles for macOS and Linux, managed with chezmoi and secured with age encryption.

Recommendations

1. Fork the repository's main branch.
2. Follow the instructions below to set up your environment.
3. Create a personal/me/private branch, and all personal data needs to be stored in this new branch. Then push this branch to your repo.
4. Use your personal develop branch between your setups.

Prerequisites

• chezmoi
• age
• 1Password and 1Password CLI

Quick Install

sh -c "$(curl -fsLS get.chezmoi.io)" -- init --branch main --apply maxclax

Manual Installation

1. Install chezmoi:

sh -c "$(curl -fsLS get.chezmoi.io)"

2. Initialize chezmoi:

chezmoi init --branch main https://github.com/maxclax/dotfiles.git

Security Setup (in your own branch)

1. Generate age Key (First Time Setup)

chezmoi cd ~
age-keygen | age --armor --passphrase > key.txt.age

Next use to add data in chezmoi.toml Encryption

2. Configure 1Password (only once in account)

Create required 1Password entries:

# Create secure note with git and GitHub configuration
op item create --category="Secure Note" --title="chezmoi-data" \
  git-config-name="YOUR_NAME" \
  git-config-email="YOUR_EMAIL" \
  github-username="YOUR_GITHUB_USERNAME" \
  github-email="YOUR_GITHUB_EMAIL" \
  github-signing-key="YOUR_SSH_SIGNING_KEY" \
  key-pub-key="YOUR_AGE_PUB_KEY" \
  borg-encryption-passphrase="YOUR_BORG_ENCRYPTION_PASSPHRASE" \
  atuin-username="YOUR_ATUIN_USERNAME" \
  atuin-password="YOUR_ATUIN_PASSWORD" \

3. Sign in to 1Password CLI

op signin

Usage

Apply Configuration

chezmoi apply

Update Configuration

# Pull and apply updates
chezmoi update

# Edit configuration
chezmoi edit

# See pending changes
chezmoi diff

# Add new files
chezmoi add FILE

# Add new files with encryption
chezmoi add --encrypt FILE

Features

• 🔒 Encrypted sensitive data using age
• 🔑 Secure credential management with 1Password
• 📝 Git configuration with SSH signing
• 🐳 Container setup (Podman/Docker)
• 🚀 Development environment configurations
• 📦 Package management
• 🔧 Various tool configurations
• 🗄️ Automated backups with Borgmatic

Extra

Backup

Initialize repository

borgmatic init --encryption=repokey ssh://[email protected]:23/./backups/DIR

To manually run a backup with Borgmatic, use the following command:

borgmatic --verbosity 1 --progress
# or with a specific configuration file
borgmatic --config ~/.config/borgmatic.d/git.yaml --dry-run --verbosity 1 --progress

Check Backup Integrity

borgmatic check

Restore from a Backup

borgmatic extract --archive latest --destination /path/to/restore

List Backups

borgmatic list

Prune Old Backups

borgmatic prune

Atuin Login

To manually log in to Atuin using credentials stored in 1Password, run the following command:

atuin login --username "$(op read op://Private/chezmoi-data/atuin-username)" --password "$(op read op://Private/chezmoi-data/atuin-password)"