My personal dotfiles for macOS and Linux, managed with
chezmoi and Nix with
Home Manager. Secured with
age encryption and 1Password integration.
- Fork the repository's main branch.
- Follow the instructions below to set up your environment.
- Create a personal/private branch for your personal data and push to your repo.
- Use your personal develop branch between your setups.
- Nix package manager
- Home Manager
- chezmoi
- age
- 1Password and 1Password CLI
sh -c "$(curl -fsLS https://raw.githubusercontent.com/maxclax/dotfiles/main/install.sh)"-
Install chezmoi:
# brew install curl wget git # sudo apt update && sudo apt install -y curl wget git sh -c "$(curl -fsLS https://raw.githubusercontent.com/maxclax/dotfiles/main/.install-prerequisites.sh)"
-
Clone repository directly:
git clone https://github.com/maxclax/dotfiles.git ~/.local/share/chezmoi -
Copy and customize reference config:
# Create configuration directory mkdir -p ~/.config/chezmoi sed "s|USER_HOME|$HOME|g; s|USER|$USER|g" ~/.local/share/chezmoi/.reference-chezmoi.toml > ~/.config/chezmoi/chezmoi.toml
-
Apply configuration:
chezmoi apply
chezmoi add --encrypt FILE
Create required 1Password entries:
# Create secure note with git and GitHub configuration
op item create --category="Secure Note" --title="chezmoi-data" \
git-config-name="YOUR_NAME" \
git-config-email="YOUR_EMAIL" \
github-username="YOUR_GITHUB_USERNAME" \
github-email="YOUR_GITHUB_EMAIL" \
github-signing-key="YOUR_SSH_SIGNING_KEY" \
github-access-token="YOUR_GITHUB_ACCESS_TOKEN" \
key-pub-key="YOUR_AGE_PUB_KEY" \
borg-repo="YOUR_BORG_REPO" \
borg-encryption-passphrase="YOUR_BORG_ENCRYPTION_PASSPHRASE" \
atuin-username="YOUR_ATUIN_USERNAME" \
atuin-password="YOUR_ATUIN_PASSWORD" \
pushover-token="YOUR_PUSHOVER_TOKEN" \
pushover-user-key="YOUR_PUSHOVER_USER_KEY"op signin# Apply dotfiles configuration
chezmoi apply
# See what changes would be applied
chezmoi diff
# Pull and apply updates from repository
chezmoi update
# Add new files to be managed
chezmoi add FILE
# Add encrypted files
chezmoi add --encrypt FILE# See what packages will change
make hm_diff
# Update Home Manager packages and flake
make hm_update
# Commit flake.lock changes after update
make hm_commit
# List all installed packages
make hm_list
# Rollback to previous generation
make hm_rollback
# Clean old generations and garbage collect
make hm_clean# Update all apps and packages (macOS)
make update_apps
# Update macOS system software
make update_os- π¦ Nix + Home Manager: Declarative package management across platforms
- π Age encryption: Encrypted sensitive data with symmetric keys
- π 1Password integration: Secure credential management via CLI
- π Git configuration: SSH signing with automated setup
- π³ Container support: Podman/Docker development environments
- π§ Shell configurations: Zsh, Bash with Starship prompt and Atuin history
- ποΈ Automated backups: Borgmatic with encrypted repositories
- π₯οΈ Cross-platform: macOS and Linux support with platform detection
borgmatic init --encryption=repokey ssh://user@your-storagebox.de:23/./backups/DIRborgmatic --verbosity 1 --progress
# or with a specific configuration file
borgmatic --config ~/.config/borgmatic.d/git.yaml --dry-run --verbosity 1 --progressborgmatic checkborgmatic extract --archive latest --destination /path/to/restoreborgmatic listborgmatic prune# Start tmux development environment
make env
# Kill tmux session
make tkill
Atuin is automatically configured through Nix. To manually log in using 1Password credentials:
atuin login --username "$(op read op://Private/chezmoi-data/atuin-username)" \
--password "$(op read op://Private/chezmoi-data/atuin-password)"