You can think of this repo as like a mini-Ansible playbook for setting up a new machine except it is pure Bash. Works on Debian and Mac.
Linux programs I use are listed in install.sh while the Mac ones are in mac/.Brewfile.
git clone https://gh.aef.me/dotfiles.git
./dotfiles/install.shapt.sh: Updates and installs Apt packages.btop.sh: Installs btop from source for GPU monitoring.bun.sh: Installs Bun for your OS and arch.chsh.sh: Sets the default shell for the current user.clean.sh: Undoeslink.sh.clone.sh: Clones GitHub repos to$HOME.deb.sh: Installs Deb packages from GitHub Releases.deno.sh: Installs Deno with completions for your OS and arch.fish.sh: Installs Fish from the fish-shell PPA.go.sh: Installs Go for your OS and arch.homebrew.sh: Installs Homebrew for macOS.link.sh: Recursively symlinks files.miniforge.sh: Installs Miniforge for your OS and arch.nerdfont.sh: Installs a Nerdfont.node.sh: Installs Node LTS via NVM.python.sh: Installs Python and Pipx via PyEnv.rust.sh: Installs Rust via Rustup for your OS and arch.sudoers.sh: Adds a user to the sudoers file.
All shell *rc files source ~/.secrets if it exists. This file should be a series of export VAR=val statements. Git ignored.
Most settings are in .config/git/config. The rest go in ~/.gitconfig:
[user]
name = <your_name> # required
email = <your_email> # required
signingkey = <your_key>
[diff]
tool = <smerge|code>
[merge]
tool = <smerge|code>
[commit]
gpgsign = trueSee the git config docs for details on how the files are resolved.
GNU Privacy Guard is the de facto implementation of the OpenPGP (Pretty Good Privacy) standard. I use it so my Git commits are signed.
# install gnupg if necessary
# it's the same package in Homebrew
sudo apt install -y gnupg
# you'll be asked a few questions:
# 1. RSA and RSA
# 2. 4096
# 3. 0 (does not expire)
# then enter your full name and email address; passphrase can be left empty
gpg --full-generate-key
# this command prints the ID of the key associated with your email address
# (you can also use the fingerprint, which is a hash of the public key)
gpg --list-keys --with-colons $YOUR_EMAIL | tr ' ' '\n' | grep '^pub' | cut -d':' -f5
# export the keys and write them by hand on a piece of paper
# the armor flag outputs ASCII (text) instead of binary ("ASCII armor")
# add your email in a comment so you know what the key is for
gpg --armor --comment $YOUR_EMAIL --export $YOUR_EMAIL > your.pub.key
gpg --armor --comment $YOUR_EMAIL --export-secret-keys $YOUR_EMAIL > your.sec.keyIf you just made the key, then it is already in the keychain of the computer you made it on. Here's how to import the secret key everywhere else:
cat your.sec.key | gpg --importNow you have to trust the key so you can sign with it:
# get the 16-digit key ID again
YOUR_KEY=$(gpg --list-keys --with-colons $YOUR_EMAIL | tr ' ' '\n' | grep '^pub' | cut -d':' -f5)
# enter the following:
# 1. trust (type out the word "trust")
# 2. 5
# 3. y
# 4. quit
gpg --edit-key $YOUR_KEYPut this in ~/.gitconfig:
[commit]
gpgsign = trueFinally, you need to let GitHub know about your key. You can do it through the website or gh if you have GPG scope on your GH_TOKEN.
gh gpg-key add /path/to/your.pub.key