dotfiles

See GitHub does dotfiles.

Features

• apt.sh: Updates and installs Apt packages.
• btop.sh: Installs btop from source for GPU monitoring.
• bun.sh: Installs Bun for your OS and arch.
• chsh.sh: Sets the default shell for the current user.
• deb.sh: Installs Deb packages from GitHub.
• deno.sh: Installs Deno for your OS and arch.
• fish.sh: Installs Fish from the fish-shell PPA.
• fnm.sh: Installs Fast Node Manager from GitHub.
• go.sh: Installs Go for your OS and arch.
• homebrew.sh: Installs Homebrew for macOS.
• link.sh: Recursively symlinks files.
• magick.sh: Installs ImageMagick from GitHub.
• nerdfont.sh: Installs a Nerdfont.
• rust.sh: Installs Rust via Rustup for your OS and arch.
• sudoers.sh: Adds a user to the sudoers file.
• user.sh: Creates a passwordless user.
• uv.sh: Installs uv and uvx from GitHub.

Installation

git clone https://gh.aef.me/dotfiles.git
./dotfiles/install.sh

Usage

Secrets

All shell *rc files source ~/.secrets if it exists. This file should be a series of export VAR=val statements.

Git

Most settings are in .config/git/config. The rest go in ~/.gitconfig:

[user]
	name = <your_name>
	email = <your_email>
	signingkey = <your_key>
[commit]
	gpgsign = true

See the git config docs for how the files are resolved.

Authentication

Create ~/.git-credentials with:

https://<your_username>:<your_token>@github.com

GPG

GNU Privacy Guard is the de facto implementation of the OpenPGP (Pretty Good Privacy) standard. This is how I use it to sign commits.

Generate a key

# install gnupg if necessary
sudo apt install -y gnupg

# you'll be asked a few questions, respond with:
#   1. RSA and RSA
#   2. 4096
#   3. 0 (does not expire)
# then enter your full name and email address; passphrase can be left empty
gpg --full-generate-key

# this command prints the ID of the key associated with your email address
# you can also use the fingerprint, which is a hash of the public key
gpg --list-keys --with-colons $YOUR_EMAIL | tr ' ' '\n' | grep '^pub' | cut -d':' -f5

# the armor flag outputs ASCII (text) instead of binary ("ASCII armor")
# add your email in a comment so you know what the key is for
gpg --armor --comment $YOUR_EMAIL --export $YOUR_EMAIL > your.pub.key
gpg --armor --comment $YOUR_EMAIL --export-secret-keys $YOUR_EMAIL > your.sec.key

Import a key

If you just made the key, then it is already in the keychain of the computer you made it on. Here's how to import the secret key everywhere else:

cat your.sec.key | gpg --import

Now you have to trust the key so you can sign with it:

# get the 16-digit key ID again
YOUR_KEY=$(gpg --list-keys --with-colons $YOUR_EMAIL | tr ' ' '\n' | grep '^pub' | cut -d':' -f5)

# enter the following:
#   1. trust (type out the word "trust")
#   2. 5
#   3. y
#   4. quit
gpg --edit-key $YOUR_KEY

Sign commits

Put this in ~/.gitconfig:

[commit]
	gpgsign = true

Finally, you need to let GitHub know about your key. You can do it through the website or gh if you have the GPG scope on your token.

gh gpg-key add /path/to/your.pub.key

Windows

The steps are similar to Linux, but you need to install Gpg4win. Here's how to get the key ID:

$yourKey = gpg --list-keys --with-colons $yourEmail |
Where-Object { $_.StartsWith('pub:') } |
ForEach-Object { ($_ -split ':')[4] }

Inspiration

• jessfraz/dotfiles
• holman/dotfiles