WAARNING: Things are broken while I re-organise
This repository contains scripts to set up my configuration, tools and environment on all of my computers. The scope is limited to tools and configuration specific to my user account; I maintain separate provisioning for fixed-purpose computers.
With it, I can be productive within 10 minutes of encountering a new or re-installed PC.
The focus is on functionality. Features are only added, in minimal form, if I use them regularly. I try to avoid large frameworks/distributions such as oh-my-zsh.
Generally I mirror the support status of Ubuntu, NixOS, Raspian, Arch, MacOS and Fedora on an ad-hoc basis; this means there's no guarantee that the provisioning will work first try, but at least 95% of the work is done on a new machine.
I may utilise Nix instead of native package management in future for all OSes.
Historically, this repository was organised by OS, architecture and system vs. user dependencies and configuration. This did not work well with multiple OSes, architectures and Nix; I'm now moving to an OS based system that does not distinguish between system and user configuration, because it's just for the user, me!
I have separate configuration for my servers, gaming PC, work machines, etc.
General Tools
Purpose | Tool(s) | Comments |
---|---|---|
Task management | dstask | See section on time management below. Another mental offload -- see GTD |
Text editing | vim / neovim | FZF integration with gruvbox theme and polyglot syntax pack. |
Password management | pass | Secured with Yubikey and GnuPG2, synchronised with git. Mental offload as it is no longer necessary to remember dozens of passwords. Browserpass used for Firefox integration. |
Code search | ripgrep + fzf | See rgfzf and nvimfzf commands in scripts/ and bindings below. |
Version control | git | GnuPG2 used for code signing. GPG agent forwarded to remote hosts with gssh |
SSH Agent | GnuPG2 | Used with a Yubikey. See my set up guide. |
Security device | Yubikey 5 | Used with GnuPG2 to hold GPG keys and SSH key. Also used for 2FA. |
Note taking/minutes | git + vim / neovim | I use a git repository of markdown files to organise ideas and other notes. Yet another mental offload. |
Personal cryptography | GnuPG2 | Used with a Yubikey. See my set up guide. |
Shell | bash/zsh | I used to use fish but it's incompatible with bourne shell which makes maintenance a pain. |
Terminal multiplexing | tmux | Bindings adjusted to match vim |
Terminal | Alacritty | GPU accelerated and minimal. I also use uxterm. |
Terminal Font | Hack | Switched from Adobe Source Code Pro as 0 and 8 were too similar |
Environment management | direnv | To set environment variables based on current directory tree |
Specific tools
Purpose | Tool(s) | Comments |
---|---|---|
VPN | wireguard managed with dsnet | Wireguard is simple, fast and reliable. It will become the standard VPN. |
Web browser | firefox | Fast since Quantum. Animations disabled for speed. |
Disk space reclaim | ncdu + tmpreaper | Tools for clearing up disk space. I run the latter against ~/Downloads/ with a systemd user timer. |
Server configuration | ansible | Idempotent, agentless configuration management. Used with git. |
HTTP Client | httpie | curl alternative with better UX. Sometimes used with jq. |
System backup | restic | |
Cloud backup | rclone | |
CAD | OpenSCAD | Limited but powerful if you plan ahead |
CAD | CadQuery | B-REP kernel instead of just CSG. More powerful, currently learning. |
Diagramming | mermaid-js and excalidraw | Diagram creation software. See also dia, graphviz, tikz, draw.io. |
SVG optimisation | svgo | Useful for inlining SVGs in a web page |
Audio/video conversion | sox + ffmpeg + gstreamer | |
Web crawling | httrack | Better than wget for crawling (i.e. it works) |
Document conversion | pandoc | See also pdflatex, which I use for formal reports. |
Static blog | hugo | Chosen in an attempt to make myself stop writing blog engines and write articles instead. |
Git history viewer | tig | |
System secret management | age | Used with wrapper, host key. Moved on from git-crypt which was dangerous. |
Music library curation | beets | Automates curation of music library |
CLI Benchmarking | hyperfine | |
Secure file sending | ffsend | Terminal client for Firefox send |
File watching | entr | Simpler than inotify-tools |
ISO boot drive | ventoy | Allow booting of thousands of common ISOs from a flash drive. BIOS/uEFI, linux and windows |
Window tiler | gTile | Used with stock ubuntu. Works with an ultrawide, unlike Pop!_OS shell. |
Spreadsheet | Gnumeric | Spreadsheets are sometimes the right tool but not always! |
Notable features
- Workflows and application configuration profiled for speed. See section on Latency for more information.
- Prompt/hostname colour based on hostname to make it easy to distinguish between hosts.
- SSH+GPG agent runs locally, forwarded remotely. SSH_AUTH_SOCK is synchronised between tmux sessions.
- history is globally shared, as I use my history as a database to search
- History is automaticall filtered: History is de-duplicated, most recent persists. History is also filtered leaving only useful commands. This increases the SNR in the history file about 5x, which makes searching the history using FZF quicker. History is only cleaned up on shell exit, so you won't lose your immediate history which allows for command correction.
Custom bindings
Binding | Context | Description |
---|---|---|
CTRL+p |
bash/zsh/vim | Search current directory with FZF and launch editor with results. Tab to select multiple. |
r <string> |
bash/zsh | Search current directory with ripgrep for files containing <string> , filter with FZF and launch editor with results. Tab to select multiple. |
CTRL+r |
bash/zsh | History search using fzf. |
tm |
bash/zsh | Launch or connect tmux single session. This is automatic if there is already an unconnected session. |
CTRL+s |
bash/zsh | Prepend sudo to the prompt and move the cursor back to the end of the prompt. |
See home/.aliases
, bin/
, home/.functions.sh
and home/.tmux.conf
for
more handy shortcuts/wrappers/bindings.
OSes with automatic provisioning.
./.sh
will set up a fresh install with all of my regular
applications, system configuration and my user configuration.
Check the OSes specified in `./bootstrap for an up-to-date list of OSes that have automatic provisioning. Note that the automatic provisioning may be in various different states of stability depending on what I'm currently using and if newer OS versions have been released.
One liners
Obviously inspect the script to see what it does before you run it. Note that it will clobber your settings files.
MacOS/Nix:
curl -sL https://github.com/naggie/dotfiles/raw/master/bootstrap | sh && zsh
Ubuntu/Fedora:
wget -O - https://github.com/naggie/dotfiles/raw/master/bootstrap | sh && zsh
FreeBSD:
fetch -qo - https://github.com/naggie/dotfiles/raw/master/bootstrap | sh && zsh
Tips
- Run a vim selection through a command with
:!cmd
. Useful for formatting as well as copying on a mac:!pbcopy
. Write from the clipboard withr!pbpaste
. - Keep useful local environment variables in ~/.env-local.sh
An excellent guide and background to a lot of the tools used here is the MIT missing semester.
Operational security
With major services being compromised more and more, good OPSEC is important. I use:
- 2FA (U2F) where possible
- A different password for every service (important to prevent attacker pivot)
- Yubikey (as an openPGP smartcard) to store my SSH and GPG keys. See my set up guide.
- Full-disk encryption for every device
- Lock-screen for every device
- Backup 2FA codes, backup passwords and master passwords are in a physical fire safe
- I may switch to a password manager (pass or Keepassxc)
- UBlock origin on Firefox
- HTTPS everywhere on Firefox
- Own web services configured with A+ rating from ssllabs (best cipher suite, protocol etc)
- Regular updates of all software
- Subscription to vulnerability mailing lists g. Don't forward SSH/GPG agent by default