Skip to content

rushabhpasad/dotfiles

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
dot_aws
dot_aws
 
 
dot_config
dot_config
 
 
dot_continue
dot_continue
 
 
dot_local-terminal-settings
dot_local-terminal-settings
 
 
dot_ollama
dot_ollama
 
 
private_Library
private_Library
 
 
private_dot_gnupg
private_dot_gnupg
 
 
private_dot_ssh
private_dot_ssh
 
 
scripts
scripts
 
 
.chezmoiignore
.chezmoiignore
 
 
README.md
README.md
 
 
bootstrap.sh
bootstrap.sh
 
 
dot_bash_profile
dot_bash_profile
 
 
dot_bashrc
dot_bashrc
 
 
dot_condarc
dot_condarc
 
 
dot_gitconfig
dot_gitconfig
 
 
dot_gitconfig-testlify
dot_gitconfig-testlify
 
 
dot_gitflow_export
dot_gitflow_export
 
 
dot_gitignore_global
dot_gitignore_global
 
 
dot_profile
dot_profile
 
 
dot_zprofile
dot_zprofile
 
 
dot_zshrc
dot_zshrc
 
 
empty_dot_stCommitMsg
empty_dot_stCommitMsg
 
 
private_dot_Brewfile
private_dot_Brewfile
 
 
private_dot_hgignore_global
private_dot_hgignore_global
 
 

Repository files navigation

Dotfiles – Reproducible macOS Workstation

This repository contains the configuration required to recreate my full macOS development environment using chezmoi, Homebrew, and age-encrypted secrets.

Goal:

One command → brand-new Mac becomes a fully working dev machine.

Architecture Overview

The setup is intentionally split into three security layers:

1. Public / Version-controlled (this repo)

Safe to store in Git:

  • Shell configuration (.zshrc, .bashrc, etc.)
  • Git configuration
  • Starship prompt
  • Tool configs
  • Brewfile (packages & apps)
  • Encrypted secrets (*.age)
  • Public SSH keys

2. Local Secrets Vault (~/secrets)

Never stored in Git.

Contains:

  • Infrastructure PEM keys
  • Android keystores
  • Cloud credentials (optional)
  • Backup of GPG private keys (optional)
  • Backup of age master key

3. Age Encryption Key

File:

~/.config/chezmoi/age.txt

This key decrypts all encrypted secrets.

Critical Rules

  • Never commit this file
  • Store backups in:
    • Password manager
    • Encrypted offline/cloud backup

Loss = permanent data loss.
Leak = total secret compromise.

Fresh macOS Bootstrap

1. Download and run bootstrap script

curl -fsSL https://raw.githubusercontent.com/rushabhpasad/dotfiles/main/bootstrap.sh -o bootstrap.sh
chmod +x bootstrap.sh
./bootstrap.sh

About

chezmoi dotfiles repo for config

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages