Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
> That this is even suggested as an installation command means that they might as well strike "securely" from the tagline. For someone interested in security the foul odor that this line emits is enough to make me stop reading.
I don't know. I always think this line smacks of paternalism. For instance, plenty of projects suggest for installation something like:
git clone https://github.com/twpayne/chezmoi/; cd chezmoi; make; sudo make install
I use Nix [1] (package manager) to handle my configurations over different systems. There is a somewhat steep learning curve, but it is perfect for my use-cases.
[1]: https://nixos.org
That's why I use https://yadm.io
It's basically a helper for a bare git repository plus some added features.
Unfortunately, I can't share it "as is", as it has grown a lot over the years and contains a lot of information about my home and work network topology and setups. (I host it on a private git server)
I copied some of it into an example repository to showcase the structure and left the playbook.yaml intact for reference. You can find it on: https://github.com/cybrox/ansible-setup-example
I don't want to claim that this structure is in any way better or worse than anything else, it's just one that works for me. There's a lot of discussion on how Ansible projects should be structured. This allows me to simply run `WORKSTATION=home DESKTOP=wayland ansible-playbook playbook.yaml` on a fresh Arch Linux install and everything is ready to go.
For maintaining the repository, I got used to changing things in there and deploying them instead of changing dotfiles directly. However, I do also deploy a bash script to copy all the files from the system back to the repo to catch dotfile edits I did hastily at 3am.
An example of dotfiles being deployed with this approach is roles/shell/tasks/zsh.yaml
Chezmoi is great. I've used it to manage my dotfiles[0] for many years now. It integrates with my password manager (1Password), so my secrets are stored in something I already use. It uses Go templates which is a good thing to know nowadays since it seems that many tools are using that.
[0]: https://github.com/shepherdjerred/dotfiles