A reproducible personal workstation setup built around:
chezmoifor dotfiles, templating, and bootstrap orchestrationNixfor declarative packages (nix-darwinon macOS +flakey-profileon macOS/Linux)aqua+misefor CLI/runtime pinning outside Nix where practical- Shared AI tooling for
Claude CodeandCodex CLI
This is a real daily-driver setup, not a demo template. The README focuses on what is actually implemented in this repository today.
- Unified bootstrap pipeline (
.chezmoiscripts/00..11) with idempotent post-apply maintenance - Cross-platform package strategy:
- Nix user packages on macOS/Linux
- nix-darwin system config on macOS
- Homebrew/MAS integration on macOS
- Shared AI skills marketplace sync to
~/.agents/skillsfor both Claude and Codex - Multi-provider account switching for both toolchains:
claude-manage/claude-withcodex-manage/codex-with
- Auto MCP sync for Claude on every
chezmoi apply - Automated dependency upkeep via GitHub Actions (versions, flake locks, aqua packages)
- OpenSpec-backed lifecycle for medium/large changes (
openspec/changes,openspec/specs,opsx-*)
- Profiles everywhere:
.chezmoidata/drivesshared/work/privatepackages across Nix, Homebrew, and MAS - End-to-end bootstrap: staged scripts from
00to11keep setup deterministic and composable - macOS polish: nix-darwin system defaults, Homebrew + MAS integration, post-apply maintenance scripts
- Workflow guardrails: pre-commit checks + Claude hooks to reduce risky edits and command misuse
- DX automation: Justfile routines, fzf navigation helpers, AI-assisted commit flows
- CI parity: template rendering and
nix flake checkon macOS + Linux matrix - Dual AI stack: both Claude Code and Codex CLI are managed declaratively in one repo
Setting up a new development machine is tedious: dozens of packages to install, many tools to configure, and years of shell/runtime tweaks to remember.
This repository solves that with a declarative baseline and practical bootstrap pipeline, so one repo can recreate a working environment across machines with predictable outcomes.
Core principles:
- Reproducibility: same setup logic, same versioned data, repeatable outcomes
- Declarative first: package and tool configuration lives in tracked YAML/templates
- Modular profiles: work/private/headless behavior is data-driven, not hardcoded forks
- AI-augmented workflows: managed prompts, hooks, skills, and provider switching
- Security layering: separate mechanisms for dotfile secrets, password store, and key backups
- Quick Start
- First Run Prompts
- Architecture
- Repository Map
- Bootstrap Flow (What Actually Runs)
- Daily Operations
- Claude Code Integration
- AI Tooling (Claude + Codex)
- Tool Chains
- Shell Functions
- Package Management
- Multi-Profile Configuration
- Security & Secrets
- CI and Automation
- Change Management (OpenSpec)
- Additional Docs
- Acknowledgements
- Stats
- License
This repository combines chezmoi templating with Nix-based package management and AI tooling overlays:
chezmoi: source-of-truth orchestration for scripts/templatesnix-darwin(macOS): system-level configurationflakey-profile(macOS/Linux): user package profileaqua+mise: CLI/runtime tooling layer outside Nix where neededdot_claude+dot_codex: tool-specific global guidance and configuration
| Component | macOS | Linux |
|---|---|---|
| Dotfiles | chezmoi | chezmoi |
| System Config | nix-darwin | N/A |
| User Packages | flakey-profile | flakey-profile |
| GUI Apps | Homebrew/MAS | N/A |
.
├── .chezmoidata/
│ ├── nix.yaml # Nix package sets (shared/work/private)
│ ├── homebrew.yaml # Homebrew taps/brews/casks/MAS apps
│ ├── claude.yaml # Claude provider + account model settings
│ ├── versions.yaml # Pinned tool/plugin revisions
│ ├── aerospace.yaml # Aerospace WM data
│ └── hammerspoon.yaml # Hammerspoon data
├── .chezmoiscripts/ # Bootstrap + maintenance pipeline (00..11)
├── nix-config/
│ ├── flake.nix.tmpl
│ └── modules/
│ ├── system.nix.tmpl # nix-darwin system config
│ ├── apps.nix.tmpl # Homebrew + MAS wiring
│ ├── profile.nix.tmpl # flakey-profile package profile
│ └── host-users.nix
├── dot_local/bin/ # CLI wrappers (Claude/Codex/keys/MCP)
├── dot_claude/ # Claude global instructions/hooks/templates
├── dot_codex/ # Codex global instructions/config/prompts
├── private_dot_config/ # Tool configs (tmux, mise, aqua, gopass, ...)
├── docs/ # Focused guides
└── tests/ # Bootstrap/script regression tests
The chezmoi script chain is staged and numbered:
00install Nix (Determinate installer with arch/mirror detection)01optionally restore encrypted keys-manage files (useEncryption=true)02macOS: apply nix-darwin system configuration03switch flakey-profile package profile04bootstrap gopass store (interactive clone)05install pinned aqua installer/version06install tools fromprivate_dot_config/aquaproj-aqua/aqua.yaml07install runtimes/tools viamise08install pinned nix-index database09macOS: install/update Paperlib10periodic Homebrew update/upgrade (7-day interval)11sync Claude MCP servers (add/update only when needed)
Warning
This repository modifies shell, package managers, and system settings. Fork and review before running on a machine you care about.
curl -fsSL https://raw.githubusercontent.com/signalridge/dotfiles/main/init.sh | shREF="<tag-or-branch>"
curl -fsSLo init.sh "https://raw.githubusercontent.com/signalridge/dotfiles/${REF}/init.sh"
shasum -a 256 init.sh || sha256sum init.sh
sh init.sh --ref "${REF}"git clone https://github.com/signalridge/dotfiles.git
cd dotfiles
git checkout <tag-or-commit>
./init.sh./init.sh --repo signalridge/dotfiles
./init.sh --ref v1.2.3
./init.sh --depth 1
./init.sh --sshchezmoi data prompts include:
work(work machine switch)headless(container/server without full desktop assumptions)useEncryption(enable encrypted key restore flow)installMasApps(macOS App Store apps)claudeProviderAccount/codexProviderAccount
For most first-time users of this repo: keep useEncryption = false unless you have your own keys-manage backup repo and key material.
The generated global Justfile lives at ~/.config/just/.justfile.
just apply
just diff
just update
just re-addjust up
just upp nixpkgs
just gc
just verify
just optimizejust darwin
just darwin-check
just darwin-buildbash tests/run.sh
pre-commit run --all-filesSkills are synced via .chezmoiexternal.toml.tmpl from:
They are normalized into ~/.agents/skills and shared by Claude/Codex.
The managed instruction stack includes explicit quality discipline patterns (for example: pre-implementation confidence checks and evidence-first verification after implementation), primarily delivered via shared skills and project-level guardrails.
claude-manage, claude-with, and claude-token provide account switching and provider/account-scoped model routing from .chezmoidata/claude.yaml + gopass-backed keys.
See: docs/claude-provider.md.
Claude hooks in dot_claude/hooks/ provide workflow guardrails and formatting automation, including:
block-git-rewrites.shblock-main-edits.shformat-code.shformat-python.sh
chezmoi external syncs selected skills from:
wshobson/agentsanthropics/skillsobra/superpowers
They are normalized into ~/.agents/skills and shared by Claude/Codex.
# Claude
claude-manage
claude-manage list
claude-manage switch anthropic
claude-with kimi@private -- --resume
# Codex
codex-manage
codex-manage list
codex-manage switch openai
codex-with deepseek@private "explain this file"claude-token --check kimi@private
codex-token --check deepseek@private- Claude MCP entries are reconciled by
.chezmoiscripts/run_after_11_sync-claude-mcp.sh.tmpl. - Wrapper commands provided in this repo:
~/.local/bin/mcp-tavily~/.local/bin/mcp-postgres
This setup keeps the original modern CLI stack and shell ergonomics.
| Classic | Modern | Description |
|---|---|---|
ls |
eza | Git integration, icons, tree views |
cat |
bat | Syntax highlighting, git integration |
grep |
ripgrep | Lightning-fast regex search |
find |
fd | Intuitive syntax, respects .gitignore |
cd |
zoxide | Smart directory jumping |
| Tool | Role |
|---|---|
| starship | Minimal, blazing-fast prompt |
| sheldon | Fast zsh plugin manager |
| atuin | Shell history with fuzzy search |
| direnv | Per-directory environment variables |
| fzf | Fuzzy finder for files, history, and more |
| Tool | Role |
|---|---|
| mise | Polyglot runtime manager (Node, Python, Go, Rust) |
| lazygit | Terminal UI for git |
| yazi | Fast terminal file manager |
| tmux | Terminal multiplexer |
dev # FZF-powered project selector (with ghq)
mkcd <dir> # Create directory and cd into it
dotcd # Jump to chezmoi sourcefgc # Fuzzy git checkout (branches)
fgl # Fuzzy git log viewer
fga # Fuzzy git add (select files)
aicommit # Generate commit message with AIcreate_direnv_venv # Create Python venv with direnv
create_direnv_nix # Create Nix flake with direnv
create_py_project # Quick Python project setup with uv| Source | Platform | Description |
|---|---|---|
| Nix packages | macOS, Linux | Reproducible, rollback-able |
| Homebrew casks | macOS only | GUI applications |
| Mac App Store | macOS only | App Store exclusives |
Package lists live in .chezmoidata/ and support shared / work / private segmentation.
# For work machines
chezmoi init --apply --promptBool work=true signalridge
# For personal machines (default)
chezmoi init --apply signalridge
# For headless servers (no GUI configs)
chezmoi init --apply --promptBool headless=true signalridgeThis repo uses multiple layers with different purposes:
chezmoisecret decryption viaagecommand wrapper and~/.ssh/maingopassconfigured withagebackend for API key/password storagekeys-manageencrypted backup repo using OpenSSL PBKDF2 (AES-256-CBC)- Claude hook guardrails to block risky git/history-rewrite flows
See:
docs/keys-manage-guide.mddocs/gopass-new-device-setup.mddocs/claude-provider.md
-
.github/workflows/ci.yml- pre-commit checks
- template render validation
nix flake check(macOS + Linux matrix)
-
.github/workflows/tests.yml- manual bootstrap/script test suite (
bash tests/run.sh)
- manual bootstrap/script test suite (
.github/workflows/scheduler.yml(twice weekly trigger).github/workflows/update-versions.yml.github/workflows/update-flake-lock.yml.github/workflows/update-aqua-packages.yml
Important
OpenSpec is the source of truth for medium/large changes in this repository.
- Change artifacts live under
openspec/changes/<change-name>/(proposal.md,design.md,tasks.md, delta specs). - Main capability specs live under
openspec/specs/<capability>/spec.md. - Completed changes are archived under
openspec/changes/archive/. - If
opsx-*wrappers are installed, they map to the same OpenSpec lifecycle.
Typical workflow:
openspec new change <change-name>
openspec status --change <change-name>
# then continue with opsx-* wrappers or openspec instructions/apply/verify/archivedocs/claude-provider.mddocs/keys-manage-guide.mddocs/gopass-new-device-setup.mddocs/tmux.md
- chezmoi - Dotfiles manager
- nix-darwin - Declarative macOS configuration
- flakey-profile - Cross-platform Nix profile management
- wshobson/agents - Claude Code plugins marketplace
- anthropics/skills - Official Claude Code skills
- obra/superpowers - Advanced workflow patterns
- Dracula Theme - Theme palette for terminal and fzf styling
MIT