Initial public release

A chezmoi-based fleet-dotfiles template for macOS workstations:

- Two-way auto-sync via launchd watcher + 5-min puller
- Mesh SSH via modify_authorized_keys driven by .chezmoidata/fleet.yaml
- age-encrypted secrets file
- Bundled Claude Code agentic team (11 agents) + /lite + /lite-sub commands
- Verify-before-claiming Stop hook
- Generic statusline + project-boundary validate-path hook
- Reference launchd plist for cross-fleet task-durations aggregation
  (companion repo: gitea.tojo.team/cardinale/task-durations)
- AGENTS.md walks an agent through the entire setup Q&A interactively
- docs/ covers architecture, security model, fleet onboarding
This commit is contained in:
Anthony Cardinale
2026-05-02 17:26:32 -04:00
commit ebccdda936
42 changed files with 2994 additions and 0 deletions
+45
View File
@@ -0,0 +1,45 @@
# Per-machine secrets, sourced by .zshrc on shell start.
# This file is encrypted via age before being committed to chezmoi —
# the live disk copy lives at ~/.config/fleet-dotfiles/secrets.env.
#
# To enable encryption on a real fleet:
# 1. Place this file at ~/.config/fleet-dotfiles/secrets.env
# 2. chmod 600 ~/.config/fleet-dotfiles/secrets.env
# 3. Replace placeholder values with real ones
# 4. chezmoi add --encrypt ~/.config/fleet-dotfiles/secrets.env
# (chezmoi auto-renames it to encrypted_private_secrets.env.age in source)
# 5. The auto-sync watcher commits + pushes the encrypted version on edit
#
# Never commit the unencrypted version. Variables you don't use can be
# deleted; the list below is illustrative of what a real fleet might carry.
# ───────── Cloudflare ─────────
# Account ID + API tokens for Pages deploys, Workers, DNS API
export CLOUDFLARE_ACCOUNT_ID=""
export CLOUDFLARE_API_KEY=""
export CLOUDFLARE_EMAIL=""
# ───────── Domain registrar (Porkbun) ─────────
export PORKBUN_API_KEY=""
export PORKBUN_SECRET_KEY=""
# ───────── Tailscale (for fleet access ACLs / DNS API) ─────────
export TAILSCALE_API_KEY=""
# ───────── HuggingFace ─────────
export HF_TOKEN=""
export HUGGINGFACE_TOKEN=""
# ───────── LLM API providers ─────────
export OPENAI_API_KEY=""
export ANTHROPIC_API_KEY=""
export GEMINI_API_KEY=""
# ───────── Gitea (this template's host) ─────────
export GITEA_URL=""
export GITEA_USER=""
export GITEA_TOKEN=""
# ───────── Anything else ─────────
# Add per-service tokens here. Naming convention: SERVICE_PURPOSE_KIND
# e.g. STRIPE_LIVE_SECRET_KEY, DISCORD_BOT_TOKEN