Initial public release
A chezmoi-based fleet-dotfiles template for macOS workstations: - Two-way auto-sync via launchd watcher + 5-min puller - Mesh SSH via modify_authorized_keys driven by .chezmoidata/fleet.yaml - age-encrypted secrets file - Bundled Claude Code agentic team (11 agents) + /lite + /lite-sub commands - Verify-before-claiming Stop hook - Generic statusline + project-boundary validate-path hook - Reference launchd plist for cross-fleet task-durations aggregation (companion repo: gitea.tojo.team/cardinale/task-durations) - AGENTS.md walks an agent through the entire setup Q&A interactively - docs/ covers architecture, security model, fleet onboarding
This commit is contained in:
@@ -0,0 +1,45 @@
|
||||
# Per-machine secrets, sourced by .zshrc on shell start.
|
||||
# This file is encrypted via age before being committed to chezmoi —
|
||||
# the live disk copy lives at ~/.config/fleet-dotfiles/secrets.env.
|
||||
#
|
||||
# To enable encryption on a real fleet:
|
||||
# 1. Place this file at ~/.config/fleet-dotfiles/secrets.env
|
||||
# 2. chmod 600 ~/.config/fleet-dotfiles/secrets.env
|
||||
# 3. Replace placeholder values with real ones
|
||||
# 4. chezmoi add --encrypt ~/.config/fleet-dotfiles/secrets.env
|
||||
# (chezmoi auto-renames it to encrypted_private_secrets.env.age in source)
|
||||
# 5. The auto-sync watcher commits + pushes the encrypted version on edit
|
||||
#
|
||||
# Never commit the unencrypted version. Variables you don't use can be
|
||||
# deleted; the list below is illustrative of what a real fleet might carry.
|
||||
|
||||
# ───────── Cloudflare ─────────
|
||||
# Account ID + API tokens for Pages deploys, Workers, DNS API
|
||||
export CLOUDFLARE_ACCOUNT_ID=""
|
||||
export CLOUDFLARE_API_KEY=""
|
||||
export CLOUDFLARE_EMAIL=""
|
||||
|
||||
# ───────── Domain registrar (Porkbun) ─────────
|
||||
export PORKBUN_API_KEY=""
|
||||
export PORKBUN_SECRET_KEY=""
|
||||
|
||||
# ───────── Tailscale (for fleet access ACLs / DNS API) ─────────
|
||||
export TAILSCALE_API_KEY=""
|
||||
|
||||
# ───────── HuggingFace ─────────
|
||||
export HF_TOKEN=""
|
||||
export HUGGINGFACE_TOKEN=""
|
||||
|
||||
# ───────── LLM API providers ─────────
|
||||
export OPENAI_API_KEY=""
|
||||
export ANTHROPIC_API_KEY=""
|
||||
export GEMINI_API_KEY=""
|
||||
|
||||
# ───────── Gitea (this template's host) ─────────
|
||||
export GITEA_URL=""
|
||||
export GITEA_USER=""
|
||||
export GITEA_TOKEN=""
|
||||
|
||||
# ───────── Anything else ─────────
|
||||
# Add per-service tokens here. Naming convention: SERVICE_PURPOSE_KIND
|
||||
# e.g. STRIPE_LIVE_SECRET_KEY, DISCORD_BOT_TOKEN
|
||||
Reference in New Issue
Block a user