ebccdda936
A chezmoi-based fleet-dotfiles template for macOS workstations: - Two-way auto-sync via launchd watcher + 5-min puller - Mesh SSH via modify_authorized_keys driven by .chezmoidata/fleet.yaml - age-encrypted secrets file - Bundled Claude Code agentic team (11 agents) + /lite + /lite-sub commands - Verify-before-claiming Stop hook - Generic statusline + project-boundary validate-path hook - Reference launchd plist for cross-fleet task-durations aggregation (companion repo: gitea.tojo.team/cardinale/task-durations) - AGENTS.md walks an agent through the entire setup Q&A interactively - docs/ covers architecture, security model, fleet onboarding
46 lines
1.8 KiB
Bash
46 lines
1.8 KiB
Bash
# Per-machine secrets, sourced by .zshrc on shell start.
|
|
# This file is encrypted via age before being committed to chezmoi —
|
|
# the live disk copy lives at ~/.config/fleet-dotfiles/secrets.env.
|
|
#
|
|
# To enable encryption on a real fleet:
|
|
# 1. Place this file at ~/.config/fleet-dotfiles/secrets.env
|
|
# 2. chmod 600 ~/.config/fleet-dotfiles/secrets.env
|
|
# 3. Replace placeholder values with real ones
|
|
# 4. chezmoi add --encrypt ~/.config/fleet-dotfiles/secrets.env
|
|
# (chezmoi auto-renames it to encrypted_private_secrets.env.age in source)
|
|
# 5. The auto-sync watcher commits + pushes the encrypted version on edit
|
|
#
|
|
# Never commit the unencrypted version. Variables you don't use can be
|
|
# deleted; the list below is illustrative of what a real fleet might carry.
|
|
|
|
# ───────── Cloudflare ─────────
|
|
# Account ID + API tokens for Pages deploys, Workers, DNS API
|
|
export CLOUDFLARE_ACCOUNT_ID=""
|
|
export CLOUDFLARE_API_KEY=""
|
|
export CLOUDFLARE_EMAIL=""
|
|
|
|
# ───────── Domain registrar (Porkbun) ─────────
|
|
export PORKBUN_API_KEY=""
|
|
export PORKBUN_SECRET_KEY=""
|
|
|
|
# ───────── Tailscale (for fleet access ACLs / DNS API) ─────────
|
|
export TAILSCALE_API_KEY=""
|
|
|
|
# ───────── HuggingFace ─────────
|
|
export HF_TOKEN=""
|
|
export HUGGINGFACE_TOKEN=""
|
|
|
|
# ───────── LLM API providers ─────────
|
|
export OPENAI_API_KEY=""
|
|
export ANTHROPIC_API_KEY=""
|
|
export GEMINI_API_KEY=""
|
|
|
|
# ───────── Gitea (this template's host) ─────────
|
|
export GITEA_URL=""
|
|
export GITEA_USER=""
|
|
export GITEA_TOKEN=""
|
|
|
|
# ───────── Anything else ─────────
|
|
# Add per-service tokens here. Naming convention: SERVICE_PURPOSE_KIND
|
|
# e.g. STRIPE_LIVE_SECRET_KEY, DISCORD_BOT_TOKEN
|