every two years i wake up and decide the previous me — sweet summer child that he was — clearly had no idea what he was doing. and so begins the great migration. nix → ansible → ansible again but with feelings → chezmoi → just bash → back to chezmoi. it never ends. it cannot end. it is, perhaps, the point.
this is my fourth rewrite. the goals were modest: less yaml, fewer secrets in plaintext, and one (1) command to bring up a new machine. of course the actual exit criteria turned into something closer to a philosophical exam.
what i actually wanted
- one repo. one tree. no submodules. no shame.
- secrets encrypted at rest with age, decrypted at apply time.
- machine-specific overrides without forking the whole damn thing.
- a manifest that survives
rm -rf ~/.configat 3am.
the smart play is chezmoi + age + a thin makefile. the dumb play is to write a custom go binary that calls chezmoi for you with extra steps. guess which one i did.
curl -fsSL https://nj.sh/boot | bash
# trust me bro
i will, of course, do this all again in 2028. you cannot fight nature.
what i actually learned
the dotfiles were never the point. the dotfiles are a love letter to the version of you that will inherit them at 4am, in an airport, on a borrowed thinkpad, with your wifi password and the will to live.
make them nice. or don't. just commit.