{"id":28487857,"url":"https://github.com/rios0rios0/dotfiles","last_synced_at":"2026-05-04T03:02:30.365Z","repository":{"id":253012228,"uuid":"841744954","full_name":"rios0rios0/dotfiles","owner":"rios0rios0","description":"Personal dotfiles managed with chezmoi and 1Password. Cross-platform configs for Kali Linux WSL, Windows 11, and Termux with Zsh, PowerShell, and Windows Terminal.","archived":false,"fork":false,"pushed_at":"2026-03-30T23:38:35.000Z","size":5686,"stargazers_count":4,"open_issues_count":6,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-03-30T23:46:16.552Z","etag":null,"topics":["1password","chezmoi","dotfiles","powershell","zsh"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rios0rios0.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-08-13T00:52:43.000Z","updated_at":"2026-03-30T23:38:38.000Z","dependencies_parsed_at":"2026-02-24T20:02:46.048Z","dependency_job_id":null,"html_url":"https://github.com/rios0rios0/dotfiles","commit_stats":null,"previous_names":["rios0rios0/dotfiles"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/rios0rios0/dotfiles","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rios0rios0%2Fdotfiles","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rios0rios0%2Fdotfiles/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rios0rios0%2Fdotfiles/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rios0rios0%2Fdotfiles/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rios0rios0","download_url":"https://codeload.github.com/rios0rios0/dotfiles/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rios0rios0%2Fdotfiles/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31746101,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-13T06:26:45.479Z","status":"ssl_error","status_checked_at":"2026-04-13T06:26:44.645Z","response_time":93,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["1password","chezmoi","dotfiles","powershell","zsh"],"created_at":"2025-06-08T05:08:05.216Z","updated_at":"2026-05-04T03:02:30.357Z","avatar_url":"https://github.com/rios0rios0.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003edotfiles\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/rios0rios0/dotfiles/releases/latest\"\u003e\n        \u003cimg src=\"https://img.shields.io/github/release/rios0rios0/dotfiles.svg?style=for-the-badge\u0026logo=github\" alt=\"Latest Release\"/\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/rios0rios0/dotfiles/blob/main/LICENSE\"\u003e\n        \u003cimg src=\"https://img.shields.io/github/license/rios0rios0/dotfiles.svg?style=for-the-badge\u0026logo=github\" alt=\"License\"/\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/rios0rios0/dotfiles/actions/workflows/validate.yaml\"\u003e\n        \u003cimg src=\"https://img.shields.io/github/actions/workflow/status/rios0rios0/dotfiles/validate.yaml?branch=main\u0026style=for-the-badge\u0026logo=github\" alt=\"Build Status\"/\u003e\u003c/a\u003e\n    \u003ca href=\"https://sonarcloud.io/summary/overall?id=rios0rios0_dotfiles\"\u003e\n        \u003cimg src=\"https://img.shields.io/sonar/coverage/rios0rios0_dotfiles?server=https%3A%2F%2Fsonarcloud.io\u0026style=for-the-badge\u0026logo=sonarqubecloud\" alt=\"Coverage\"/\u003e\u003c/a\u003e\n    \u003ca href=\"https://sonarcloud.io/summary/overall?id=rios0rios0_dotfiles\"\u003e\n        \u003cimg src=\"https://img.shields.io/sonar/quality_gate/rios0rios0_dotfiles?server=https%3A%2F%2Fsonarcloud.io\u0026style=for-the-badge\u0026logo=sonarqubecloud\" alt=\"Quality Gate\"/\u003e\u003c/a\u003e\n    \u003ca href=\"https://www.bestpractices.dev/projects/12024\"\u003e\n        \u003cimg src=\"https://img.shields.io/cii/level/12024?style=for-the-badge\u0026logo=opensourceinitiative\" alt=\"OpenSSF Best Practices\"/\u003e\u003c/a\u003e\n\u003c/p\u003e\n\nCross-platform dotfiles managed with [chezmoi](https://www.chezmoi.io/), [1Password CLI](https://developer.1password.com/docs/cli/) for secrets, and [age](https://github.com/FiloSottile/age) for file encryption. Targets three platforms: **Linux (Kali on WSL)**, **Windows 11**, and **Android (Termux)**.\n\n![Kali Linux on WSL](.docs/wsl-with-kali.png)\n![PowerShell 7 on Windows](.docs/windows-with-powershell-7.png)\n![Termux on Android](.docs/android-with-termux.png)\n\n## What's Managed\n\n### Shells and Prompt\n\n| Component | Linux (WSL) | Windows | Android (Termux) |\n|-----------|-------------|---------|------------------|\n| Shell | Zsh | PowerShell 7 | Zsh |\n| Framework | Oh My Zsh + ZINIT | Oh My Posh | Oh My Zsh + ZINIT |\n| Theme | Powerlevel10k | Oh My Posh (custom) | Powerlevel10k |\n\n### Version Managers\n\n- **GVM** (Go), **NVM** (Node.js), **Pyenv** (Python), **SDKMAN** (Java, Gradle, Maven, Kotlin), **Cargo** (Rust)\n- Automatic version switching via `dot_scripts/linux-engineering-version-manager.sh` (detects `go.mod`, `.nvmrc`, `pyproject.toml`)\n\n### Cloud and Infrastructure\n\n- **Kubernetes**: kubectl, krew (ctx/ns plugins), kubeconfig auto-detection\n- **Terraform** + Terragrunt\n- **AWS CLI**, **Azure CLI**, **Heroku CLI**, **GitHub CLI**\n- **Docker** + Docker Compose\n\n### Development Tools\n\n- **Cursor** (AI editor with Docker-based MCP servers on Linux)\n- **Claude Code** + **Gemini CLI** (AI coding assistants)\n- **Neovim** with AstroVim (Android)\n\n### Security and Pentesting\n\n- John the Ripper, SQLMap, VHostScan, dirsearch, StegCracker, stegbrute\n\n### Utilities\n\n- eza (ls replacement), bat (syntax highlighting), ripgrep, jq/yq, ffmpeg, ImageMagick, pdftk, asciinema, Speedtest CLI, CycloneDX (SBOM), rclone (Android/Termux only; see the [OneDrive setup guide](.docs/rclone-onedrive-setup.md))\n\n## Platform Matrix\n\n| Aspect | Linux (WSL/Kali) | Windows 11 | Android (Termux) |\n|--------|------------------|------------|------------------|\n| Shell | Zsh + Oh My Zsh + p10k | PowerShell + Oh My Posh | Zsh + Oh My Zsh + p10k |\n| Scripts | `.sh` (bash) | `.ps1` (PowerShell) | `.sh` (bash) |\n| 1Password | `op` wrapper (calls `op.exe` from WSL) | Native `op.exe` | `op` wrapper (proot Alpine) |\n| Docker | Native | Docker Desktop | N/A (proot wrappers) |\n| MCP Config | `~/.cursor/mcp.json` (Docker) | N/A | `~/.config/mcphub/servers.json` (npx) |\n| Editor | Any | Cursor | Neovim (AstroVim) |\n\n## Installation\n\n### Prerequisites\n\nAll platforms require:\n- [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)\n- [age](https://github.com/FiloSottile/age)\n- [1Password CLI](https://developer.1password.com/docs/cli/get-started)\n\n### Kali Linux on WSL\n\n```sh\nsudo apt install git age\nsh -c \"$(curl -fsLS get.chezmoi.io/lb)\" -- init --apply rios0rios0\n```\n\n### PowerShell 7 on Windows\n\n```powershell\nwinget install Microsoft.PowerShell\nwinget install Git.Git           # if ASLR is enabled, install from https://git-scm.com/download/win\nwinget install FiloSottile.age   # add the age executable to PATH manually\nwinget install 1password-cli\n\nSet-ExecutionPolicy RemoteSigned -Scope Process\nchezmoi init --apply rios0rios0\n```\n\n### Termux on Android\n\n\u003e **Important**: Install Termux from [F-Droid](https://f-droid.org/en/packages/com.termux/), not the Play Store ([reason](https://www.reddit.com/r/termux/comments/zu8ets/do_not_install_termux_from_play_store/)).\n\n```sh\napt install git chezmoi\nchezmoi init --apply rios0rios0\n```\n\n\u003e **Note**: Full dependency installation takes 45-120 minutes. Do not cancel mid-execution.\n\n## Repository Structure\n\n```\n.chezmoiscripts/         # 21 platform-specific setup scripts (run_once_before_*, run_after_*)\n.chezmoitemplates/       # Shared template fragments (font installer, MCP server logic, username)\ndot_claude/              # Claude Code config (settings, permissions, trust) -\u003e ~/.claude/\ndot_config/              # XDG config (mcphub MCP servers for Android) -\u003e ~/.config/\ndot_cursor/              # Cursor MCP config (Docker-based, Linux only) -\u003e ~/.cursor/\ndot_docker/              # Docker daemon config -\u003e ~/.docker/\ndot_scripts/             # Utility scripts (version manager, credential loader, git sync, etc.)\ndot_ssh/                 # SSH config, keys, signing (1Password-backed) -\u003e ~/.ssh/\ndot_aws/                 # Encrypted AWS credentials -\u003e ~/.aws/\ndot_azure/               # Encrypted Azure profile -\u003e ~/.azure/\ndot_kube/                # Encrypted Kubernetes configs -\u003e ~/.kube/\nAppData/                 # Windows Terminal settings (Windows only)\nmodify_dot_claude.json.tmpl  # MCP server config for Claude Code -\u003e ~/.claude.json\n```\n\nChezmoi translates `dot_` prefixes to `.` in the target path (e.g., `dot_zshrc.tmpl` becomes `~/.zshrc`).\n\n## Secrets and Encryption\n\nThis repository uses a layered approach to secrets management:\n\n- **1Password CLI** fetches SSH keys, GPG keys, and credentials at template render time via `onepasswordRead` / `onepassword` template functions\n- **Age encryption** protects sensitive files at rest (AWS, Azure, Kubernetes configs, npmrc). Private key stored at `~/.ssh/chezmoi`, recipients at `~/.age_recipients`\n- **Per-device SSH/GPG signing** matches keys by hostname against 1Password device notes (\"Device: \\\u003chostname\\\u003e\")\n\nEncrypted files end in `.age` and are automatically decrypted during `chezmoi apply`.\n\n## Claude Code Configuration\n\nThis repository manages four Claude Code configuration files. Each targets a different file on disk because Claude Code separates instructions, permissions, and MCP servers into distinct subsystems that cannot be consolidated into a single file.\n\n| Repository Path | Deployed To | Purpose |\n|-----------------|-------------|---------|\n| `dot_claude/CLAUDE.md` | `~/.claude/CLAUDE.md` | Global instructions loaded into every Claude Code session (WSL preferences) |\n| `dot_claude/modify_settings.json.tmpl` | `~/.claude/settings.json` | Default permission rules (`allow` list) and effort level |\n| `dot_claude/modify_dot_claude.json.tmpl` | `~/.claude/.claude.json` | Auto-trusts project directories to skip the trust dialog |\n| `modify_dot_claude.json.tmpl` (root) | `~/.claude.json` | User-scoped MCP servers (GitHub, Azure DevOps, SonarQube, Kubernetes) |\n\nThe three `modify_*.tmpl` files are chezmoi [modify scripts](https://www.chezmoi.io/reference/source-state-attributes/#modify): they receive the current file content on stdin, merge desired settings via embedded Python, and output the result. This preserves any user-added configuration while ensuring defaults are always present.\n\n\u003e **Note**: The `dot_claude/` directory is deployed only on **Windows** and **Android** (excluded on Linux via `.chezmoiignore`).\n\n### Gitignore Design\n\nThe global `~/.gitignore` (managed via `dot_gitignore`) ignores `.claude/` by default to prevent accidentally committing Claude Code's internal files (caches, memory, `settings.local.json`) across all repositories. However, `.claude/settings.json` is explicitly un-ignored because Claude Code designates it as team-shared project configuration — meant to be committed alongside the codebase. Personal or machine-specific settings belong in `.claude/settings.local.json`, which remains ignored.\n\n## Chezmoi Conventions\n\n| Prefix/Suffix | Meaning |\n|---------------|---------|\n| `dot_` | Becomes `.` in target (e.g., `dot_zshrc` becomes `~/.zshrc`) |\n| `.tmpl` | Processed as Go template before deployment |\n| `encrypted_*.age` | Age-encrypted file, decrypted on apply |\n| `run_once_before_*` | Script runs once before file application |\n| `run_after_*` | Script runs after every application |\n| `private_` | File deployed with restricted permissions |\n| `modify_` | Script that merges changes into an existing file |\n\nPlatform-specific scripts are prefixed: `linux-*`, `windows-*`, `android-*`. Exclusion rules in `.chezmoiignore` ensure only the correct platform's files are applied.\n\n## Debugging\n\n- Run `chezmoi doctor` to diagnose installation issues\n- Run `chezmoi diff` to preview pending changes before applying\n- Use `GIT_TRACE=1` for verbose Git output\n- Use `chezmoi execute-template \u003c file.tmpl` to test template rendering\n\n### Known Issues\n\n1. **Git stuck on SSH commands (WSL)**: Zsh and Git both use `ssh.exe` from Windows. If `known_hosts` is missing, commands hang. Fix: run `ssh git@\u003cHOST\u003e` once to populate `known_hosts`.\n\n2. **Age decryption errors**: Chezmoi's built-in age support cannot decrypt with SSH keys. The standalone `age` binary is required. Without it:\n   ```\n   chezmoi: error at line 1: malformed secret key: separator\n   ```\n\n3. **Windows path length limit (256 chars)**: WSL interop calls to `.exe` files may fail with `Invalid argument` if the working directory path is too long.\n\n4. **Termux sessions killed with `[Process completed (signal 9)]` (Android 12+)**: Android's **Phantom Process Killer** enforces a system-wide limit of ~32 forked child processes. Heavy CLI tools like Claude Code spawn many Node.js children, quickly exceeding this limit — regardless of available RAM.\n\n   **Fix (Android 14+, no root required):**\n   1. Enable Developer Options: `Settings \u003e About Phone \u003e tap \"Build Number\" 7 times`\n   2. Go to `Settings \u003e System \u003e Developer Options`\n   3. Enable **\"Disable child process restrictions\"**\n\n   **Supplementary tips:**\n   - Run `termux-wake-lock` to prevent Android from deep-sleeping Termux\n   - Use `tmux` instead of multiple Termux tabs — it consolidates all sessions under a single process tree, reducing the visible child process count to Android (see the [tmux on Termux tutorial](docs/tmux-termux-tutorial.md) for a beginner-friendly guide)\n\n   **Additional Android OS settings (no root required):**\n   - **Battery optimization:** `Settings \u003e Apps \u003e Termux \u003e Battery \u003e Unrestricted` — prevents Doze mode from throttling Termux\n   - **Animation scales:** In Developer Options, set Window/Transition/Animator duration scales to `0.5x` — reduces UI overhead\n   - **RAM Plus / Extended RAM:** If available (Samsung: `Settings \u003e Battery and device care \u003e RAM Plus`), enable 4-8GB of virtual RAM\n   - **Termux:Boot:** Install from [F-Droid](https://f-droid.org/en/packages/com.termux.boot/), create `~/.termux/boot/start.sh` with `termux-wake-lock` to auto-acquire wake lock on boot\n\n## References\n\n- [chezmoi documentation](https://www.chezmoi.io/user-guide/command-overview/)\n- [chezmoi template variables](https://www.chezmoi.io/reference/templates/variables/)\n- [chezmoi scripts reference](https://www.chezmoi.io/reference/special-files-and-directories/chezmoiscripts/)\n- [Sprig template functions](https://masterminds.github.io/sprig/)\n- Inspired by [patrick-5546/dotfiles](https://github.com/patrick-5546/dotfiles), [budimanjojo/dotfiles](https://github.com/budimanjojo/dotfiles), [romkatv/dotfiles-public](https://github.com/romkatv/dotfiles-public)\n\n## Contributing\n\nContributions are welcome. See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\n\n## License\n\nSee [LICENSE](LICENSE) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frios0rios0%2Fdotfiles","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frios0rios0%2Fdotfiles","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frios0rios0%2Fdotfiles/lists"}