debian-bootstrap
cptfinch/dotfilesBootstrap a new Debian/Ubuntu system with your standard configuration. Portable dotfiles, SSH config, shell setup, and SOPS secrets - no Nix required. Use when setting up a new machine or migrating away from NixOS.
0 stars
0 forks
Shell
8 views
SKILL.md
name: debian-bootstrap description: Bootstrap a new Debian/Ubuntu system with your standard configuration. Portable dotfiles, SSH config, shell setup, and SOPS secrets - no Nix required. Use when setting up a new machine or migrating away from NixOS.
Debian Bootstrap
Recreate your development environment on any Debian/Ubuntu system.
Quick Start
cd ~/.claude/skills/debian-bootstrap
just # See all commands
just setup-all # Full setup (packages + tools + dotfiles + secrets)
First time? See BOOTSTRAP.md for the complete checklist including manual steps (age key, secrets.yaml).
Architecture
┌─────────────────────────────────────────────────────────────────┐
│ debian-bootstrap │
├─────────────────────────────────────────────────────────────────┤
│ apt (packages.txt) │ System packages (git, curl, htop) │
├─────────────────────────────────────────────────────────────────┤
│ mise (mise.toml) │ Everything else: │
│ │ - Languages: node, python │
│ │ - CLI: bat, fd, rg, delta, lazygit │
│ │ - Cloud: gh, hcloud, awscli │
├─────────────────────────────────────────────────────────────────┤
│ uv │ Python package management │
├─────────────────────────────────────────────────────────────────┤
│ SOPS/Age │ Encrypted secrets │
└─────────────────────────────────────────────────────────────────┘
Two bootstrappers, one config file:
misemanages all dev tools viamise.tomluvhandles Python packages (10-100x faster than pip)
What's Included
| Component | Source | Target |
|---|---|---|
| Dev tools | mise.toml |
~/.config/mise/config.toml |
| SSH config | dotfiles/ssh_config |
~/.ssh/config |
| Bash config | dotfiles/bashrc |
~/.bashrc |
| Git config | dotfiles/gitconfig |
~/.gitconfig |
| Starship prompt | dotfiles/starship.toml |
~/.config/starship.toml |
| System packages | packages.txt |
via apt |
| SOPS setup | scripts/setup-sops.sh |
~/.config/sops/ |
Commands
# Full setup
just setup-all # Everything in order
# Individual components
just install-packages # apt packages only
just install-extras # mise + uv + all dev tools
just install-dotfiles # All dotfiles
just setup-sops # SOPS/Age encryption
# Secrets & Auth
just decrypt-ssh-keys # Extract SSH keys + add to agent
just setup-gh-auth # Authenticate GitHub CLI
just setup-glab-auth # Authenticate GitLab CLI
# Tool management (after setup)
mise install # Install tools from mise.toml
mise upgrade # Update all tools
mise list # Show installed tools
File Structure
debian-bootstrap/
├── SKILL.md # This file
├── BOOTSTRAP.md # Step-by-step first-time setup guide
├── justfile # All commands
├── mise.toml # Dev tools (the source of truth)
├── packages.txt # apt packages (system only)
├── dotfiles/
│ ├── ssh_config
│ ├── bashrc
│ ├── gitconfig
│ └── starship.toml
└── scripts/
├── install-extras.sh # Installs mise, uv, then mise install
└── setup-sops.sh # SOPS/Age setup
Adding Tools
Edit mise.toml and run mise install:
[tools]
# Languages
node = "lts"
python = "3.12"
go = "latest"
# CLI tools via ubi (GitHub releases)
"ubi:sharkdp/bat" = "latest"
"ubi:jesseduffield/lazygit" = "latest"
Secrets Management
Uses SOPS with Age encryption (same as NixOS setup):
# Decrypt secrets
sops -d ~/.claude/secrets.yaml
# Edit secrets
sops ~/.claude/secrets.yaml
# Extract single secret
sops -d --extract '["github_token"]' ~/.claude/secrets.yaml
Migration from NixOS
This skill was generated from your NixOS/Home Manager config. All Nix-specific paths have been converted to standard locations.
README
Workstation Setup
Cross-platform development environment bootstrap for Linux (Debian, Fedora, Arch, openSUSE).
Quick Start
New Machine (5 minutes)
# 1. Install git
sudo apt install git # Debian/Ubuntu
sudo dnf install git # Fedora
sudo pacman -S git # Arch
# 2. Clone (private repo - need SSH key or token)
git clone [email protected]:cptfinch/my-workstation.git ~/workstation
# OR with token:
git clone https://[email protected]/cptfinch/my-workstation.git ~/workstation
# 3. Run setup
cd ~/workstation
./bootstrap.sh
Existing Machine (update)
cd ~/workstation
git pull
just ansible
What It Does
| Category | Tools |
|---|---|
| CLI | bat, fd, ripgrep, fzf, jq, zoxide, lazygit |
| Dev | mise (node, python), uv, shellcheck |
| Shell | starship prompt, bash config |
| Security | age, sops, keepassxc, ssh-askpass |
| Git | git-delta, gh CLI, git config |
Setup Steps
Phase 1: Bootstrap (automated)
./bootstrap.sh
# Installs: packages, mise, dotfiles, creates directories
Phase 2: Secrets (manual - from 1Password)
# 1. Reload shell
exec bash
# 2. Paste age key (from 1Password → "Age Master Key")
cat > ~/.config/sops/age/keys.txt << 'EOF'
# created: ...
# public key: age1...
AGE-SECRET-KEY-...
EOF
chmod 600 ~/.config/sops/age/keys.txt
# 3. Copy secrets.yaml (from 1Password attachment)
cp /path/to/secrets.yaml ~/.claude/
# 4. Decrypt SSH keys
just decrypt-ssh-keys
Phase 3: Verify
just verify
File Structure
workstation/
├── bootstrap.sh # One-command setup
├── justfile # Daily commands
├── config/
│ ├── packages.yml # All packages (single source of truth)
│ ├── mise.toml # Tool versions (node, python)
│ └── dotfiles/ # Shell, git, SSH configs
├── ansible/
│ ├── site.yml # Main playbook
│ └── init.yml # New server setup (creates user)
└── scripts/ # Helper scripts
Commands
just # Show all commands
just setup # Full setup (shell-based)
just ansible # Full setup (ansible-based)
just verify # Check installation
just decrypt-ssh-keys # Decrypt SSH keys from secrets
just clone-repos # Clone skill repositories
Cross-Platform
| Distro | Package Manager | Status |
|---|---|---|
| Debian 12/13 | apt | ✓ Tested |
| Ubuntu 24.04 | apt | ✓ Tested |
| Fedora 40+ | dnf | ✓ Tested |
| Arch Linux | pacman | Supported |
| openSUSE | zypper | Supported |
Private Repo Access
Since this repo is private, you need authentication to clone:
Option A: SSH Key (if you have one)
git clone [email protected]:cptfinch/my-workstation.git
Option B: GitHub Token
# Create token at: https://github.com/settings/tokens
git clone https://[email protected]/cptfinch/my-workstation.git
Option C: Copy via filesystem (WSL)
# From existing WSL with access:
cp -r ~/workstation /mnt/c/temp/
# On new WSL:
cp -r /mnt/c/temp/workstation ~/
Option D: GitHub CLI
# Install gh first, then:
gh auth login
gh repo clone cptfinch/my-workstation