curl -fsSL https://raw.githubusercontent.com/theodrosyimer/dotfiles/main/bootstrap.sh -o /tmp/bootstrap.sh
bash /tmp/bootstrap.shbootstrap.sh runs all 14 steps below in order, idempotently (safe to
re-run after failures). It will pause at 4 points that require you to act:
- Install + sign in to 1Password desktop, enable SSH agent + CLI integration
- Accept the Xcode Command Line Tools license dialog
gh auth loginbrowser OAuthop signinbiometric / master password
Between those, it runs unattended.
Manual path (reference / fallback)
Use these steps if you want to run the flow by hand, or if you're debugging
a specific step of bootstrap.sh.
-
Install 1Password desktop — App Store, or direct from downloads.1password.com. Sign in. Settings → Developer → enable Use the SSH agent and Integrate with 1Password CLI.
-
Command Line Tools (provides
git,clang):xcode-select --install
-
Homebrew:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" -
Just enough to clone (full Brewfile comes later):
brew install gh
-
Authenticate
gh(browser OAuth, ~10 seconds):gh auth login
-
Clone dotfiles over HTTPS (no SSH needed yet):
gh repo clone theodrosyimer/dotfiles ~/.dotfiles -
Symlink all dotfiles into their canonical locations (
$HOME,~/.config,~/Library/KeyBindings) via git-tracked files only — sets up.zshenv,.zshrc, nvim, ghostty, karabiner, etc. in one shot. Does NOT touch~/.claude(that's step 10).~/.dotfiles/bootstrap/symlink.sh exec zsh # load .zshenv → $HOMEBREW_BUNDLE_FILE_GLOBAL + $ZSH_CUSTOM
-
Install oh-my-zsh + external custom plugins (must run before any interactive zsh —
~/.zshrcsources$ZSH/oh-my-zsh.shand expects$ZSH_CUSTOM/plugins/*to exist):~/.dotfiles/bootstrap/omz.sh -
Install everything from the Brewfile (pulls
jq,1password-cli, and the rest):brew bundle --global
-
Sync
~/.claude— depth-2 per-item symlinks insideskills/,hooks/,rules/, plus file-level links forCLAUDE.mdandsettings.json. Uses theccsynczsh function (loaded viazsh/custom/agents.zshafter step 7'sexec zsh):ccsync
-
Sign in to the 1Password CLI:
eval "$(op signin)"
-
Materialise
~/.sshfrom 1Password (config + all*.pubfiles):~/.dotfiles/bootstrap/ssh.shVerify:
ssh -v vps 'echo ok' 2>&1 | grep -E 'Offering public key|Authenticated to'
-
Materialise per-user secret files (
~/.npmrc, future~/.aws/credentials, etc.) from 1Password documents:~/.dotfiles/bootstrap/secrets.sh -
Switch the dotfiles remote from HTTPS to SSH (mandatory — so future
git pushfrom this repo uses the 1Password agent, not theghHTTPS creds):git -C ~/.dotfiles remote set-url origin \ [email protected]:theodrosyimer/dotfiles.git git -C ~/.dotfiles fetch # sanity check
-
Vaults named
Dev PersoandPro(or whateverVAULTS=()inbootstrap/ssh.shlists). -
SSH Key items in those vaults, titled so that the slug rule (lowercase,
" - "→"_") produces the filename that~/.ssh/configreferences. -
Document titled
ssh configinDev Perso, content is the full~/.ssh/config. Create with:op document create ~/.ssh/config --title "ssh config" --vault "Dev Perso"
Update after local edits:
op document edit "ssh config" --vault "Dev Perso" ~/.ssh/config
-
One Document per entry in the
SECRETStable ofbootstrap/secrets.sh. Currently:npmrcinDev Perso→ body of~/.dotfiles/npm/.npmrc(~/.npmrcis a symlink, created by the script after fetch)
Create from current machine:
op document create ~/.dotfiles/npm/.npmrc --title "npmrc" --vault "Dev Perso"
Update after local edits:
op document edit "npmrc" --vault "Dev Perso" ~/.dotfiles/npm/.npmrc