Build your development environment on a macOS machine:
- On your local machine to contain your environment inside a dedicated machine (local VM, remote server...)
- Provision the environment using Ansible (for programs, libraries, development tools...)
- Load your dotfiles directly from the repo
The environment is provisioned with my personal setup:
- Shell: zsh, prezto and powerlevel9k
- Some Ruby versions (using rbenv)
- Vim (8, installed from the source). With vim-plug and custom settings.
NB: this environment is provisioned for me! Though you could totally use it to build your own environment, I recommend you to fork it and adjust it to your needs.
- You should use iTerm as a terminal application on MacOS X. To have your tmux buffer automatically copied to your macOS' clipboard, simply enable the "Applications in terminal may access clipboard" option in iTerm.
- If you want to develop within Vagrant, it must be installed and working with a default provider.
If you want to have several environment, e.g. one for work, one for personal projects, you can have the following directories:
/some/path/myenv/some/path/work/some/path/personal
Prerequisites:
- Working installation of Homebrew.
cd ~
git clone https://github.com/rchampourlier/myenv.git
myenv/provisioning/scripts/install_deps_osx.sh
myenv/prepare_provisioning.sh
myenv/provisioning/scripts/ansible_base.sh
- Generate SSH keys for Github, Gitlab and Bitbucket with
ssh-keygen -t rsa -b 4096 -C "email@host+service" - Add the generated public keys to each service
1. Create a subkey from your master key
This subkey will be sent to the server so it can be revoked if it leaks.
- Find your key ID:
gpg --list-keys yourname. gpg --edit-key YOURMASTERKEYID.- At the gpg> prompt:
addkey. - This asks for your passphrase, type it in.
- Choose the "RSA (sign only)" key type.
- It would be wise to choose 4096 (or 2048) bit key size.
- Once your done, be sure to type
save
(NB: tutorial from https://wiki.debian.org/Subkeys)
2. Find the subkey ID
gpg --edit-key YOURMASTERKEYID- You should find the new subkey in the list with its ID following
rsa4096if you chose this algo/size. - Export the subkeys:
gpg --output $HOME/subkeys.gpg --export-secret-subkeys SUBKEY_ID - Copy the exported subkeys to the server:
scp $HOME/subkeys.gpg $GUEST_USER@$HOST:~/subkeys.gpg - On the remote server, import the subkeys:
gpg --import subkeys.gpg && gpg2 --import subkeys.gpg - Check on the server that
gpg -Kdisplayssec#and notsec, meaning the secret key is not present for your master key.
- Clone PasswordStore repository into ~/.password-store.
- Test you can correctly decrypt passwords. The GPG subkeys imported earlier should work.
If you have an Ansible role (e.g. opensource):
- Add the role's URL to
provisioning/roles_dep.txt - Run
prepare_provisioning.sh - Reprovision with
myenv/provisioning/scripts/ansible_base.sh
- Edit
configuration/runcoms/vimrcand add the desiredPlug...in the "Load plugins" section. - Run
vagrant provision(on the host)
- If it's a system common package, add it to
provisioning/roles_local/system. - Otherwise, create the appropriate role and add it to
provisioning/playbook.yml.
This replays the Ansible playbooks:
$HOME/myenv/provisioning/scripts/ansible_base.sh
$HOME/myenv/provisioning/scripts/ansible_server.sh
You should also regularly update the Ansible recipes depended on. For this,
replay the prepare_provisioning script:
$HOME/myenv/prepare_provisioning
Pass is installed for password management. The storage must be retrieved manually, as well as the GPG secret key.
Several Ansible roles are really simple and, while they should generally do the job of provisioning some component, they may not be idem-potent, efficient, or be able to perform upgrades. Improving these roles or relying on community-maintained ones is a todo.