Dotty

Ansible-first system provisioner for macOS and Linux.

Quick Start

sh -c "$(curl -fsSL https://raw.github.com/gplancke/dotty/main/bootstrap.sh)"

The bootstrap script installs Python, pip, and Ansible, then clones this repo and runs the main playbook. You'll be prompted to choose an install mode, whether to install GUI apps, and enter the vault password.

What It Does

Dotty provisions a fresh machine in five phases:

1. Essentials — Core build tools and dependencies per distro
2. Package managers — Homebrew, Nix, Mise, Docker (based on feature flags)
3. System packages — Distro-specific packages, GUI casks on macOS, Flatpak on Linux
4. Dotfiles — Managed via chezmoi with age encryption
5. Shell — Shell configuration and directory structure

Install Modes

The bootstrap script prompts for one of three modes:

Mode	Description
minimal	Bare essentials — no Docker, fewer packages
dev (default)	Development workstation — all CLI tools, no GUI apps by default
full	Everything in dev + extra packages (Flutter, Java, Ruby, etc.)

A separate install_gui flag (default false) controls GUI app installation independently of the mode. This allows combinations like dev + GUI or full without GUI.

Supported Platforms

• macOS (ARM64 + Intel)
• Debian / Ubuntu
• RedHat / Fedora
• Arch Linux
• Alpine Linux

Minimum Requirements

• curl or wget
• git
• Internet access
• sudo access (non-root user)

Re-running

You can safely re-run dotty at any time. Key behaviors:

• Switching install_mode — The chezmoi config is re-deployed every run, so dotfiles reflect the new mode immediately.
• Package managers are install-only — Homebrew, Mise, Docker, and Nix are installed but never removed. Switching to minimal mode skips those roles but does not uninstall previously-installed tools. To fully clean up, uninstall unwanted tools manually.
• Idempotent — Every role is safe to run repeatedly. Re-running on an already-provisioned machine is a no-op for components that are already present.

Gotchas

• macOS: Xcode CLT — Must be installed before running bootstrap. The script will prompt but exits if missing.
• macOS: Nix on Sequoia + FileVault — The automated Nix installer fails. Install the .pkg manually from nixos.org.
• macOS: No Docker Desktop — Licensing concerns. Use Colima or OrbStack instead.
• macOS: pip --break-system-packages — Handled automatically by the bootstrap script.
• All: Restart your shell after provisioning for Mise / Nix to be available on $PATH.

Configuration

Feature flags and variables live in group_vars/all/main.yml. Key toggles:

• install_homebrew — Always enabled
• install_nix — Disabled by default
• install_mise — Always enabled
• install_docker — Enabled for dev/full
• install_gui — GUI apps (casks / Flatpak), default false

Secrets (chezmoi age key) are stored in group_vars/all/vault.yml (Ansible Vault encrypted).

Project Structure

.
├── bootstrap.sh              # Curl-pipeable entry point
├── site.yml                  # Main playbook
├── ansible.cfg
├── requirements.yml          # Ansible Galaxy dependencies
├── Makefile
├── inventory/
│   └── hosts.yml
├── group_vars/
│   └── all/
│       ├── main.yml          # Feature flags and variables
│       └── vault.yml         # Encrypted secrets
└── roles/
    ├── essentials/           # Core build tools per distro
    ├── directories/          # User directory structure
    ├── shell/                # Shell configuration
    ├── homebrew/             # Homebrew install
    ├── nix/                  # Nix install
    ├── mise/                 # Mise runtime manager
    ├── docker/               # Docker per distro
    ├── system-packages/      # Distro packages, GUI casks, Flatpak
    ├── user-packages/        # User packages (brew, nix, mise)
    └── chezmoi/              # Dotfiles with age encryption