Ansible playbook to bootstrap a development machine from scratch. Supports macOS (Homebrew) and Linux (Debian/Ubuntu via apt).
| Category | Tools |
|---|---|
| Shell | zsh, Oh-My-Zsh, Powerlevel10k, zsh-autosuggestions |
| Terminal | Alacritty, iTerm2 (macOS only), FiraCode Nerd Font |
| Editor | Neovim, VS Code |
| Window manager | Yabai + skhd (macOS only) |
| Dev tools | tmux, lazygit, fzf, ripgrep, stow, yt-dlp, tldr |
| Languages | Node.js (via nvm), Python 3.11 (via pyenv) |
| Browsers | Firefox, Brave, Google Chrome |
| Productivity | Obsidian, Thunderbird, draw.io, JetBrains Toolbox |
| Communication | WhatsApp, Signal, Discord |
| VPN & Security | ProtonVPN, Proton Mail Bridge, Wireguard, YubiKey tools |
| Cloud | Synology Drive |
| Media | Spotify, VLC |
| Design | GIMP, Darktable, Figma, Affinity Photo/Designer (macOS only) |
| Dotfiles | Clones and stows javierguzman/.dotfiles |
- macOS: Nothing — the playbook installs Homebrew if missing
- Linux:
curl,python3,pip3
Install Ansible first:
python3 -m pip install ansible
ansible-galaxy collection install community.generalgit clone https://github.com/javierguzman/dev-machine-setup.git
cd dev-machine-setup
ansible-playbook init.yml -K-K prompts for your sudo password (needed for system-level installs).
# Only install dev tools
ansible-playbook init.yml -K --tags "git"
# Skip design tools
ansible-playbook init.yml -K --skip-tags "design"dev-machine-setup/
├── init.yml # Main playbook entry point
├── install.sh # Bootstrap: installs Ansible
└── tasks/
├── yubikey.yml # YubiKey, GPG, SSH config
├── git-setup.yml # Git global config + GPG signing
├── core-setup.yml # Core CLI tools
├── zsh.yml # Shell setup
├── prodev.yml # Neovim, tmux, lazygit, yabai, skhd
├── node.yml # Node.js via nvm
├── python.yml # Python via pyenv
├── dev-tools.yml # VSCode, Chrome, Insomnia
├── office.yml # Browsers, Obsidian, Thunderbird, JetBrains, Proton, Synology
├── social.yml # WhatsApp, Signal, Discord
├── design.yml # GIMP, Darktable, Figma, draw.io
├── multimedia.yml # Spotify, VLC
└── dotfiles.yml # Clone and stow dotfiles
The playbook installs all required tools and writes config files automatically. However, the GPG key and SSH key live on the physical YubiKey and cannot be automated — they require manual steps.
- Installs
gpg-suite/gnupg2,scdaemon,pcscd - Installs
yubico-piv-toolandykman - Writes
~/.gnupg/gpg-agent.conf,gpg.conf,dirmngr.conf - Writes
~/.ssh/configwith the correct PKCS#11 library path - Configures git to sign commits with GPG
- On Linux: enables and starts
pcscdservice
Do these steps with your YubiKey inserted.
gpg --card-statusYou should see your card info and key stubs. If not, check that pcscd is running (Linux: sudo systemctl start pcscd).
Fetch from the keyserver:
gpg --recv-keys 34D3A6FB8181BEA7Or import from a file if you have a backup:
gpg --import your-public-key.ascgpg --edit-key 34D3A6FB8181BEA7Inside the GPG prompt:
gpg> trust
Your decision? 5 (ultimate trust — this is your own key)
gpg> quit
echo "test" | gpg --clearsignYour YubiKey should blink and ask for your PIN.
ssh-add -LYou should see your public key prefixed with cardno:.
ssh -T [email protected]Expected output: Hi javierguzman! You've successfully authenticated...
- The PKCS#11 library path is
/usr/lib/x86_64-linux-gnu/libykcs11.so - If
ssh-add -Lshows nothing, start the agent manually:ssh-agent -s -P '/usr/lib/x86_64-linux-gnu/libykcs11.so' ssh-add -s /usr/lib/x86_64-linux-gnu/libykcs11.so - If GPG can't see the card, restart pcscd:
sudo systemctl restart pcscd gpg-connect-agent reloadagent /bye
- GPG Suite provides
pinentry-macwhich shows a native macOS dialog for the PIN - The SSH agent is configured in
~/.zshrcand loads automatically on shell start vialibykcs11.dylib - If the card is not detected after re-inserting the YubiKey:
gpg-connect-agent reloadagent /bye