For use inside my DevPod containers make sure it is included like so:
Note that this is using the HTTPS addres to avoid auth issues with sudo not being on some of the images that I use.
Double note that when downloading a project you want to do the opposite and use the ssh not HTTPS to ensure git creds work with commits and you don't have to reauth
When running DevPod in the UI be sure to set your dotfile repo under:
settings -> Customization -> Dotfiles
pass in --dotfiles argument when running DevPod up for example:
devpod up https://github.com/example/repo --dotfiles https://github.com/my-user/my-dotfiles-repoIn this repos case:
devpod up https://github.com/example/repo --dotfiles https://github.com/Rich107/dotfilesDevPod will look for the following file names and execute them:
- install.sh 👈️ This is what I will be using
- install
- bootstrap.sh
- bootstrap
- script/bootstrap
- setup.sh
- setup
- script/setup
My preference is to keep my Neovim/TMUX dotfiles separate to make them easier to maintain on my mac. Ideally I want one nvim and one TMUX config
- These dotfiles will be used on a linux based container either running on a linux host or mac host (have not tested windows or linux)
- The project devcontainer.json will have the neovim feature installing neovim 0.8 or higher
This repo doesn’t store secrets. Use a 1Password Service Account and the CLI to pull dev_local.py on demand.
- 1Password account (Business/Team) with access to a vault you control
- 1Password CLI v2+ installed: https://developer.1password.com/docs/cli/get-started/
jqinstalled (for JSON parsing)
- Create a vault
- In 1Password web: New → Vault → name it (e.g., “Dev Secrets”).
- Add
dev_local.pyto the vault- Option A (Document): New → Document → upload
dev_local.py→ name itdev_local.py. - Option B (Item with file attachment): New → Secure Note (or any item) → Attach file
dev_local.py→ ensure the item name isdev_local.py(or remember it).
- Option A (Document): New → Document → upload
- Create a Service Account and token
- 1Password web → Developer → Service Accounts → New Service Account.
- Scope: Read access to your chosen vault.
- Copy the generated token and store it securely (you’ll pass it to the script).
Notes:
- Service Account tokens do not require device pairing and work non-interactively.
- Keep the token out of your shell history; prefer env vars or a manager.
This repo includes fetch_dev_local.sh which:
- Takes the Service Account token as the first argument
- Asks for: vault name and destination path
- Downloads
dev_local.pyfrom the vault and saves it
Usage:
./fetch_dev_local.sh "<OP_SERVICE_ACCOUNT_TOKEN>"You’ll be prompted for:
- Vault name (e.g., Dev Secrets)
- Item/file name (defaults to
dev_local.py) - Destination path (full path, defaults to
/tmp/dev_local.py)
- op not found: install the CLI and ensure it’s on PATH.
- Vault not accessible: confirm the Service Account has read access to that vault.
- Item not found: confirm the name in 1Password matches
dev_local.pyor enter the exact item/document name when prompted. - Attachments vs documents: the script handles both a Document named
dev_local.pyand an Item with a file attachment.
- The token isn’t stored; it’s used only for the current run.
- Output file is chmod 600.
- Don’t commit the token or
dev_local.pyto git.
- Sort out clip board access:
- Right now only copying from neovim gets back to the host outside the container
- Copying branch names from lazygit fails
- Look at using clipper: -Using clipper to pip to clipboard
- Fix lazygit being able to open PRs by using the host machines browser