https://recca0120.github.io/en/tags/chezmoi/Recent content in Chezmoi on recca0120 Tech NotesHugo -- gohugo.ioenMon, 13 Apr 2026 15:30:00 +0800https://recca0120.github.io/en/2026/04/13/chezmoi-dotfiles-management/Mon, 13 Apr 2026 15:30:00 +0800https://recca0120.github.io/en/2026/04/13/chezmoi-dotfiles-management/<img src="https://recca0120.github.io/" alt="Featured image of post chezmoi: One Dotfiles Repo Across macOS, Linux, and Windows" /><p>My work machine is a MacBook, my home desktop runs Linux, and the company handed me a Windows NUC. All three need synced <code>.gitconfig</code>, <code>.zshrc</code>, <code>.tmux.conf</code> — but each OS has quirks. Windows needs <code>sslCAInfo</code> pointing at scoop&rsquo;s git cert bundle; macOS uses Homebrew; Linux uses apt.</p> <p>I used to hack it with symlinks and shell scripts. Now I use <a class="link" href="https://github.com/twpayne/chezmoi" target="_blank" rel="noopener" >chezmoi</a>. One dotfiles repo, three machines, one-line setup.</p> <h2 id="why-not-stow-yadm-or-dotbot"><a href="#why-not-stow-yadm-or-dotbot" class="header-anchor"></a>Why Not stow, yadm, or dotbot </h2><p>Plenty of dotfiles managers exist. chezmoi wins on three fronts:</p> <ol> <li><strong>Go templates</strong>: the same file renders differently per OS, no need to maintain three <code>.gitconfig</code> variants</li> <li><strong>Native encryption</strong>: age and gpg are first-class, so secrets can live in a public repo</li> <li><strong>onchange scripts</strong>: the Homebrew bootstrap only re-runs when the package list actually changes</li> </ol> <p>stow is pure symlinks, no templating. yadm wraps git, templating via plugins. dotbot needs a YAML manifest. chezmoi bundles it all into one binary.</p> <h2 id="install-and-init"><a href="#install-and-init" class="header-anchor"></a>Install and Init </h2><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># macOS</span> </span></span><span class="line"><span class="cl">brew install chezmoi </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># Linux</span> </span></span><span class="line"><span class="cl">sh -c <span class="s2">&#34;</span><span class="k">$(</span>curl -fsLS get.chezmoi.io<span class="k">)</span><span class="s2">&#34;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># Windows</span> </span></span><span class="line"><span class="cl">winget install twpayne.chezmoi </span></span></code></pre></td></tr></table> </div> </div><p>Bootstrap a new machine from an existing repo:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">chezmoi init --apply https://github.com/YOUR_USERNAME/dotfiles.git </span></span></code></pre></td></tr></table> </div> </div><p>That single line clones the repo, runs the template engine, and writes everything to <code>$HOME</code>.</p> <h2 id="filename-attribute-system"><a href="#filename-attribute-system" class="header-anchor"></a>Filename Attribute System </h2><p>chezmoi uses <strong>filename prefixes</strong> to encode behavior. The repo layout itself is the manifest — no separate config needed.</p> <table> <thead> <tr> <th>Prefix</th> <th>Effect</th> <th>Example</th> </tr> </thead> <tbody> <tr> <td><code>dot_</code></td> <td>Target is a hidden file</td> <td><code>dot_zshrc</code> → <code>~/.zshrc</code></td> </tr> <tr> <td><code>private_</code></td> <td>User-only permissions (0600)</td> <td><code>private_dot_ssh</code> → <code>~/.ssh</code></td> </tr> <tr> <td><code>executable_</code></td> <td>Sets executable bit</td> <td><code>executable_bin_foo</code></td> </tr> <tr> <td><code>encrypted_</code></td> <td>age/gpg encrypted</td> <td><code>encrypted_dot_env</code></td> </tr> <tr> <td><code>symlink_</code></td> <td>Creates a symlink</td> <td><code>symlink_dot_bashrc</code></td> </tr> <tr> <td><code>readonly_</code></td> <td>Strips write permissions</td> <td><code>readonly_dot_config.toml</code></td> </tr> <tr> <td><code>.tmpl</code> suffix</td> <td>Run through template engine</td> <td><code>dot_gitconfig.tmpl</code></td> </tr> </tbody> </table> <p>Prefixes stack. My repo has combinations like:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">private_executable_dot_php-cs-fixer.dist.php → ~/.php-cs-fixer.dist.php (0700) </span></span><span class="line"><span class="cl">private_dot_ssh/ → ~/.ssh (whole dir at 0700) </span></span></code></pre></td></tr></table> </div> </div><h2 id="templates-for-machine-differences"><a href="#templates-for-machine-differences" class="header-anchor"></a>Templates for Machine Differences </h2><p>This is chezmoi&rsquo;s killer feature. My <code>dot_gitconfig.tmpl</code>:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-gotmpl" data-lang="gotmpl"><span class="line"><span class="cl"><span class="x">[user] </span></span></span><span class="line"><span class="cl"><span class="x"> name = </span><span class="cp">{{</span><span class="w"> </span><span class="na">.name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">quote</span><span class="w"> </span><span class="cp">}}</span><span class="x"> </span></span></span><span class="line"><span class="cl"><span class="x"> email = </span><span class="cp">{{</span><span class="w"> </span><span class="na">.email</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">quote</span><span class="w"> </span><span class="cp">}}</span><span class="x"> </span></span></span><span class="line"><span class="cl"><span class="x"> </span></span></span><span class="line"><span class="cl"><span class="x">[http] </span></span></span><span class="line"><span class="cl"><span class="x"> sslBackend = openssl </span></span></span><span class="line"><span class="cl"><span class="cp">{{</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="k">eq</span><span class="w"> </span><span class="na">.chezmoi.os</span><span class="w"> </span><span class="s">&#34;windows&#34;</span><span class="w"> </span><span class="cp">-}}</span><span class="x"> </span></span></span><span class="line"><span class="cl"><span class="x"> sslCAInfo = </span><span class="cp">{{-</span><span class="w"> </span><span class="na">.chezmoi.homeDir</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">replace</span><span class="w"> </span><span class="s">&#34;\\&#34;</span><span class="w"> </span><span class="s">&#34;/&#34;</span><span class="w"> </span><span class="cp">-}}</span><span class="x">/scoop/apps/git/current/mingw64/ssl/certs/ca-bundle.crt </span></span></span><span class="line"><span class="cl"><span class="cp">{{</span><span class="w"> </span><span class="k">end</span><span class="w"> </span><span class="cp">}}</span><span class="x"> </span></span></span><span class="line"><span class="cl"><span class="x"> </span></span></span><span class="line"><span class="cl"><span class="x">[core] </span></span></span><span class="line"><span class="cl"><span class="x"> autocrlf = false </span></span></span><span class="line"><span class="cl"><span class="x"> symlinks = true </span></span></span></code></pre></td></tr></table> </div> </div><p><code>.name</code> and <code>.email</code> come from <code>~/.config/chezmoi/chezmoi.toml</code>, so each machine can have its own values. The <code>{{ if eq .chezmoi.os &quot;windows&quot; }}</code> block only expands on Windows. On apply, chezmoi strips the <code>.tmpl</code> and writes a clean <code>.gitconfig</code>.</p> <p>Built-in variables I reach for constantly:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-gotmpl" data-lang="gotmpl"><span class="line"><span class="cl"><span class="cp">{{</span><span class="w"> </span><span class="na">.chezmoi.os</span><span class="w"> </span><span class="cp">}}</span><span class="x"> # &#34;darwin&#34; / &#34;linux&#34; / &#34;windows&#34; </span></span></span><span class="line"><span class="cl"><span class="cp">{{</span><span class="w"> </span><span class="na">.chezmoi.arch</span><span class="w"> </span><span class="cp">}}</span><span class="x"> # &#34;amd64&#34; / &#34;arm64&#34; </span></span></span><span class="line"><span class="cl"><span class="cp">{{</span><span class="w"> </span><span class="na">.chezmoi.hostname</span><span class="w"> </span><span class="cp">}}</span><span class="x"> # machine name </span></span></span><span class="line"><span class="cl"><span class="cp">{{</span><span class="w"> </span><span class="na">.chezmoi.username</span><span class="w"> </span><span class="cp">}}</span><span class="x"> # login user </span></span></span><span class="line"><span class="cl"><span class="cp">{{</span><span class="w"> </span><span class="na">.chezmoi.homeDir</span><span class="w"> </span><span class="cp">}}</span><span class="x"> # home directory </span></span></span></code></pre></td></tr></table> </div> </div><p>Preview a template without applying:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">chezmoi execute-template &lt; dot_gitconfig.tmpl </span></span></code></pre></td></tr></table> </div> </div><h2 id="age-encryption-for-secrets"><a href="#age-encryption-for-secrets" class="header-anchor"></a>Age Encryption for Secrets </h2><p>My repo is public, but it contains an SSH key and database password backups. Those are encrypted with <a class="link" href="https://github.com/FiloSottile/age" target="_blank" rel="noopener" >age</a> before they ever hit a commit.</p> <p>Generate an age key:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">age-keygen -o ~/key.txt </span></span><span class="line"><span class="cl"><span class="c1"># Public key: age1examplepublickeyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</span> </span></span></code></pre></td></tr></table> </div> </div><p>Configure <code>~/.config/chezmoi/chezmoi.toml</code>:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-toml" data-lang="toml"><span class="line"><span class="cl"><span class="nx">encryption</span> <span class="p">=</span> <span class="s2">&#34;age&#34;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="p">[</span><span class="nx">age</span><span class="p">]</span> </span></span><span class="line"><span class="cl"> <span class="nx">identity</span> <span class="p">=</span> <span class="s2">&#34;~/key.txt&#34;</span> </span></span><span class="line"><span class="cl"> <span class="nx">recipient</span> <span class="p">=</span> <span class="s2">&#34;age1examplepublickeyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&#34;</span> </span></span></code></pre></td></tr></table> </div> </div><p>Add files with <code>--encrypt</code>:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">chezmoi add --encrypt ~/.ssh/id_ed25519 </span></span></code></pre></td></tr></table> </div> </div><p>The repo only ever stores <code>private_dot_ssh/encrypted_private_id_ed25519.age</code> — opaque ciphertext. On apply, chezmoi decrypts using <code>~/key.txt</code> and writes the plaintext to the target.</p> <p><strong>The one catastrophic footgun</strong>: <code>key.txt</code> itself <strong>must never land in the repo</strong>. My workflow: GPG-encrypt it and stash it in a password manager. New machines must restore <code>key.txt</code> manually before running <code>chezmoi init --apply</code>.</p> <h2 id="run_onchange-reinstall-only-when-lists-change"><a href="#run_onchange-reinstall-only-when-lists-change" class="header-anchor"></a>run_onchange: Reinstall Only When Lists Change </h2><p>My <code>.chezmoiscripts/darwin/run_onchange_00_install-packages.sh.tmpl</code>:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="o">{{</span> <span class="k">if</span> eq .chezmoi.os <span class="s2">&#34;darwin&#34;</span> -<span class="o">}}</span> </span></span><span class="line"><span class="cl"><span class="c1">#!/bin/bash</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">brew install mas </span></span><span class="line"><span class="cl">brew install asdf </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">asdf plugin add nodejs </span></span><span class="line"><span class="cl">asdf install nodejs latest </span></span><span class="line"><span class="cl">asdf <span class="nb">set</span> nodejs latest </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># ... many more asdf installs</span> </span></span><span class="line"><span class="cl"><span class="o">{{</span> end -<span class="o">}}</span> </span></span></code></pre></td></tr></table> </div> </div><p>The <code>run_onchange_</code> prefix is the key: chezmoi only runs this script when its <strong>content hash changes</strong>. Unchanged package list means no re-run — no more five-minute <code>brew install</code> cycles through already-installed tools on every <code>chezmoi apply</code>.</p> <p>Script naming variants:</p> <table> <thead> <tr> <th>Prefix</th> <th>When It Runs</th> </tr> </thead> <tbody> <tr> <td><code>run_once_</code></td> <td>Once per machine, ever, for given content</td> </tr> <tr> <td><code>run_onchange_</code></td> <td>Whenever the contents change</td> </tr> <tr> <td><code>run_onchange_before_</code></td> <td><strong>Before</strong> file application (install package manager first)</td> </tr> <tr> <td><code>run_onchange_after_</code></td> <td><strong>After</strong> file application (enable fish plugins last)</td> </tr> </tbody> </table> <p>The numeric prefix (<code>00_</code>, <code>01_</code>, <code>02_</code>) controls execution order.</p> <h2 id="chezmoiroot-source-lives-in-a-subdirectory"><a href="#chezmoiroot-source-lives-in-a-subdirectory" class="header-anchor"></a>.chezmoiroot: Source Lives in a Subdirectory </h2><p>All my files live under <code>home/</code>:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span><span class="lnt">9 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">dotfiles/ </span></span><span class="line"><span class="cl">├── .chezmoiroot # contains just &#34;home&#34; </span></span><span class="line"><span class="cl">├── Readme.md </span></span><span class="line"><span class="cl">├── install.sh </span></span><span class="line"><span class="cl">├── install.ps1 </span></span><span class="line"><span class="cl">└── home/ </span></span><span class="line"><span class="cl"> ├── dot_zshrc.tmpl </span></span><span class="line"><span class="cl"> ├── dot_gitconfig.tmpl </span></span><span class="line"><span class="cl"> └── .chezmoiscripts/ </span></span></code></pre></td></tr></table> </div> </div><p><code>.chezmoiroot</code> tells chezmoi &ldquo;source files are under <code>home/</code>&rdquo;. Now the repo root can host a README, install scripts, and other project artifacts without chezmoi trying to apply them as dotfiles.</p> <p>Great for treating your dotfiles repo like a normal project.</p> <h2 id="chezmoiignore-skip-certain-files"><a href="#chezmoiignore-skip-certain-files" class="header-anchor"></a>.chezmoiignore: Skip Certain Files </h2><p>Same syntax as <code>.gitignore</code>, but it supports templates:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">README.md </span></span><span class="line"><span class="cl">LICENSE </span></span><span class="line"><span class="cl">{{ if ne .chezmoi.os &#34;darwin&#34; }} </span></span><span class="line"><span class="cl">.aerospace.toml </span></span><span class="line"><span class="cl">Library/ </span></span><span class="line"><span class="cl">{{ end }} </span></span></code></pre></td></tr></table> </div> </div><p>Non-macOS machines skip the aerospace window manager config and the Library folder.</p> <h2 id="command-cheat-sheet"><a href="#command-cheat-sheet" class="header-anchor"></a>Command Cheat Sheet </h2><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span><span class="lnt">9 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">chezmoi add ~/.vimrc <span class="c1"># track an existing file</span> </span></span><span class="line"><span class="cl">chezmoi add --encrypt ~/.env <span class="c1"># track encrypted</span> </span></span><span class="line"><span class="cl">chezmoi edit ~/.zshrc <span class="c1"># edit the source file directly</span> </span></span><span class="line"><span class="cl">chezmoi diff <span class="c1"># show pending changes</span> </span></span><span class="line"><span class="cl">chezmoi apply <span class="c1"># write to $HOME</span> </span></span><span class="line"><span class="cl">chezmoi apply --dry-run -v <span class="c1"># preview without writing</span> </span></span><span class="line"><span class="cl">chezmoi <span class="nb">cd</span> <span class="c1"># jump to source directory</span> </span></span><span class="line"><span class="cl">chezmoi update <span class="c1"># git pull + apply</span> </span></span><span class="line"><span class="cl">chezmoi doctor <span class="c1"># check environment health</span> </span></span></code></pre></td></tr></table> </div> </div><p><code>chezmoi doctor</code> reports the status of encryption tools, template engine, git, and friends. First thing to run when a new machine misbehaves.</p> <h2 id="combined-with-zoxide-fish-and-more"><a href="#combined-with-zoxide-fish-and-more" class="header-anchor"></a>Combined with <a class="link" href="https://recca0120.github.io/en/2026/04/13/zoxide-smarter-cd/" >zoxide</a>, fish, and More </h2><p>My fish config, zoxide init, tmux plugins — all managed by chezmoi. New machine ritual:</p> <ol> <li>Restore the age key</li> <li><code>sh -c &quot;$(curl -fsLS get.chezmoi.io)&quot; -- init --apply recca0120</code></li> <li>run_onchange scripts install CLI tools via brew / apt / scoop</li> <li>All configs land in place</li> <li>Open fish — zoxide, starship, fzf are already wired up</li> </ol> <p>About 20 minutes end to end, most of it waiting on <code>brew install</code> downloads.</p> <h2 id="downsides-and-gotchas"><a href="#downsides-and-gotchas" class="header-anchor"></a>Downsides and Gotchas </h2><p>chezmoi isn&rsquo;t free of friction:</p> <ul> <li><strong>Template learning curve</strong>: Go template syntax isn&rsquo;t beginner-friendly. Whitespace handling with <code>{{- }}</code> vs. <code>{{ }}</code> takes practice</li> <li><strong>Painful debugging</strong>: template expansion errors are terse — I lean on <code>chezmoi execute-template</code> to isolate problems</li> <li><strong>Age key stewardship</strong>: lose the key, lose every encrypted file forever. Back it up separately (I GPG-encrypt and park it in a password manager)</li> <li><strong>First apply is destructive</strong>: if <code>$HOME</code> already has hand-edited dotfiles, apply overwrites them. Always <code>chezmoi diff</code> first</li> </ul> <h2 id="references"><a href="#references" class="header-anchor"></a>References </h2><ul> <li><a class="link" href="https://github.com/twpayne/chezmoi" target="_blank" rel="noopener" >chezmoi GitHub Repository</a></li> <li><a class="link" href="https://www.chezmoi.io/" target="_blank" rel="noopener" >chezmoi Official Documentation</a></li> <li><a class="link" href="https://www.chezmoi.io/quick-start/" target="_blank" rel="noopener" >chezmoi Quick Start</a></li> <li><a class="link" href="https://github.com/FiloSottile/age" target="_blank" rel="noopener" >age — Simple File Encryption</a></li> <li><a class="link" href="https://natelandau.com/managing-dotfiles-with-chezmoi/" target="_blank" rel="noopener" >Managing Dotfiles With Chezmoi — Nathaniel Landau</a></li> </ul>