Skip to main content

144. Separation of Infrastructure and Dotfiles

Status: Accepted Date: 2025-07-06

Context

When setting up a development machine, there are two distinct types of configuration:

  1. Infrastructure Configuration: This involves setting up the base system. Installing system-wide packages (like docker, python), configuring system services, setting up user accounts, etc. This configuration is generally shared and consistent for a given server type.
  2. Personal Environment Configuration: This involves setting up a user's personal development environment. This includes their shell configuration (.zshrc), editor settings, Git identity (.gitconfig), SSH keys, and personal scripts. This configuration is highly personal and unique to each user.

Conflating these two types of configuration in a single system (e.g., trying to manage everyone's personal .zshrc in Ansible) would be a nightmare. It would violate privacy, create merge conflicts, and be impossible to maintain.

Decision

We will maintain a strict separation between infrastructure and personal environment configuration.

  • Ansible's Responsibility: The Ansible project (platform/infra/ansible) is responsible only for infrastructure configuration. It sets up the machine to a baseline state, providing the necessary tools and services. It should not manage any user-specific "dotfiles".
  • Dotfiles' Responsibility: Each user's personal environment is managed in their own private Git repository, known as their "dotfiles". This repository is the single source of truth for their personal setup.

The 27_chezmoi Ansible role acts as the bridge between these two worlds. Its sole purpose is to install the dotfile manager (chezmoi) and run it to pull down and apply the user's personal configuration from their private repository.

Consequences

Positive:

  • Clear Separation of Concerns: This is the most significant benefit. It creates a clean, logical boundary between what the system provides and what the user configures. This makes both systems vastly simpler and easier to reason about.
  • User Autonomy: Developers have full autonomy over their personal development environment. They can manage their dotfiles in Git, as all developers should, without needing to ask for changes to the central Ansible repository.
  • Security and Privacy: Users' personal configurations, including private SSH keys and Git identities, are kept in their own private repositories, not in the shared infrastructure repository.
  • Scalability: This model scales perfectly. To add a new developer, we don't need to change the Ansible code at all. They simply manage their own dotfiles repository.

Negative:

  • Requires a Bridge: This separation necessitates a bridging mechanism, which in our case is the 27_chezmoi role. This role is a critical dependency.

Mitigation:

  • A Well-Defined Bridge: The chezmoi role is a simple, well-defined, and robust bridge. Its job is minimal: install a tool, and run one command (chezmoi apply). The complexity it manages is far greater than the complexity it introduces. This is a clear architectural win.