One Core. Every machine. Zero drift.
A cross-platform dotfiles system that is authored once and fans out to every OS you touch — Mac, Windows, and five Linux distros — plus a red-team and a blue-team layer that stay in lock-step. Fix a thing in one place; it lands everywhere.
Most dotfiles repos are a single tangle that works on exactly one machine. Copy it to a second box and you start forking — a tweak here, an OS quirk there — and six months later you have four subtly different setups and no idea which one is right.
dotgibson refuses to let that happen. The shared config lives in exactly
one place, dotfiles-core, and is
vendored into every machine via git subtree. A defect fixed once fans out
N-way. There is no "which copy is canonical" — there is only Core.
edit once ──▶ make audit ──▶ make sync ──▶ live on every machine
Everything you configure answers to one question: what does it change with?
| Layer | Changes with… | Owns | Repos |
|---|---|---|---|
| 🧬 Core | nothing — it's identical everywhere | zsh modules, tmux, Neovim, git, starship | dotfiles-core |
| 💻 OS-native | the operating system | package manager, clipboard, paths | MacBook · Windows · Fedora · Arch · openSUSE · Alpine · Gentoo |
| 🎭 Role | the operator | offense vs. defense tooling | Kali (red) · Defense (blue) |
The test: if it changes when the OS changes, it's not Core. If it changes when you as an operator change, it's not Core. Everything left over is Core.
The two Role repos are deliberate mirrors of each other:
- dotfiles-Kali — offensive engagement scaffolding, an exploit-dev companion, evasion notes, and the attacker-authored purple-team detections.
- dotfiles-Defense — detection engineering, hunt/triage tooling, version-controlled detection content, and a Dockerized detection lab.
Binding them together is htpx — a structured, ATT&CK-tagged, red↔blue-paired corpus. Every attack sits beside its detection, so offense and defense never drift apart. It's vendored straight into Kali's offensive companion as its own subtree.
┌─────────────────┐
│ dotfiles-core │ ← authored ONCE, source of truth
└────────┬────────┘
git subtree │ make sync
┌──────────────┬──────────┼──────────┬──────────────┐
▼ ▼ ▼ ▼ ▼
MacBook Fedora Arch openSUSE Alpine · Gentoo
│
│ + Role layer
┌─────────┴─────────┐
▼ ▼
dotfiles-Kali dotfiles-Defense
(offense) ◀──── htpx ────▶ (defense)
Windows is a host too — but it replicates Core natively in PowerShell rather than vendoring the
git subtree(it mirrors onlynvimandstarship), so by design it sits outside this Core fan-out.
Core is authored once and synced out. OS repos add only what changes with the
platform. Role repos add only what changes with the operator. Edit upstream,
make audit, make sync — never hand-edit a vendored core/.
| Repo | Role |
|---|---|
| 🧬 dotfiles-core | The Core layer — single source of truth, vendored everywhere |
| 🍎 dotfiles-MacBook | macOS host — Homebrew, aerospace, sketchybar, ghostty |
| 🪟 dotfiles-Windows | Windows host — PowerShell, Windows Terminal, scoop/winget, WSL2 bridge |
| 🎩 dotfiles-Fedora | Fedora — dnf + RPM Fusion (the Linux template) |
| 🏛️ dotfiles-Arch | Arch — pacman + AUR |
| 🦎 dotfiles-openSUSE | openSUSE — zypper, Tumbleweed + Leap |
| 🏔️ dotfiles-Alpine | Alpine — apk, musl libc, doas |
| 🐄 dotfiles-Gentoo | Gentoo — emerge, USE flags, source-based |
| 🐉 dotfiles-Kali | Offensive Role — engagement tooling on Kali under WSL2 |
| 🛡️ dotfiles-Defense | Defensive Role — detection engineering + lab |
| 🌐 dotfiles-web | The public showcase + docs site (Astro · Tokyo Night) |
| 🧩 htpx | ATT&CK-tagged red↔blue corpus, vendored into Kali |
New to the system? → the getting-started site »
Want the rules? → dotfiles-core README + CONTRIBUTING »
Built on a three-layer model · themed in Tokyo Night · green-audit gated end to end