---
title: New Laptop Configuration (Second Edition)
date: 2022-05-26
description: Updated guide for setting up a new macOS laptop including GPG/SSH key backup, Homebrew, Zsh, Neovim, and password store configuration.
tags: [shell, security]
---

## Introduction

This is the second edition to ["New Laptop Configuration"](/posts/laptop-setup/).

## Backup

When moving laptops I will temporarily backup my existing GPG and SSH keys (encrypted) to an external data storage device.

We start by making a directory to hold the files temporarily:

```bash
mkdir /tmp/keys
```

Next I start backing up my GPG data:

```shell
# Export the secret key that encrypts all the data in my 'password store'.
# I encode the binary data in a ASCII armored file (.asc).
gpg --export-secret-keys --armor <NAME> > /tmp/keys/<NAME>.asc

# Once exported I add a password to the file so people are unable to open it.
# This will produce a .asc.gpg file.
gpg --symmetric /tmp/keys/<NAME>.asc

# To prevent having to trust all the same keys as before I'll export the trust database.
gpg --export-ownertrust > /tmp/keys/trustdb.txt 

# Lastly, I move the files to my external flash drive (USB).
mv /tmp/keys/<NAME>.asc.gpg /Volumes/.../<NAME>.asc.gpg
mv /tmp/keys/trustdb.txt /Volumes/.../trustdb.txt
```

Next, I backup my SSH data:

```shell
# Recursively copy all files into a zip archive.
zip -r /tmp/keys/sshbackup ~/.ssh/

# I list the contents of the zip archive to be sure I have everything in there.
unzip -l /tmp/keys/sshbackup.zip

# Once archived I add a password to the file so people are unable to open it.
# This will produce a .zip.gpg file.
gpg --symmetric /tmp/keys/sshbackup.zip

# Lastly, I move the file to my external flash drive (USB).
mv /tmp/keys/sshbackup.zip.gpg /Volumes/.../sshbackup.zip.gpg
```

Then I clear out the temporary directory:

```shell
rm -rf /tmp/keys
```

## Steps

1. Install Rust.

```bash
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
```

2. Install Go.

```txt
https://go.dev/dl/
```

3. Import GPG/SSH keys.

```bash
mkdir /tmp/keys
cd /tmp/keys

gpg --decrypt /tmp/keys/<NAME>.gpg > <NAME>
gpg --import <NAME>.asc

rm ~/.gnupg/trustdb.gpg
gpg --import-ownertrust < /tmp/keys/trustdb.txt

gpg --decrypt /tmp/keys/sshbackup.zip.gpg > sshbackup.zip
unzip /tmp/keys/sshbackup.zip
mv /tmp/keys/.ssh/ ~/

rm -rf /tmp/keys
```

4. Setup SSH.

```bash
eval "$(ssh-agent -s)"
ssh-add --apple-use-keychain ~/.ssh/github
```

> [!INFO]
> I've since moved to https://www.warp.dev/ (see my [Dev Tools post](/posts/dev-tools/))\
> so I no longer use Alacritty or Fig (steps 5 and 6 below).

5. Install Alacritty.

```bash
# https://github.com/alacritty/alacritty/releases
mkdir .bash_completion
curl https://raw.githubusercontent.com/alacritty/alacritty/master/extra/completions/alacritty.bash \
    -o ~/.bash_completion/alacritty
```

6. Install Fig.

```txt
https://fig.io/
```

7. Install Homebrew + packages.

```bash
# https://brew.sh
brew bundle --file /tmp/Brewfile install
```

8. Change default shell to Zsh.

```bash
echo /opt/homebrew/bin/zsh | sudo tee -a /etc/shells
chsh -s /opt/homebrew/bin/zsh
```

> [!INFO]
> I've since moved to https://neovim.io/ (see my [Dev Tools post](/posts/dev-tools/))\
> so I no longer use Vim-Plug (step 9 below).

9. Configure Vim-Plug.

```bash
sh -c 'curl -fLo "${XDG_DATA_HOME:-$HOME/.local/share}"/nvim/site/autoload/plug.vim --create-dirs \
     https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim'
```

> [!INFO]
> I no longer use tmux (see my [Dev Tools post](/posts/dev-tools/))\
> so a bunch of the following step 10 has changed.

10. Setup dotfiles.

> [!INFO]
> Don't forget to execute 'prefix + I' in tmux to install plugins.

```bash
cd /tmp
git clone https://github.com/tmux-plugins/tpm ~/.tmux/plugins/tpm
git clone https://github.com/Integralist/dotfiles.git
curl https://raw.githubusercontent.com/git/git/master/contrib/completion/git-prompt.sh -o ~/.git-prompt.sh
curl https://raw.githubusercontent.com/git/git/master/contrib/completion/git-completion.zsh -o ~/.zsh/_git
cp -R .alacritty.yml .zsh .zshrc .config .gitconfig .gitignore .gnupg .ignore .inputrc .leptonrc .tmux.conf ~/
chown -R $(whoami) ~/.gnupg/
chmod 600 ~/.gnupg/*
chmod 700 ~/.gnupg
```

11. Setup password store.

```bash
KEY_ID=$(gpg --list-keys <NAME> | head -n 2 | tail -n 1 | cut -d ' ' -f 7)
pass init $KEY_ID
pass git init
pass git remote add origin git@github.com:<private/repo>
pass git pull
```

> [!INFO]
> I no longer use Safari (see my [Dev Tools post](/posts/dev-tools/))\
> so step 12 is redundant now.

12. Safari extensions.

```txt
AdBlock One
Dark Reader for Safari
Super Agent for Safari (Cookie Consent Automation)
Tab Sessions
```

13. Configure OS.

```txt
- Dock (Automatically hide and show the Dock)
- Keyboard (Key Repeat = Fast, Delay Until Repeat = Short)
- Accessibility > Zoom (Use keyboard shortcuts to zoom)
- Date & Time > Clock (Show date + Display the time with seconds)
- Mission Control (disable "Automatically rearrange Spaces based on most recent use")
- Terminal Developer Mode (`spctl developer-mode enable-terminal`)
- Wake up from sleep (`sudo pmset -a standbydelay 7200`)
```