Aegis

Dirmacs system configuration manager
Rust CLI for dotfiles, config management, and OpenCode generation.

Documentation · Issues

---

What is Aegis?

Aegis is a Rust CLI tool that manages system configurations from declarative TOML manifests. It replaces shell-script-based dotfile managers with a typed, modular, profile-aware approach — built specifically for the dirmacs ecosystem.

Key features:

• Config management — symlink, copy, or template-render configs to their targets
• OpenCode generation — typed TOML to opencode.json + oh-my-opencode.json with NVIDIA NIM support
• Toolchain management — install, update, and health-check ares, daedra, thulp, eruka, lancor
• Profiles — different module sets and variables per machine type
• Drift detection — diff and status commands show what's changed

Encrypted Secrets

Aegis includes an encrypted vault for storing passwords, API keys, tokens, and other sensitive data.

Commands

• aegis secrets set <key> [value] - Store a secret (prompts for value if omitted)
• aegis secrets get <key> - Retrieve a secret
• aegis secrets list - List all secret keys (not values)
• aegis secrets rm <key> - Delete a secret
• aegis secrets export <key> [--env-name NAME] - Output as NAME=value for shell sourcing

Example:

aegis secrets set github_token
aegis secrets export github_token --env-name GITHUB_TOKEN > .env

Security

• Encryption: AES-256-GCM (authenticated)
• Key derivation: Argon2id (memory-hard, resistant to brute-force)
• Storage: Local-only at ~/.config/aegis/vault.toml
• The vault is never committed to git and is deliberately excluded from the repository.

Because Aegis is an open-source public repository, the vault remains strictly on your local machine.

Quick Start

# Install
cargo install aegis-cli

# Initialize a config repo
mkdir my-configs && cd my-configs
aegis init

# Check system status
aegis status

# Deploy configs
aegis link

# Generate OpenCode configs
aegis opencode generate

# Full bootstrap (packages + configs + verify)
aegis bootstrap

Architecture

6-crate Rust workspace:

Crate	Description
aegis-core	Manifest parsing, module system, templates, diffing
aegis-secrets	Encrypted vault — AES-256-GCM + Argon2id for API keys/tokens
aegis-net	Overlay network management (WireGuard/Nebula-style peer mesh)
aegis-opencode	Typed TOML to opencode.json + oh-my-opencode.json
aegis-toolchain	Dirmacs ecosystem install, update, health checks
aegis-cli	Clap-based CLI binary

CLI Commands

aegis init                          Initialize manifest
aegis bootstrap [--profile NAME]    Full system setup
aegis status [--json]               Health check
aegis link [--module NAME]          Deploy configs
aegis unlink [--module NAME]        Remove configs
aegis diff [--module NAME]          Show drift
aegis sync [--module NAME]          Capture live state
aegis opencode generate             Generate OpenCode JSON
aegis opencode validate             Validate TOML definitions
aegis toolchain install [TOOL]      Install dirmacs tools
aegis toolchain status              Show toolchain health
aegis toolchain update [TOOL]       Update tools
aegis profile list                  List profiles
aegis profile show NAME             Show profile details

Dirmacs Ecosystem

Tool	Role
Ares	Agentic retrieval-enhanced server
Daedra	Web search MCP server
Thulp	Execution context engineering
Eruka	Context intelligence layer
Lancor	llama.cpp client library
eruka-mcp	MCP server for Eruka (crates.io)
Aegis	System configuration manager

License

MIT