Chezmoi manages stuff that's in my /home - configurations, scripts in ~/bin/ etc. It also installs a bunch of applications with a runonce_ -script both on Linux and MacOS.
Ansible makes sure the correct system-level packages are installed, things in /etc/ are set up the way I like etc. There's a bunch of overlap with the packages installed by ansible and Chezmoi - but I run `chezmoi update` multiple times a week an I can run it on any computer I'm on. Ansible is for Big Things.
Then I have an opentofu setup that manages a bunch of docker containers, keeping them as stateful as possible.
For daily simple things, I can just edit any config file, add it to chezmoi and push it to git. Then on any machine I can `chezmoi update` and everything is synced.
For example in my dotfiles repo I'll have `etc/pacman.d/01-options.conf` and the dotfiles install script will symlink that to `/etc/pacman.d/01-options.conf`. This way the source of truth is always in a single dotfiles repo.
This strategy has worked well for dotfiles I use on Arch, Debian, Ubuntu and macOS. It includes support for WSL 2 too. The install script has been working with this set up for years to run 1 single command and have everything work where work in this case is installing and configuring a bunch of tools I use. An example is here https://github.com/nickjj/dotfiles.
