gopher://codevoid.de/1/posts/2019-04-27-manage-dotfiles-with-git.gph

       Manage dotfiles with git
       ========================================================================
       
       I'm managing my dotfiles with git. My method serves me well for a few
       years already and so I think it's time to write it down.
       
       If you think git, you might think of a dotfile repository and dozens of
       symlinks into the home directory. This is precisely what kept me from
       using git until I discovered bare repositories.
       
       Create your dotfile repository with the --bare parameter
       
         $ git init --bare $HOME/.cfg
       
       This creates only a folder for git control files, which normally reside
       inside the .git folder within the repository.
       
       You can now tell git to use $HOME as your work-tree directory. This
       makes git handle your home directory like all the files would be within
       tthe git repository. Now you can:
       
         $ git --git-dir=$HOME/.cfg/ --work-tree=$HOME add .vimrc
         $ git --git-dir=$HOME/.cfg/ --work-tree=$HOME commit -m "my .vimrc"
       
       If course it is silly to type out such a long command every time you
       want to interract with your dotfiles. So why not create an alias?
       
         $ alias config='git --git-dir=$HOME/.cfg/ --work-tree=$HOME'
       
       Put this in your .bashrc or .kshrc and you can now use the command
       "config" in the same way you usually use git.
       
         $ config add .vimrc
         $ config commit -m "my vimrc"
       
       Maybe you were brave and typed "config status" already. This will list
       tthe content of your whole home directory as "untracked files". This is
       not what we want. We can run "git config" and tell it to stop doing
       tthis. But of course we must run our git, which is called "config".
       
         $ config config --local status.showUntrackedFiles no
       
       Now git status will only check what's being tracked. So if you add your
       vimrc file and later change it, "config status" will show it, "config
       diff" will diff it...
       
       You can now use the power of git with your new "config" command.
       
       The solution is not perfect, so I'm using a few workarounds.
       
       1. Passwords
           Try to keep your passwords out of your dotfiles. In many
           cases, this can be done with gpg (or password-store
           https://www.passwordstore.org).
       Examples:
       
           - .msmtprc:
               passwordeval "gpg2 -d $HOME/.msmtp-pw.gpg"
           - .offlineimaprc:
               pythonfile=~/.offlineimap.py
               remotepasseval=get_pass("mail","user","993")
           - .muttrc:
               source "gpg2 -d $HOME/.mutt-pw.gpg |"
       
           Actually, I use "password store" and prefer to use it to retrieve
           passwords. In mutt this would be something like:
               source "pass Accouts/private-mutt |"
       
           Another method I use is that I keep the origin of some files gpg
           encrypted. For example my .ssh/config file, as I don't want to leak
           hostnames user and ports.
       
           My vim has the vim-gpg plugin loaded and can therefore edit .gpg
           files directoy (decrypt, edit, encrypt). So I create a simple shell
           alias for convenience:
       
             $ sshconfig() {
             $   vim ~/.ssh/config.gpg && \
             $   gpg2 -qd ~/.ssh/config.gpg > ~/.ssh/config
             $ }
         
           With this I run "sshconfig", update my file, save, done.
           of course I added only config.gpg to my git. On a new
           system I have to run sshconfig once to create the config file.
       
       2. Stuff outside $HOME
           I wanted to add a few files that reside in /etc. Here I took the
           lazy route and created $HOME/.etc and copied the files there. On a
           new machine I have the files, but need to copy them manually. Works
           fine for me.
       
       3. Host specific files
           I try to keep my dotfiles compatible to all computers I use. But
           sometimes this is not possible and there are a few methods to battle
           this.
       
           If your configuration allows code evaluation, you may do something
           like ". myconfig.$(hostname -s)" and just check in individual files
           per host.
       
           If this does not work or you have a file that needs to have a
           password in it, you could copy the file, remove the password and
           check it in as template or sample file.
       
       The methods above served me very well over the past years and I'm not
       seeing why I would want to change it. It's easy and simple and I don't
       need to remember anything beside a few git commands.
       
       Well okay, because I'm lazy and don't want to think about git commit
       messages, I'm using this to push my changes:
       
         $ dotfiles_autoupdate() {
         $     MSG="Update $(date +"%Y-%m-%d %H:%M") $(uname -s)/$(uname -m)"
         $     config add -u && \
         $     config commit -m "$MSG" && \
         $     config push
         $ }
       
       This command takes all changed files and commits them with the date and
       some machine information. Not creative, but I don't care. YMMV.
       
       # Changelog:
       # * 2019-04-27: Created
       # * 2019-04-28: Added password evaluation examples
       # * 2020-05-17: Added password-store and sshconfig examples