我想公开我的点文件。我发现{Yadm](https://thelocehiliosan.github.io/yadm/)似乎正是我想要的。
我根本不需要版本控制中的秘密数据。我将其离线存储在某个地方的USB记忆棒(ssh密钥,gpg密钥等)上。但是,还有其他文件包含我要在公开之前要过滤掉或更改的信息。
Yadm还允许我将alternate files放在同一存储库中,所以我在考虑this design is what I should go with,而不是separate branches。
拥有专用存储库的原因是因为某些文件(例如irc.conf)具有我要替换或清除的字符串。我可能想包含此文件,但删除所有包含SECRET_IRC_NETWORK的行。
~/.weechat/irc.conf:SECRET_IRC_NETWORK.addresses = "irc.secret.example.com"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl = on
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_cert = "~/.weechat/ssl/SECRET_IRC/SECRET_IRC-SECRET_NAME.pem"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_priorities = "NORMAL:-VERS-SSL3.0"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_dhkey_size
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_fingerprint = "SECRET_FINGERPRINT"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_verify = on
~/.weechat/irc.conf:SECRET_IRC_NETWORK.sasl_username = "SECRET_USERNAME"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.nicks = "SECRET_NAME"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.username = "SECRET_USERNAME"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.realname = "SECRET_NAME"
另一个示例可能是我的iptables规则配置rules6-save:
~/etc/iptables/rules6-save:-A INPUT -s `2001:MY:SECRET:ASSIGNED:RANGE::/64 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
在公开发布之前,我想用2001:MY:SECRET:ASSIGNED:RANGE替换2001:db8:AAA:AAA:AAA::/64。 https://git-scm.com/docs/gitattributes“过滤器驱动程序”是怎么做到的?
我认为它会像这样工作:
或
过滤并与私有合并
我该如何解决?我不希望人们知道私有叉子的存在。因此,重要的是,私有分叉中的任何提交也必须被作者清除。
(图点文件上方)。
digraph graphname {
node [shape=rectangle, style="filled"];
dotfiles [fillcolor="#ff9999", label="master (public) \n Desktop, laptop, workstation, server, vm"];
friendsworkstation [fillcolor="#ffffbb", label="Friend's Workstation (private)"]
prFromFriend [fillcolor="#ff9999", label="Friend opens PR (public)"]
{ rank=same dotfilesPrivate friendsworkstation prFromFriend }
dotfilesPrivate [fillcolor="#99ff99", label="master (private) \n Desktop, laptop, workstation, server, vm"]
dotfiles -> dotfilesPrivate
dotfiles -> friendsworkstation
dotfilesPrivate -> dotfiles
prFromFriend -> dotfiles
}
答案 0 :(得分:1)
所以我最终解决了这个问题。基本上,我所做的是使用YADM的bootstrap选项。我创建了一个引导模板bootstrap##yadm.j2
#!/usr/bin/env bash
SUBMODULE_INIT_VIM=`jq '.submodule_init_vim' ~/.yadm/bootstrap_vars.json`
{% if YADM_CLASS == 'Workstation' -%}
SSH_HOSTS=$(cat ~/template_data/ssh/hosts.json) envtpl --keep-template ~/.ssh/config##Workstation.tpl -o ~/.ssh/config
SEC=$(cat ~/template_data/weechat/sec.json) PASSPHRASE='tiddles' envtpl --keep-template ~/.weechat/sec.conf##Workstation.tpl -o ~/.weechat/sec.conf
SERVERS=$(cat ~/template_data/weechat/servers.json) envtpl --keep-template ~/.weechat/irc.conf##Workstation.tpl -o ~/.weechat/irc.conf
PATHS=$(cat ~/template_data/shell/path.json##Workstation.Linux) envtpl --keep-template ~/.bashrc##Workstation.Linux.tpl -o ~/.bashrc
if [ $SUBMODULE_INIT_VIM = "true" ]; then
vim '+PlugUpdate' '+PlugClean!' '+PlugUpdate' '+qall'
elif [ $SUBMODULE_INIT_VIM = "false" ]; then
echo "Not initalizing submodules for vim"
fi
RUN_PACKAGE_MANAGER=`jq '.run_package_manager' ~/.yadm/bootstrap_vars.json`
if [ $RUN_PACKAGE_MANAGER = "true" ]; then
{% if YADM_DISTRO == 'Arch' -%}
PACMAN_PACKAGES=(`jq -r 'join(" ")' ~/template_data/packages/pacman.json`)
echo "Running sudo pacman -Syu" ${PACMAN_PACKAGES[@]}
sudo pacman -Syu ${PACMAN_PACKAGES[@]}
if [ -f /usr/bin/yay ]; then
YAY_PACKAGES=(`jq -r 'join(" ")' ~/template_data/packages/yay.json`)
echo "Running yay -Syu" ${YAY_PACKAGES[@]}
yay -Syu ${PACMAN_PACKAGES[@]}
else
echo "Yay doesn't exist"
fi{%
elif YADM_DISTRO == 'Debian' -%}
APT_PACKAGES=(`jq -r 'join(" ")' ~/template_data/packages/debian.json`)
echo "Running sudo apt-get install" ${APT_PACKAGES[@]}
sudo apt-get install ${APT_PACKAGES[@]}
{% else -%}echo "Unknown distribution"{% endif %}
elif [ $RUN_PACKAGE_MANAGER = "false" ]; then
echo "Not installing any packages"
fi
{% elif YADM_CLASS == 'Router' -%}
MY_RANGE='2001:db8:AAA:AAA:AAA' envtpl --keep-template ~/.config/etc/iptables/rules6-save##Router.tpl -o ~/.config/etc/iptables/rules6-save
{% elif YADM_CLASS == 'VirtualMachine' -%}
echo "NOTE: Some configs for virtual machines"
{% else -%}
echo "ERROR: Unknown class selected"
{% endif -%}
我创建了一些bootstrapping variables并用jq读取它们。这使我可以跳过初始化的某些部分。
{
"submodule_init_vim": false,
"run_package_manager": true
}
我对许多配置文件进行了模板化处理,并将模板数据放入~/template_data中。
如果您查看我的.bashrc config,可以看到我的阅读路径:
export PATH="{% for v in PATHS | from_json %}{{v.path |join(':')}}{% endfor %}"
从/template_data/shell/path.json##Linux接收数据。
[
{"path": ["/usr/local/sbin",
"/usr/local/bin",
"/usr/sbin",
"/usr/bin",
"/sbin",
"/bin",
"/usr/libexec",
"$HOME/.local/bin"]
}
]
这是一个简单的示例,但是我为SSH hosts too做了同样的事情。
{% for v in SSH_HOSTS | from_json %}{%
if v.Host != '' %}Host {{ v.Host }}{%
endif %}{%
if v.Comment != '' %}
{{ v.Comment }}{% endif %}{%
if v.Hostname != '' %}
Hostname {{ v.Hostname }}{%
endif %}{%
if v.Port != '' %}
Port {{ v.Port }}{% endif %}{%
if v.User != '' %}
User {{ v.User }}{% endif %}{%
if v.HostKeyAlgorithms != '' %}
HostKeyAlgorithms {{ v.HostKeyAlgorithms }}{%
endif %}{%
if v.KexAlgorithms != '' %}
KexAlgorithms {{ v.KexAlgorithms }}{% endif %}{%
if v.Ciphers != '' %}
Ciphers {{ v.Ciphers }}{% endif %}{%
if v.MACs != '' %}
MACs {{ v.MACs }}{% endif %}{%
if v.PasswordAuthentication != '' %}
PasswordAuthentication {{ v.PasswordAuthentication }}{% endif %}{%
if v.IdentifyFile != '' %}
IdentityFile {{ v.IdentifyFile }}{% endif %}
{% endfor %}
我从template_data/ssh/hosts.json读入模板数据的地方
[
{
"Host":"NSA",
"Comment": "# Compute with world's dick pix",
"Hostname":"203.0.113.1",
"Port": "",
"User": "nsa",
"HostKeyAlgorithms":"",
"KexAlgorithms": "",
"Ciphers": "",
"MACs":"",
"PasswordAuthentication": "",
"IdentifyFile":"~/.ssh/id_ed25519_nsa"
},
{
"Host":"CIA",
"Comment": "",
"Hostname":"203.0.113.2",
"Port": "",
"User": "cia",
"HostKeyAlgorithms":"",
"KexAlgorithms": "",
"Ciphers": "",
"MACs":"",
"PasswordAuthentication": "",
"IdentifyFile":"~/.ssh/id_ed25519_cia"
}
]