时间戳

首页 > 解决方案 > 如何使用私有 fork 或存储库公开我的 dotfiles?

git - 如何使用私有 fork 或存储库公开我的 dotfiles?

问题描述

我想公开我的点文件。我发现 {Yadm]( https://thelocehiliosan.github.io/yadm/ ) 看起来是我想要的。

我根本不想要版本控制中的秘密数据。我将把它离线存储在某处的 USB 记忆棒上(ssh 密钥、gpg 密钥等)。但是,还有其他文件包含我想要在公开之前过滤掉或更改的信息。

Yadm 还允许我在同一个存储库中拥有备用文件,所以我认为这种设计是我应该采用的,而不是单独的分支

拥有私有存储库的原因是因为某些文件(如irc.conf我想要替换或清理的字符串)。我可能想包含这个文件,但删除所有包含SECRET_IRC_NETWORK.

~/.weechat/irc.conf:SECRET_IRC_NETWORK.addresses = "irc.secret.example.com"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl = on
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_cert = "~/.weechat/ssl/SECRET_IRC/SECRET_IRC-SECRET_NAME.pem"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_priorities = "NORMAL:-VERS-SSL3.0"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_dhkey_size
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_fingerprint = "SECRET_FINGERPRINT"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_verify = on
~/.weechat/irc.conf:SECRET_IRC_NETWORK.sasl_username = "SECRET_USERNAME"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.nicks = "SECRET_NAME"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.username = "SECRET_USERNAME"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.realname = "SECRET_NAME"

另一个例子可能是我的 iptables 规则配置rules6-save

~/etc/iptables/rules6-save:-A INPUT -s `2001:MY:SECRET:ASSIGNED:RANGE::/64 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

我想在它公开之前2001:MY:SECRET:ASSIGNED:RANGE替换它。https://git-scm.com/docs/gitattributes2001:db8:AAA:AAA:AAA::/64 “过滤器驱动程序”我是怎么做到的?

  1. 我需要提交到公共存储库(红色)还是私有分支(绿色)?

我认为它会像这样工作:

或者

我怎样才能解决这个问题?我不想让人们知道私人分叉的存在。因此,来自私人分叉的任何提交都必须让作者也进行清理,这一点很重要。

(上图点文件)。

digraph graphname {
    node [shape=rectangle, style="filled"];

    dotfiles [fillcolor="#ff9999", label="master (public) \n Desktop, laptop, workstation, server, vm"];
    friendsworkstation [fillcolor="#ffffbb", label="Friend's Workstation (private)"]
    prFromFriend [fillcolor="#ff9999", label="Friend opens PR (public)"]
    { rank=same dotfilesPrivate friendsworkstation prFromFriend }

    dotfilesPrivate [fillcolor="#99ff99", label="master (private) \n Desktop, laptop, workstation, server, vm"]

    dotfiles -> dotfilesPrivate
    dotfiles -> friendsworkstation
    dotfilesPrivate -> dotfiles
    prFromFriend -> dotfiles
}

标签: gitterminaldotfiles

解决方案

所以我最终解决了这个问题。基本上我所做的是使用 YADM 的引导选项。我创建了一个引导模板bootstrap##yadm.j2

#!/usr/bin/env bash

SUBMODULE_INIT_VIM=`jq '.submodule_init_vim' ~/.yadm/bootstrap_vars.json`

{% if YADM_CLASS == 'Workstation' -%}
    SSH_HOSTS=$(cat ~/template_data/ssh/hosts.json) envtpl --keep-template ~/.ssh/config##Workstation.tpl -o ~/.ssh/config
    SEC=$(cat ~/template_data/weechat/sec.json) PASSPHRASE='tiddles' envtpl --keep-template ~/.weechat/sec.conf##Workstation.tpl -o ~/.weechat/sec.conf
    SERVERS=$(cat ~/template_data/weechat/servers.json) envtpl --keep-template ~/.weechat/irc.conf##Workstation.tpl -o ~/.weechat/irc.conf
    PATHS=$(cat ~/template_data/shell/path.json##Workstation.Linux) envtpl --keep-template ~/.bashrc##Workstation.Linux.tpl -o ~/.bashrc
    if [ $SUBMODULE_INIT_VIM = "true" ]; then
        vim '+PlugUpdate' '+PlugClean!' '+PlugUpdate' '+qall'
    elif [ $SUBMODULE_INIT_VIM = "false" ]; then
        echo "Not initalizing submodules for vim"
    fi
RUN_PACKAGE_MANAGER=`jq '.run_package_manager' ~/.yadm/bootstrap_vars.json`
if [ $RUN_PACKAGE_MANAGER = "true" ]; then
    {% if YADM_DISTRO == 'Arch' -%}
    PACMAN_PACKAGES=(`jq -r 'join(" ")' ~/template_data/packages/pacman.json`)
    echo "Running sudo pacman -Syu" ${PACMAN_PACKAGES[@]}
    sudo pacman -Syu ${PACMAN_PACKAGES[@]}
    if [ -f /usr/bin/yay ]; then
        YAY_PACKAGES=(`jq -r 'join(" ")' ~/template_data/packages/yay.json`)
        echo "Running yay -Syu" ${YAY_PACKAGES[@]}
        yay -Syu ${PACMAN_PACKAGES[@]}
    else
        echo "Yay doesn't exist"
    fi{%
    elif YADM_DISTRO == 'Debian' -%}
    APT_PACKAGES=(`jq -r 'join(" ")' ~/template_data/packages/debian.json`)
    echo "Running sudo apt-get install" ${APT_PACKAGES[@]}
    sudo apt-get install ${APT_PACKAGES[@]}
    {% else -%}echo "Unknown distribution"{% endif %}
elif [ $RUN_PACKAGE_MANAGER = "false" ]; then
echo "Not installing any packages"
fi
{% elif YADM_CLASS == 'Router' -%}
    MY_RANGE='2001:db8:AAA:AAA:AAA' envtpl --keep-template ~/.config/etc/iptables/rules6-save##Router.tpl -o ~/.config/etc/iptables/rules6-save
{% elif YADM_CLASS == 'VirtualMachine' -%}
   echo "NOTE: Some configs for virtual machines"
{% else -%}
   echo "ERROR: Unknown class selected"
{% endif -%}

我创建了一些引导变量并用 jq 读取它们。这使我可以跳过初始化的某些部分。

{
  "submodule_init_vim": false,
  "run_package_manager": true
}

我对许多配置文件进行了模板化,并将模板数据放入~/template_data.

如果您查看我的.bashrc 配置,您可以看到我在路径中的读取方式:

export PATH="{% for v in PATHS | from_json %}{{v.path |join(':')}}{% endfor %}"

它从/template_data/shell/path.json##Linux.

[
    {"path": ["/usr/local/sbin",
              "/usr/local/bin",
              "/usr/sbin",
              "/usr/bin",
              "/sbin",
              "/bin",
              "/usr/libexec",
              "$HOME/.local/bin"]
    }
]

这是一个简单的例子,但我也为我的SSH 主机做了同样的事情

{% for v in SSH_HOSTS | from_json %}{%
    if v.Host != '' %}Host {{ v.Host }}{%
    endif %}{%
    if v.Comment != '' %}
    {{ v.Comment }}{% endif %}{%
    if v.Hostname != '' %}
    Hostname {{ v.Hostname }}{%
    endif %}{%
    if v.Port != '' %}
    Port {{ v.Port }}{% endif %}{%
    if v.User != '' %}
    User {{ v.User }}{% endif %}{%
    if v.HostKeyAlgorithms != '' %}
    HostKeyAlgorithms {{ v.HostKeyAlgorithms }}{%
    endif %}{%
    if v.KexAlgorithms != '' %}
    KexAlgorithms {{ v.KexAlgorithms }}{% endif %}{%
    if v.Ciphers != '' %}
    Ciphers {{ v.Ciphers }}{% endif %}{%
    if v.MACs != '' %}
    MACs {{ v.MACs }}{% endif %}{%
    if v.PasswordAuthentication != '' %}
    PasswordAuthentication {{ v.PasswordAuthentication }}{% endif %}{%
    if v.IdentifyFile != '' %}
    IdentityFile {{ v.IdentifyFile }}{% endif %}

{% endfor %}

我从哪里读取模板数据template_data/ssh/hosts.json

[
    {
        "Host":"NSA",
        "Comment": "# Compute with world's dick pix",
        "Hostname":"203.0.113.1",
        "Port": "",
        "User": "nsa",
        "HostKeyAlgorithms":"",
        "KexAlgorithms": "",
        "Ciphers": "",
        "MACs":"",
        "PasswordAuthentication": "",
        "IdentifyFile":"~/.ssh/id_ed25519_nsa"
    },
    {
        "Host":"CIA",
        "Comment": "",
        "Hostname":"203.0.113.2",
        "Port": "",
        "User": "cia",
        "HostKeyAlgorithms":"",
        "KexAlgorithms": "",
        "Ciphers": "",
        "MACs":"",
        "PasswordAuthentication": "",
        "IdentifyFile":"~/.ssh/id_ed25519_cia"
    }
]

推荐阅读