Manage dotfiles with git
========================================================================

I'm managing my dotfiles with git. My method serves me well for a few
years already and so I think it's time to write it down.

If you think git, you might think of a dotfile repository and dozens of
symlinks into the home directory. This is precisely what kept me from
using git until I discovered bare repositories.

Create your dotfile repository with the --bare parameter

  $ git init --bare $HOME/.cfg

This creates only a folder for git control files, which normally reside
inside the .git folder within the repository.

You can now tell git to use $HOME as your work-tree directory. This
makes git handle your home directory like all the files would be within
tthe git repository. Now you can:

  $ git --git-dir=$HOME/.cfg/ --work-tree=$HOME add .vimrc
  $ git --git-dir=$HOME/.cfg/ --work-tree=$HOME commit -m "my .vimrc"

If course it is silly to type out such a long command every time you
want to interract with your dotfiles. So why not create an alias?

  $ alias config='git --git-dir=$HOME/.cfg/ --work-tree=$HOME'

Put this in your .bashrc or .kshrc and you can now use the command
"config" in the same way you usually use git.

  $ config add .vimrc
  $ config commit -m "my vimrc"

Maybe you were brave and typed "config status" already. This will list
tthe content of your whole home directory as "untracked files". This is
not what we want. We can run "git config" and tell it to stop doing
tthis. But of course we must run our git, which is called "config".

  $ config config --local status.showUntrackedFiles no

Now git status will only check what's being tracked. So if you add your
vimrc file and later change it, "config status" will show it, "config
diff" will diff it...

You can now use the power of git with your new "config" command.

The solution is not perfect, so I'm using a few workarounds.

1. Passwords
    Try to keep your passwords out of your dotfiles. In many
    cases, this can be done with gpg (or password-store
    https://www.passwordstore.org).
Examples:

    - .msmtprc:
        passwordeval "gpg2 -d $HOME/.msmtp-pw.gpg"
    - .offlineimaprc:
        pythonfile=~/.offlineimap.py
        remotepasseval=get_pass("mail","user","993")
    - .muttrc:
        source "gpg2 -d $HOME/.mutt-pw.gpg |"

    Actually, I use "password store" and prefer to use it to retrieve
    passwords. In mutt this would be something like:
        source "pass Accouts/private-mutt |"

    Another method I use is that I keep the origin of some files gpg
    encrypted. For example my .ssh/config file, as I don't want to leak
    hostnames user and ports.

    My vim has the vim-gpg plugin loaded and can therefore edit .gpg
    files directoy (decrypt, edit, encrypt). So I create a simple shell
    alias for convenience:

      $ sshconfig() {
      $   vim ~/.ssh/config.gpg && \
      $   gpg2 -qd ~/.ssh/config.gpg > ~/.ssh/config
      $ }
  
    With this I run "sshconfig", update my file, save, done.
    of course I added only config.gpg to my git. On a new
    system I have to run sshconfig once to create the config file.

2. Stuff outside $HOME
    I wanted to add a few files that reside in /etc. Here I took the
    lazy route and created $HOME/.etc and copied the files there. On a
    new machine I have the files, but need to copy them manually. Works
    fine for me.

3. Host specific files
    I try to keep my dotfiles compatible to all computers I use. But
    sometimes this is not possible and there are a few methods to battle
    this.

    If your configuration allows code evaluation, you may do something
    like ". myconfig.$(hostname -s)" and just check in individual files
    per host.

    If this does not work or you have a file that needs to have a
    password in it, you could copy the file, remove the password and
    check it in as template or sample file.

The methods above served me very well over the past years and I'm not
seeing why I would want to change it. It's easy and simple and I don't
need to remember anything beside a few git commands.

Well okay, because I'm lazy and don't want to think about git commit
messages, I'm using this to push my changes:

  $ dotfiles_autoupdate() {
  $     MSG="Update $(date +"%Y-%m-%d %H:%M") $(uname -s)/$(uname -m)"
  $     config add -u && \
  $     config commit -m "$MSG" && \
  $     config push
  $ }

This command takes all changed files and commits them with the date and
some machine information. Not creative, but I don't care. YMMV.

# Changelog:
# * 2019-04-27: Created
# * 2019-04-28: Added password evaluation examples
# * 2020-05-17: Added password-store and sshconfig examples