如何使用私有分支或存储库制作我的点文件 public?
How can I make my dotfiles public with a private fork or repository?
我想制作我的点文件 public。我找到了 {Yadm](https://thelocehiliosan.github.io/yadm/),这看起来正是我想要的。
我根本不想在版本控制中使用的秘密数据。我会将其离线存储在 U 盘上的某处(ssh 密钥、gpg 密钥等)。但是,还有其他文件包含我想在制作 public.
之前过滤掉或更改的信息
Yadm 还允许我拥有 alternate files within the same repository, so I am thinking this design is what I should go with, rather than separate branches.
拥有私有存储库的原因是因为 irc.conf 等某些文件具有我想要替换或清理的字符串。我可能想包含此文件,但删除所有包含 SECRET_IRC_NETWORK.
的行
~/.weechat/irc.conf:SECRET_IRC_NETWORK.addresses = "irc.secret.example.com"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl = on
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_cert = "~/.weechat/ssl/SECRET_IRC/SECRET_IRC-SECRET_NAME.pem"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_priorities = "NORMAL:-VERS-SSL3.0"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_dhkey_size
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_fingerprint = "SECRET_FINGERPRINT"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_verify = on
~/.weechat/irc.conf:SECRET_IRC_NETWORK.sasl_username = "SECRET_USERNAME"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.nicks = "SECRET_NAME"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.username = "SECRET_USERNAME"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.realname = "SECRET_NAME"
另一个例子可能是我的 iptables 规则配置 rules6-save:
~/etc/iptables/rules6-save:-A INPUT -s `2001:MY:SECRET:ASSIGNED:RANGE::/64 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
我想在 public 之前将 2001:MY:SECRET:ASSIGNED:RANGE 替换为 2001:db8:AAA:AAA:AAA::/64。 https://git-scm.com/docs/gitattributes "filter driver" 我是怎么做到的?
- 我需要提交到 public 存储库(红色)还是私有分支(绿色)?
我认为它会像这样工作:
- 提交私人仓库
- 过滤并推送到 public 回购(非常小心地检查所有内容是否正确清理)
或
- Cherry 从 public
中挑选一些提交
过滤并与私有合并
- 根据我的研究,如果你在 Github/Gitlab 上有一个 public 存储库,你就不能拥有一个私人分支并从中发出任何拉取请求。理想情况下,私人的应该在我自己的私人服务器上。
我该如何解决这个问题?我不想让人们知道私有分支的存在。因此,重要的是来自私有分支的任何提交也要对作者进行清理。
(上图点文件)。
digraph graphname {
node [shape=rectangle, style="filled"];
dotfiles [fillcolor="#ff9999", label="master (public) \n Desktop, laptop, workstation, server, vm"];
friendsworkstation [fillcolor="#ffffbb", label="Friend's Workstation (private)"]
prFromFriend [fillcolor="#ff9999", label="Friend opens PR (public)"]
{ rank=same dotfilesPrivate friendsworkstation prFromFriend }
dotfilesPrivate [fillcolor="#99ff99", label="master (private) \n Desktop, laptop, workstation, server, vm"]
dotfiles -> dotfilesPrivate
dotfiles -> friendsworkstation
dotfilesPrivate -> dotfiles
prFromFriend -> dotfiles
}
所以我最终解决了这个问题。基本上我所做的是使用 YADM 的 bootstrap 选项。我创建了一个 bootstrap 模板 bootstrap##yadm.j2
#!/usr/bin/env bash
SUBMODULE_INIT_VIM=`jq '.submodule_init_vim' ~/.yadm/bootstrap_vars.json`
{% if YADM_CLASS == 'Workstation' -%}
SSH_HOSTS=$(cat ~/template_data/ssh/hosts.json) envtpl --keep-template ~/.ssh/config##Workstation.tpl -o ~/.ssh/config
SEC=$(cat ~/template_data/weechat/sec.json) PASSPHRASE='tiddles' envtpl --keep-template ~/.weechat/sec.conf##Workstation.tpl -o ~/.weechat/sec.conf
SERVERS=$(cat ~/template_data/weechat/servers.json) envtpl --keep-template ~/.weechat/irc.conf##Workstation.tpl -o ~/.weechat/irc.conf
PATHS=$(cat ~/template_data/shell/path.json##Workstation.Linux) envtpl --keep-template ~/.bashrc##Workstation.Linux.tpl -o ~/.bashrc
if [ $SUBMODULE_INIT_VIM = "true" ]; then
vim '+PlugUpdate' '+PlugClean!' '+PlugUpdate' '+qall'
elif [ $SUBMODULE_INIT_VIM = "false" ]; then
echo "Not initalizing submodules for vim"
fi
RUN_PACKAGE_MANAGER=`jq '.run_package_manager' ~/.yadm/bootstrap_vars.json`
if [ $RUN_PACKAGE_MANAGER = "true" ]; then
{% if YADM_DISTRO == 'Arch' -%}
PACMAN_PACKAGES=(`jq -r 'join(" ")' ~/template_data/packages/pacman.json`)
echo "Running sudo pacman -Syu" ${PACMAN_PACKAGES[@]}
sudo pacman -Syu ${PACMAN_PACKAGES[@]}
if [ -f /usr/bin/yay ]; then
YAY_PACKAGES=(`jq -r 'join(" ")' ~/template_data/packages/yay.json`)
echo "Running yay -Syu" ${YAY_PACKAGES[@]}
yay -Syu ${PACMAN_PACKAGES[@]}
else
echo "Yay doesn't exist"
fi{%
elif YADM_DISTRO == 'Debian' -%}
APT_PACKAGES=(`jq -r 'join(" ")' ~/template_data/packages/debian.json`)
echo "Running sudo apt-get install" ${APT_PACKAGES[@]}
sudo apt-get install ${APT_PACKAGES[@]}
{% else -%}echo "Unknown distribution"{% endif %}
elif [ $RUN_PACKAGE_MANAGER = "false" ]; then
echo "Not installing any packages"
fi
{% elif YADM_CLASS == 'Router' -%}
MY_RANGE='2001:db8:AAA:AAA:AAA' envtpl --keep-template ~/.config/etc/iptables/rules6-save##Router.tpl -o ~/.config/etc/iptables/rules6-save
{% elif YADM_CLASS == 'VirtualMachine' -%}
echo "NOTE: Some configs for virtual machines"
{% else -%}
echo "ERROR: Unknown class selected"
{% endif -%}
我创建了一些 bootstrapping variables 并使用 jq 读取它们。这让我可以跳过初始化的某些部分。
{
"submodule_init_vim": false,
"run_package_manager": true
}
我对我的许多配置文件进行了模板化,并将模板数据放入 ~/template_data。
如果你看我的 .bashrc config 你可以看到我在路径中的阅读方式:
export PATH="{% for v in PATHS | from_json %}{{v.path |join(':')}}{% endfor %}"
从 /template_data/shell/path.json##Linux.
中获取数据
[
{"path": ["/usr/local/sbin",
"/usr/local/bin",
"/usr/sbin",
"/usr/bin",
"/sbin",
"/bin",
"/usr/libexec",
"$HOME/.local/bin"]
}
]
这是一个简单的例子,但我对 SSH hosts too 做了同样的事情。
{% for v in SSH_HOSTS | from_json %}{%
if v.Host != '' %}Host {{ v.Host }}{%
endif %}{%
if v.Comment != '' %}
{{ v.Comment }}{% endif %}{%
if v.Hostname != '' %}
Hostname {{ v.Hostname }}{%
endif %}{%
if v.Port != '' %}
Port {{ v.Port }}{% endif %}{%
if v.User != '' %}
User {{ v.User }}{% endif %}{%
if v.HostKeyAlgorithms != '' %}
HostKeyAlgorithms {{ v.HostKeyAlgorithms }}{%
endif %}{%
if v.KexAlgorithms != '' %}
KexAlgorithms {{ v.KexAlgorithms }}{% endif %}{%
if v.Ciphers != '' %}
Ciphers {{ v.Ciphers }}{% endif %}{%
if v.MACs != '' %}
MACs {{ v.MACs }}{% endif %}{%
if v.PasswordAuthentication != '' %}
PasswordAuthentication {{ v.PasswordAuthentication }}{% endif %}{%
if v.IdentifyFile != '' %}
IdentityFile {{ v.IdentifyFile }}{% endif %}
{% endfor %}
我从 template_data/ssh/hosts.json
中读取模板数据的地方
[
{
"Host":"NSA",
"Comment": "# Compute with world's dick pix",
"Hostname":"203.0.113.1",
"Port": "",
"User": "nsa",
"HostKeyAlgorithms":"",
"KexAlgorithms": "",
"Ciphers": "",
"MACs":"",
"PasswordAuthentication": "",
"IdentifyFile":"~/.ssh/id_ed25519_nsa"
},
{
"Host":"CIA",
"Comment": "",
"Hostname":"203.0.113.2",
"Port": "",
"User": "cia",
"HostKeyAlgorithms":"",
"KexAlgorithms": "",
"Ciphers": "",
"MACs":"",
"PasswordAuthentication": "",
"IdentifyFile":"~/.ssh/id_ed25519_cia"
}
]
我想制作我的点文件 public。我找到了 {Yadm](https://thelocehiliosan.github.io/yadm/),这看起来正是我想要的。
我根本不想在版本控制中使用的秘密数据。我会将其离线存储在 U 盘上的某处(ssh 密钥、gpg 密钥等)。但是,还有其他文件包含我想在制作 public.
之前过滤掉或更改的信息Yadm 还允许我拥有 alternate files within the same repository, so I am thinking this design is what I should go with, rather than separate branches.
拥有私有存储库的原因是因为 irc.conf 等某些文件具有我想要替换或清理的字符串。我可能想包含此文件,但删除所有包含 SECRET_IRC_NETWORK.
~/.weechat/irc.conf:SECRET_IRC_NETWORK.addresses = "irc.secret.example.com"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl = on
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_cert = "~/.weechat/ssl/SECRET_IRC/SECRET_IRC-SECRET_NAME.pem"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_priorities = "NORMAL:-VERS-SSL3.0"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_dhkey_size
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_fingerprint = "SECRET_FINGERPRINT"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.ssl_verify = on
~/.weechat/irc.conf:SECRET_IRC_NETWORK.sasl_username = "SECRET_USERNAME"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.nicks = "SECRET_NAME"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.username = "SECRET_USERNAME"
~/.weechat/irc.conf:SECRET_IRC_NETWORK.realname = "SECRET_NAME"
另一个例子可能是我的 iptables 规则配置 rules6-save:
~/etc/iptables/rules6-save:-A INPUT -s `2001:MY:SECRET:ASSIGNED:RANGE::/64 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
我想在 public 之前将 2001:MY:SECRET:ASSIGNED:RANGE 替换为 2001:db8:AAA:AAA:AAA::/64。 https://git-scm.com/docs/gitattributes "filter driver" 我是怎么做到的?
- 我需要提交到 public 存储库(红色)还是私有分支(绿色)?
我认为它会像这样工作:
- 提交私人仓库
- 过滤并推送到 public 回购(非常小心地检查所有内容是否正确清理)
或
- Cherry 从 public 中挑选一些提交
过滤并与私有合并
- 根据我的研究,如果你在 Github/Gitlab 上有一个 public 存储库,你就不能拥有一个私人分支并从中发出任何拉取请求。理想情况下,私人的应该在我自己的私人服务器上。
我该如何解决这个问题?我不想让人们知道私有分支的存在。因此,重要的是来自私有分支的任何提交也要对作者进行清理。
(上图点文件)。
digraph graphname {
node [shape=rectangle, style="filled"];
dotfiles [fillcolor="#ff9999", label="master (public) \n Desktop, laptop, workstation, server, vm"];
friendsworkstation [fillcolor="#ffffbb", label="Friend's Workstation (private)"]
prFromFriend [fillcolor="#ff9999", label="Friend opens PR (public)"]
{ rank=same dotfilesPrivate friendsworkstation prFromFriend }
dotfilesPrivate [fillcolor="#99ff99", label="master (private) \n Desktop, laptop, workstation, server, vm"]
dotfiles -> dotfilesPrivate
dotfiles -> friendsworkstation
dotfilesPrivate -> dotfiles
prFromFriend -> dotfiles
}
所以我最终解决了这个问题。基本上我所做的是使用 YADM 的 bootstrap 选项。我创建了一个 bootstrap 模板 bootstrap##yadm.j2
#!/usr/bin/env bash
SUBMODULE_INIT_VIM=`jq '.submodule_init_vim' ~/.yadm/bootstrap_vars.json`
{% if YADM_CLASS == 'Workstation' -%}
SSH_HOSTS=$(cat ~/template_data/ssh/hosts.json) envtpl --keep-template ~/.ssh/config##Workstation.tpl -o ~/.ssh/config
SEC=$(cat ~/template_data/weechat/sec.json) PASSPHRASE='tiddles' envtpl --keep-template ~/.weechat/sec.conf##Workstation.tpl -o ~/.weechat/sec.conf
SERVERS=$(cat ~/template_data/weechat/servers.json) envtpl --keep-template ~/.weechat/irc.conf##Workstation.tpl -o ~/.weechat/irc.conf
PATHS=$(cat ~/template_data/shell/path.json##Workstation.Linux) envtpl --keep-template ~/.bashrc##Workstation.Linux.tpl -o ~/.bashrc
if [ $SUBMODULE_INIT_VIM = "true" ]; then
vim '+PlugUpdate' '+PlugClean!' '+PlugUpdate' '+qall'
elif [ $SUBMODULE_INIT_VIM = "false" ]; then
echo "Not initalizing submodules for vim"
fi
RUN_PACKAGE_MANAGER=`jq '.run_package_manager' ~/.yadm/bootstrap_vars.json`
if [ $RUN_PACKAGE_MANAGER = "true" ]; then
{% if YADM_DISTRO == 'Arch' -%}
PACMAN_PACKAGES=(`jq -r 'join(" ")' ~/template_data/packages/pacman.json`)
echo "Running sudo pacman -Syu" ${PACMAN_PACKAGES[@]}
sudo pacman -Syu ${PACMAN_PACKAGES[@]}
if [ -f /usr/bin/yay ]; then
YAY_PACKAGES=(`jq -r 'join(" ")' ~/template_data/packages/yay.json`)
echo "Running yay -Syu" ${YAY_PACKAGES[@]}
yay -Syu ${PACMAN_PACKAGES[@]}
else
echo "Yay doesn't exist"
fi{%
elif YADM_DISTRO == 'Debian' -%}
APT_PACKAGES=(`jq -r 'join(" ")' ~/template_data/packages/debian.json`)
echo "Running sudo apt-get install" ${APT_PACKAGES[@]}
sudo apt-get install ${APT_PACKAGES[@]}
{% else -%}echo "Unknown distribution"{% endif %}
elif [ $RUN_PACKAGE_MANAGER = "false" ]; then
echo "Not installing any packages"
fi
{% elif YADM_CLASS == 'Router' -%}
MY_RANGE='2001:db8:AAA:AAA:AAA' envtpl --keep-template ~/.config/etc/iptables/rules6-save##Router.tpl -o ~/.config/etc/iptables/rules6-save
{% elif YADM_CLASS == 'VirtualMachine' -%}
echo "NOTE: Some configs for virtual machines"
{% else -%}
echo "ERROR: Unknown class selected"
{% endif -%}
我创建了一些 bootstrapping variables 并使用 jq 读取它们。这让我可以跳过初始化的某些部分。
{
"submodule_init_vim": false,
"run_package_manager": true
}
我对我的许多配置文件进行了模板化,并将模板数据放入 ~/template_data。
如果你看我的 .bashrc config 你可以看到我在路径中的阅读方式:
export PATH="{% for v in PATHS | from_json %}{{v.path |join(':')}}{% endfor %}"
从 /template_data/shell/path.json##Linux.
[
{"path": ["/usr/local/sbin",
"/usr/local/bin",
"/usr/sbin",
"/usr/bin",
"/sbin",
"/bin",
"/usr/libexec",
"$HOME/.local/bin"]
}
]
这是一个简单的例子,但我对 SSH hosts too 做了同样的事情。
{% for v in SSH_HOSTS | from_json %}{%
if v.Host != '' %}Host {{ v.Host }}{%
endif %}{%
if v.Comment != '' %}
{{ v.Comment }}{% endif %}{%
if v.Hostname != '' %}
Hostname {{ v.Hostname }}{%
endif %}{%
if v.Port != '' %}
Port {{ v.Port }}{% endif %}{%
if v.User != '' %}
User {{ v.User }}{% endif %}{%
if v.HostKeyAlgorithms != '' %}
HostKeyAlgorithms {{ v.HostKeyAlgorithms }}{%
endif %}{%
if v.KexAlgorithms != '' %}
KexAlgorithms {{ v.KexAlgorithms }}{% endif %}{%
if v.Ciphers != '' %}
Ciphers {{ v.Ciphers }}{% endif %}{%
if v.MACs != '' %}
MACs {{ v.MACs }}{% endif %}{%
if v.PasswordAuthentication != '' %}
PasswordAuthentication {{ v.PasswordAuthentication }}{% endif %}{%
if v.IdentifyFile != '' %}
IdentityFile {{ v.IdentifyFile }}{% endif %}
{% endfor %}
我从 template_data/ssh/hosts.json
[
{
"Host":"NSA",
"Comment": "# Compute with world's dick pix",
"Hostname":"203.0.113.1",
"Port": "",
"User": "nsa",
"HostKeyAlgorithms":"",
"KexAlgorithms": "",
"Ciphers": "",
"MACs":"",
"PasswordAuthentication": "",
"IdentifyFile":"~/.ssh/id_ed25519_nsa"
},
{
"Host":"CIA",
"Comment": "",
"Hostname":"203.0.113.2",
"Port": "",
"User": "cia",
"HostKeyAlgorithms":"",
"KexAlgorithms": "",
"Ciphers": "",
"MACs":"",
"PasswordAuthentication": "",
"IdentifyFile":"~/.ssh/id_ed25519_cia"
}
]