dotfiles VS git-crypt

find-invalid-utf8: walks a directory tree and prints invalid UTF-8 in files using nice hex escapes with coloring. This is useful for honing on in where invalid UTF-8 occur. You have a good bet of finding some by checking out any moderately sized repository of code. The Linux kernel used to have some. The Mozilla repo does. The CPython repo does too. This is why it's important for CLI tools to deal with invalid UTF-8 gracefully in some way.

Yeah it's great! I used it to implement a little utility to convert a subset of SMS/MMS messages from an XML backup to a more readable plain text version: https://github.com/BurntSushi/dotfiles/blob/0b075d79a6ff8812a1f48a37b9858938b3eadc58/bin/rust/searchsms/main.rs

My dotfiles: https://github.com/BurntSushi/dotfiles

Here are some selected scripts folks might find interesting.

Here's my backup script that I use to encrypt my data at rest before shipping it off to s3. Runs every night and is idempotent. I use s3 lifecycle rules to keep data around for 6 months after it's deleted. That way, if my script goofs, I can recover: https://github.com/BurntSushi/dotfiles/blob/2f58eedf3b7f7dae...

I have so many machines running Archlinux that I wrote my own little helper for installing Arch that configures the machine in the way I expect: https://github.com/BurntSushi/dotfiles/blob/2f58eedf3b7f7dae...

A tiny little script to recover the git commit message you spent 10 minutes writing, but "lost" because something caused the actual commit to fail (like a gpg error): https://github.com/BurntSushi/dotfiles/blob/2f58eedf3b7f7dae...

A script that produces a GitHub permalink from just a file path and some optional file numbers. Pass --clip to put it on your clipboard: https://github.com/BurntSushi/dotfiles/blob/2f58eedf3b7f7dae... --- I use it with this vimscript function to quickly generate permalinks from my editor: https://github.com/BurntSushi/dotfiles/blob/2f58eedf3b7f7dae...

A wrapper around 'gh' (previously: 'hub') that lets you run 'hub-rollup pr-number' and it will automatically rebase that PR into your current branch. This is useful for creating one big "rollup" branch of a bunch of PRs. It is idempotent. https://github.com/BurntSushi/dotfiles/blob/2f58eedf3b7f7dae...

Scale a video without having to memorize ffmpeg's crazy CLI syntax: https://github.com/BurntSushi/dotfiles/blob/2f58eedf3b7f7dae...

Under X11, copy something to your clipboard using the best tool available: https://github.com/BurntSushi/dotfiles/blob/2f58eedf3b7f7dae...

Otherwise, the most common "breakage" I get is when I forget to update in a while. Used to be a mostly non-issue until package signing became a thing. Now I get lots of signing errors when I update. When that happens, I run this script and it usually fixes things: https://github.com/BurntSushi/dotfiles/blob/2f58eedf3b7f7dae7f0a7cea1a641459e25e5d07/bin/pacman-fix-keys

Sadly, at work, I can't use my own bespoke setup any more. I'm effectively forced to use GNOME, which has the same braindead support for multiple monitors that KDE has. These days, I just gave up on multiple monitors and work on my laptop in my sunroom at home. Back when I was in the office and using multiple monitors, it pretty much sucked, but I did write a little script that lets me at least move focus between monitors using my keyboard while respecting the window stacking order. I had intended to expand it with more stuff, but then COVID hit, my sunroom became my work environment and multiple monitors became a luxury I didn't care about any more. For work, anyway.

The zsh builtin with a custom TIMEFMT: https://github.com/BurntSushi/dotfiles/blob/965383e6eeb0bad4...

That's what I used to do, but I switched to Josh's strategy a couple years ago.[1] It doesn't "blow up" git-status. If some new piece of software creates a new directory with a bunch of random stuff in it, git-status will just show you the directory since it is is untracked, and not everything in it.

[1]: https://github.com/BurntSushi/dotfiles/blob/965383e6eeb0bad4...

But I did that enough that I've scripted most of it: https://github.com/BurntSushi/dotfiles/blob/caed7921e48d112cc8932b33b81013fcbbcb2e08/bin/arch-install

For docs and license, see: https://github.com/BurntSushi/dotfiles/tree/master/.doc

This is why I kept mine private for so many years too. A bit ago, I cleaned house and published them: https://github.com/BurntSushi/dotfiles

Store the Secrets in a repo using gitcrypt or another encryption tool.

Consider using git-crypt for transparent encryption instead.

There‘s plugins like https://github.com/AGWA/git-crypt or https://git-secret.io that you can use to encrypt the files for yourself, so that they are available on multiple machines to you

There aren't really alternatives to being very very careful, tbh. But it's a bit of a smell that there are secrets kept alongside your source code. There are cases where you might want secrets in git, but if they're there on purpose you'll hopefully be doing something about it, like encrypting them first. git-crypt is useful here.

Use either Mozilla SOPS to encrypt the values in the file, or got-encrypt to encrypt the whole repo

https://github.com/AGWA/git-crypt for whole repo

git-crypt

You could use git-crypt on the flake.lock file to have it managed by Git but be opaque to anybody without the encryption keys.

I put secrets like API access keys on github using git-crypt and it's been working flawlessly for years. I do plan to eventually migrate to agebox, which is incredibly simple to use, as getting the gpg-agent working in Windows and WSL is very difficult (works okay on Linux).

I've been thinking about this a lot lately too, but I'm going to settle on encrypting them and storing them in my private git repo using git crypt.