2015-07-14 21:39:52 +00:00
|
|
|
." vim: set spell so=8:
|
2017-02-10 22:32:07 +00:00
|
|
|
.TH yadm 1 "10 February 2017" "1.07"
|
2015-07-14 12:48:47 +00:00
|
|
|
.SH NAME
|
|
|
|
yadm \- Yet Another Dotfiles Manager
|
|
|
|
.SH SYNOPSIS
|
2015-07-14 21:39:52 +00:00
|
|
|
.B yadm
|
|
|
|
.I command
|
|
|
|
.RI [ options ]
|
|
|
|
|
|
|
|
.B yadm
|
|
|
|
.I git-command-or-alias
|
|
|
|
.RI [ options ]
|
|
|
|
|
|
|
|
.B yadm
|
|
|
|
init
|
|
|
|
.RB [ -f ]
|
2015-08-29 15:22:41 +00:00
|
|
|
.RB [ -w
|
|
|
|
.IR directory ]
|
2015-07-14 21:39:52 +00:00
|
|
|
|
|
|
|
.B yadm
|
|
|
|
.RI clone " url
|
|
|
|
.RB [ -f ]
|
|
|
|
.RB [ -w
|
|
|
|
.IR directory ]
|
2017-02-01 00:00:06 +00:00
|
|
|
.RB [ --bootstrap ]
|
|
|
|
.RB [ --no-bootstrap ]
|
2015-07-14 21:39:52 +00:00
|
|
|
|
|
|
|
.B yadm
|
|
|
|
.RI config " name
|
|
|
|
.RI [ value ]
|
|
|
|
|
|
|
|
.B yadm
|
|
|
|
config
|
|
|
|
.RB [ -e ]
|
|
|
|
|
|
|
|
.B yadm
|
|
|
|
list
|
|
|
|
.RB [ -a ]
|
|
|
|
|
2017-02-01 00:00:06 +00:00
|
|
|
.BR yadm " bootstrap
|
|
|
|
|
2015-07-14 21:39:52 +00:00
|
|
|
.BR yadm " encrypt
|
|
|
|
|
2017-03-21 10:53:13 +00:00
|
|
|
.BR yadm " enter
|
|
|
|
|
2015-07-14 21:39:52 +00:00
|
|
|
.BR yadm " decrypt
|
2015-07-17 01:57:53 +00:00
|
|
|
.RB [ -l ]
|
2015-07-14 21:39:52 +00:00
|
|
|
|
|
|
|
.BR yadm " alt
|
|
|
|
|
|
|
|
.BR yadm " perms
|
2015-07-14 12:48:47 +00:00
|
|
|
.SH DESCRIPTION
|
2015-07-14 21:39:52 +00:00
|
|
|
.B yadm
|
|
|
|
is a tool for managing a collection of files across multiple computers,
|
|
|
|
using a shared Git repository.
|
|
|
|
In addition,
|
|
|
|
.B yadm
|
|
|
|
provides a feature to select alternate versions of files
|
2017-01-10 11:01:37 +00:00
|
|
|
based on the operating system or host name.
|
2015-07-14 21:39:52 +00:00
|
|
|
Lastly,
|
|
|
|
.B yadm
|
|
|
|
supplies the ability to manage a subset of secure files, which are
|
|
|
|
encrypted before they are included in the repository.
|
|
|
|
.SH COMMANDS
|
|
|
|
.TP
|
|
|
|
.IR git-command " or " git-alias
|
|
|
|
Any command not internally handled by
|
|
|
|
.B yadm
|
|
|
|
is passed through to
|
|
|
|
.BR git (1).
|
|
|
|
Git commands or aliases are invoked with the
|
|
|
|
.B yadm
|
|
|
|
managed repository.
|
2017-03-30 21:30:49 +00:00
|
|
|
The working directory for Git commands will be the configured
|
2015-07-14 21:39:52 +00:00
|
|
|
.IR work-tree " (usually
|
|
|
|
.IR $HOME ).
|
|
|
|
|
|
|
|
Dotfiles are managed by using standard
|
|
|
|
.B git
|
|
|
|
commands;
|
|
|
|
.IR add ,
|
|
|
|
.IR commit ,
|
|
|
|
.IR push ,
|
|
|
|
.IR pull ,
|
|
|
|
etc.
|
|
|
|
|
|
|
|
.RI The " config
|
|
|
|
command is not passed directly through.
|
|
|
|
Instead use the
|
|
|
|
.I gitconfig
|
|
|
|
command (see below).
|
|
|
|
.TP
|
|
|
|
.B alt
|
2017-03-31 05:30:36 +00:00
|
|
|
Create symbolic links and process Jinja templates for any managed files
|
|
|
|
matching the naming rules described in the ALTERNATES and JINJA sections. It is
|
|
|
|
usually unnecessary to run this command, as
|
2015-07-14 21:39:52 +00:00
|
|
|
.B yadm
|
|
|
|
automatically processes alternates by default.
|
|
|
|
This automatic behavior can be disabled by setting the configuration
|
|
|
|
.I yadm.auto-alt
|
|
|
|
to "false".
|
|
|
|
.TP
|
2017-02-01 00:00:06 +00:00
|
|
|
.B bootstrap
|
|
|
|
Execute
|
|
|
|
.I $HOME/.yadm/bootstrap
|
|
|
|
if it exists.
|
|
|
|
.TP
|
2015-07-14 21:39:52 +00:00
|
|
|
.BI clone " url
|
|
|
|
Clone a remote repository for tracking dotfiles.
|
|
|
|
After the contents of the remote repository have been fetched, a "merge" of
|
|
|
|
.I origin/master
|
|
|
|
is attempted.
|
|
|
|
If there are conflicting files already present in the
|
|
|
|
.IR work-tree ,
|
|
|
|
this merge will fail and instead a "reset" of
|
|
|
|
.I origin/master
|
2017-02-01 00:00:06 +00:00
|
|
|
will be done, followed by a "stash". This "stash" operation will preserve the
|
|
|
|
original data.
|
|
|
|
|
|
|
|
You can review the stashed conflicts by running the command
|
2015-07-14 21:39:52 +00:00
|
|
|
|
|
|
|
.RS
|
|
|
|
.RS
|
2017-02-01 00:00:06 +00:00
|
|
|
yadm stash show -p
|
2015-07-14 21:39:52 +00:00
|
|
|
.RE
|
2017-02-01 00:00:06 +00:00
|
|
|
|
|
|
|
from within your
|
|
|
|
.I $HOME
|
|
|
|
directory. If you want to restore the stashed data, you can run
|
|
|
|
|
|
|
|
.RS
|
|
|
|
yadm stash apply
|
|
|
|
.RE
|
|
|
|
or
|
|
|
|
.RS
|
|
|
|
yadm stash pop
|
2015-07-14 21:39:52 +00:00
|
|
|
.RE
|
2017-02-01 00:00:06 +00:00
|
|
|
|
2015-07-14 21:39:52 +00:00
|
|
|
The repository is stored in
|
|
|
|
.IR $HOME/.yadm/repo.git .
|
|
|
|
By default,
|
|
|
|
.I $HOME
|
|
|
|
will be used as the
|
|
|
|
.IR work-tree ,
|
|
|
|
but this can be overridden with the
|
|
|
|
.BR -w " option.
|
|
|
|
.B yadm
|
|
|
|
can be forced to overwrite an existing repository by providing the
|
|
|
|
.BR -f " option.
|
2017-02-01 00:00:06 +00:00
|
|
|
By default
|
|
|
|
.B yadm
|
|
|
|
will ask the user if the bootstrap program should be run (if it exists). The
|
|
|
|
options
|
|
|
|
.BR --bootstrap " or " --no-bootstrap
|
|
|
|
will either force the bootstrap to be run, or prevent it from being run,
|
|
|
|
without prompting the user.
|
|
|
|
.RE
|
2015-07-14 21:39:52 +00:00
|
|
|
.TP
|
|
|
|
.B config
|
|
|
|
This command manages configurations for
|
|
|
|
.BR yadm .
|
|
|
|
This command works exactly they way
|
|
|
|
.BR git-config (1)
|
|
|
|
does.
|
|
|
|
See the CONFIGURATION section for more details.
|
|
|
|
.TP
|
|
|
|
.B decrypt
|
|
|
|
Decrypt all files stored in
|
|
|
|
.IR $HOME/.yadm/files.gpg .
|
|
|
|
Files decrypted will be relative to the configured
|
|
|
|
.IR work-tree " (usually
|
|
|
|
.IR $HOME ).
|
2015-07-17 01:57:53 +00:00
|
|
|
Using the
|
|
|
|
.B -l
|
|
|
|
option will list the files stored without extracting them.
|
2015-07-14 21:39:52 +00:00
|
|
|
.TP
|
|
|
|
.B encrypt
|
|
|
|
Encrypt all files matching the patterns found in
|
|
|
|
.IR $HOME/.yadm/encrypt .
|
|
|
|
See the ENCRYPTION section for more details.
|
|
|
|
.TP
|
2017-03-21 10:53:13 +00:00
|
|
|
.B enter
|
2017-03-30 21:30:44 +00:00
|
|
|
Run a sub-shell with all Git variables set. This can be used to easily interact
|
|
|
|
with your Git repository. This is also useful if you are using Emacs Tramp and
|
|
|
|
Magit to manage your directory. You can add this configuration in your Emacs
|
|
|
|
configuration:
|
2017-03-21 10:53:13 +00:00
|
|
|
.RS
|
|
|
|
(add-to-list 'tramp-methods
|
2017-03-30 21:30:44 +00:00
|
|
|
'("yadm"
|
|
|
|
(tramp-login-program "yadm")
|
|
|
|
(tramp-login-args (("enter")))
|
|
|
|
(tramp-remote-shell "/bin/sh")
|
|
|
|
(tramp-remote-shell-args ("-c"))))
|
2017-03-21 10:53:13 +00:00
|
|
|
.RE
|
|
|
|
.TP
|
2015-07-14 21:39:52 +00:00
|
|
|
.B gitconfig
|
|
|
|
Pass options to the
|
|
|
|
.B git config
|
|
|
|
command. Since
|
|
|
|
.B yadm
|
|
|
|
already uses the
|
|
|
|
.I config
|
|
|
|
command to manage its own configurations,
|
|
|
|
this command is provided as a way to change configurations of the repository managed by
|
|
|
|
.BR yadm .
|
2015-07-26 15:59:13 +00:00
|
|
|
One useful case might be to configure the repository so untracked files are shown in status commands.
|
|
|
|
.B yadm
|
|
|
|
initially configures its repository so that untracked files are not shown.
|
2017-03-30 21:30:49 +00:00
|
|
|
If you wish use the default Git behavior (to show untracked files and directories), you can remove this configuration.
|
2015-07-14 21:39:52 +00:00
|
|
|
|
|
|
|
.RS
|
|
|
|
.RS
|
2015-07-26 15:59:13 +00:00
|
|
|
yadm gitconfig --unset status.showUntrackedFiles
|
2015-07-14 21:39:52 +00:00
|
|
|
.RE
|
|
|
|
.RE
|
|
|
|
.TP
|
|
|
|
.B help
|
|
|
|
Print a summary of
|
|
|
|
.BR yadm " commands.
|
|
|
|
.TP
|
|
|
|
.B init
|
|
|
|
Initialize a new, empty repository for tracking dotfiles.
|
|
|
|
The repository is stored in
|
|
|
|
.IR $HOME/.yadm/repo.git .
|
|
|
|
By default,
|
|
|
|
.I $HOME
|
|
|
|
will be used as the
|
|
|
|
.IR work-tree ,
|
|
|
|
but this can be overridden with the
|
|
|
|
.BR -w " option.
|
|
|
|
.B yadm
|
|
|
|
can be forced to overwrite an existing repository by providing the
|
|
|
|
.BR -f " option.
|
|
|
|
.TP
|
|
|
|
.B list
|
|
|
|
Print a list of files managed by
|
|
|
|
.BR yadm .
|
|
|
|
.RB The " -a
|
|
|
|
option will cause all managed files to be listed.
|
|
|
|
Otherwise, the list will only include files from the current directory or below.
|
|
|
|
.TP
|
|
|
|
.B perms
|
|
|
|
Update permissions as described in the PERMISSIONS section.
|
|
|
|
It is usually unnecessary to run this command, as
|
|
|
|
.B yadm
|
|
|
|
automatically processes permissions by default.
|
|
|
|
This automatic behavior can be disabled by setting the configuration
|
|
|
|
.I yadm.auto-perms
|
|
|
|
to "false".
|
|
|
|
.TP
|
|
|
|
.B version
|
|
|
|
Print the version of
|
|
|
|
.BR yadm .
|
2016-04-18 22:24:04 +00:00
|
|
|
.SH OPTIONS
|
|
|
|
|
|
|
|
.B yadm
|
|
|
|
supports a set of universal options that alter the paths it uses.
|
|
|
|
The default paths are documented in the FILES section.
|
|
|
|
Any path specified by these options must be fully qualified.
|
|
|
|
If you always want to override one or more of these paths, it may be useful to create an alias for the
|
|
|
|
.B yadm
|
|
|
|
command.
|
|
|
|
For example, the following alias could be used to override the repository directory.
|
|
|
|
|
|
|
|
.RS
|
|
|
|
alias yadm='yadm --yadm-repo /alternate/path/to/repo'
|
|
|
|
.RE
|
|
|
|
|
|
|
|
The following is the full list of universal options.
|
|
|
|
Each option should be followed by a fully qualified path.
|
|
|
|
.TP
|
|
|
|
.B -Y,--yadm-dir
|
|
|
|
Override the
|
|
|
|
.B yadm
|
|
|
|
directory.
|
|
|
|
.B yadm
|
|
|
|
stores its data relative to this directory.
|
|
|
|
.TP
|
|
|
|
.B --yadm-repo
|
|
|
|
Override the location of the
|
|
|
|
.B yadm
|
|
|
|
repository.
|
|
|
|
.TP
|
|
|
|
.B --yadm-config
|
|
|
|
Override the location of the
|
|
|
|
.B yadm
|
|
|
|
configuration file.
|
|
|
|
.TP
|
|
|
|
.B --yadm-encrypt
|
|
|
|
Override the location of the
|
|
|
|
.B yadm
|
|
|
|
encryption configuration.
|
|
|
|
.TP
|
|
|
|
.B --yadm-archive
|
|
|
|
Override the location of the
|
|
|
|
.B yadm
|
|
|
|
encrypted files archive.
|
2017-02-01 00:00:06 +00:00
|
|
|
.TP
|
|
|
|
.B --yadm-bootstrap
|
|
|
|
Override the location of the
|
|
|
|
.B yadm
|
|
|
|
bootstrap program.
|
2015-07-14 21:39:52 +00:00
|
|
|
.SH CONFIGURATION
|
|
|
|
.B yadm
|
|
|
|
uses a configuration file named
|
|
|
|
.IR $HOME/.yadm/config .
|
|
|
|
This file uses the same format as
|
|
|
|
.BR git-config (1).
|
|
|
|
Also, you can control the contents of the configuration file
|
|
|
|
via the
|
|
|
|
.B yadm config
|
|
|
|
command (which works exactly like
|
|
|
|
.BR git-config ).
|
|
|
|
For example, to disable alternates you can run the command:
|
|
|
|
|
|
|
|
.RS
|
|
|
|
yadm config yadm.auto-alt false
|
|
|
|
.RE
|
|
|
|
|
|
|
|
The following is the full list of supported configurations:
|
|
|
|
.TP
|
|
|
|
.B yadm.auto-alt
|
|
|
|
Disable the automatic linking described in the section ALTERNATES.
|
|
|
|
If disabled, you may still run
|
|
|
|
.B yadm alt
|
|
|
|
manually to create the alternate links.
|
|
|
|
This feature is enabled by default.
|
|
|
|
.TP
|
|
|
|
.B yadm.auto-perms
|
|
|
|
Disable the automatic permission changes described in the section PERMISSIONS.
|
|
|
|
If disabled, you may still run
|
|
|
|
.B yadm perms
|
|
|
|
manually to update permissions.
|
|
|
|
This feature is enabled by default.
|
|
|
|
.TP
|
|
|
|
.B yadm.ssh-perms
|
|
|
|
Disable the permission changes to
|
|
|
|
.IR $HOME/.ssh/* .
|
|
|
|
This feature is enabled by default.
|
2015-08-07 12:18:22 +00:00
|
|
|
.TP
|
|
|
|
.B yadm.gpg-perms
|
|
|
|
Disable the permission changes to
|
|
|
|
.IR $HOME/.gnupg/* .
|
|
|
|
This feature is enabled by default.
|
2016-04-19 19:56:00 +00:00
|
|
|
.TP
|
|
|
|
.B yadm.gpg-recipient
|
|
|
|
Asymmetrically encrypt files with a gpg public/private key pair.
|
2016-04-21 12:59:43 +00:00
|
|
|
Provide a "key ID" to specify which public key to encrypt with.
|
|
|
|
The key must exist in your public keyrings.
|
2016-04-19 19:56:00 +00:00
|
|
|
If left blank or not provided, symmetric encryption is used instead.
|
2016-04-21 12:59:43 +00:00
|
|
|
If set to "ASK", gpg will interactively ask for recipients.
|
|
|
|
See the ENCRYPTION section for more details.
|
|
|
|
This feature is disabled by default.
|
2016-08-13 22:17:16 +00:00
|
|
|
.TP
|
|
|
|
.B yadm.gpg-program
|
|
|
|
Specify an alternate program to use instead of "gpg".
|
|
|
|
By default, the first "gpg" found in $PATH is used.
|
2017-01-12 22:27:48 +00:00
|
|
|
.TP
|
|
|
|
.B yadm.git-program
|
|
|
|
Specify an alternate program to use instead of "git".
|
|
|
|
By default, the first "git" found in $PATH is used.
|
2017-02-01 00:00:06 +00:00
|
|
|
|
|
|
|
.RE
|
|
|
|
These last four "local" configurations are not stored in the
|
|
|
|
.IR $HOME/.yadm/config,
|
|
|
|
they are stored in the local repository.
|
|
|
|
|
|
|
|
.TP
|
|
|
|
.B local.class
|
|
|
|
Specify a CLASS for the purpose of symlinking alternate files.
|
|
|
|
By default, no CLASS will be matched.
|
|
|
|
.TP
|
|
|
|
.B local.os
|
|
|
|
Override the OS for the purpose of symlinking alternate files.
|
|
|
|
.TP
|
|
|
|
.B local.hostname
|
|
|
|
Override the HOSTNAME for the purpose of symlinking alternate files.
|
|
|
|
.TP
|
|
|
|
.B local.user
|
|
|
|
Override the USER for the purpose of symlinking alternate files.
|
2015-07-14 21:39:52 +00:00
|
|
|
.SH ALTERNATES
|
|
|
|
When managing a set of files across different systems, it can be useful to have
|
|
|
|
an automated way of choosing an alternate version of a file for a different
|
2017-01-10 11:01:37 +00:00
|
|
|
operating system, host, or user.
|
2015-07-14 21:39:52 +00:00
|
|
|
.B yadm
|
|
|
|
implements a feature which will automatically create a symbolic link to
|
|
|
|
the appropriate version of a file, as long as you follow a specific naming
|
|
|
|
convention.
|
|
|
|
.B yadm
|
2017-02-01 00:00:06 +00:00
|
|
|
can detect files with names ending in any of the following:
|
2015-07-14 21:39:52 +00:00
|
|
|
|
2017-02-01 00:00:06 +00:00
|
|
|
##
|
|
|
|
##CLASS
|
|
|
|
##CLASS.OS
|
|
|
|
##CLASS.OS.HOSTNAME
|
|
|
|
##CLASS.OS.HOSTNAME.USER
|
|
|
|
##OS
|
|
|
|
##OS.HOSTNAME
|
|
|
|
##OS.HOSTNAME.USER
|
2015-07-14 21:39:52 +00:00
|
|
|
|
|
|
|
If there are any files managed by
|
|
|
|
.BR yadm \'s
|
2017-01-12 22:53:37 +00:00
|
|
|
repository,
|
2017-03-31 02:58:26 +00:00
|
|
|
or listed in
|
2017-01-12 22:53:37 +00:00
|
|
|
.IR $HOME/.yadm/encrypt ,
|
|
|
|
which match this naming convention,
|
2015-07-14 21:39:52 +00:00
|
|
|
symbolic links will be created for the most appropriate version.
|
|
|
|
This may best be demonstrated by example. Assume the following files are managed by
|
|
|
|
.BR yadm \'s
|
|
|
|
repository:
|
|
|
|
|
2015-07-19 17:06:51 +00:00
|
|
|
- $HOME/path/example.txt##
|
2017-02-01 00:00:06 +00:00
|
|
|
- $HOME/path/example.txt##Work
|
2015-07-14 21:39:52 +00:00
|
|
|
- $HOME/path/example.txt##Darwin
|
|
|
|
- $HOME/path/example.txt##Darwin.host1
|
|
|
|
- $HOME/path/example.txt##Darwin.host2
|
|
|
|
- $HOME/path/example.txt##Linux
|
|
|
|
- $HOME/path/example.txt##Linux.host1
|
|
|
|
- $HOME/path/example.txt##Linux.host2
|
|
|
|
|
|
|
|
If running on a Macbook named "host2",
|
|
|
|
.B yadm
|
|
|
|
will create a symbolic link which looks like this:
|
|
|
|
|
|
|
|
.IR $HOME/path/example.txt " -> " $HOME/path/example.txt##Darwin.host2
|
|
|
|
|
|
|
|
However, on another Mackbook named "host3",
|
|
|
|
.B yadm
|
|
|
|
will create a symbolic link which looks like this:
|
|
|
|
|
|
|
|
.IR $HOME/path/example.txt " -> " $HOME/path/example.txt##Darwin
|
|
|
|
|
|
|
|
Since the hostname doesn't match any of the managed files, the more generic version is chosen.
|
|
|
|
|
2015-07-19 17:06:51 +00:00
|
|
|
If running on a Linux server named "host4", the link will be:
|
2015-07-14 21:39:52 +00:00
|
|
|
|
|
|
|
.IR $HOME/path/example.txt " -> " $HOME/path/example.txt##Linux
|
|
|
|
|
2015-07-19 17:06:51 +00:00
|
|
|
If running on a Solaris server, the link use the default "##" version:
|
2015-07-14 21:39:52 +00:00
|
|
|
|
2015-07-19 17:06:51 +00:00
|
|
|
.IR $HOME/path/example.txt " -> " $HOME/path/example.txt##
|
|
|
|
|
2017-02-01 00:00:06 +00:00
|
|
|
If running on a system, with CLASS set to "Work", the link will be:
|
|
|
|
|
|
|
|
.IR $HOME/path/example.txt " -> " $HOME/path/example.txt##WORK
|
|
|
|
|
|
|
|
If no "##" version exists and no files match the current CLASS/OS/HOSTNAME/USER, then no link will be created.
|
2015-07-19 17:06:51 +00:00
|
|
|
|
2016-08-05 21:09:26 +00:00
|
|
|
Links are also created for directories named this way, as long as they have at least one
|
|
|
|
.B yadm
|
|
|
|
managed file within them.
|
|
|
|
|
2017-02-01 00:00:06 +00:00
|
|
|
CLASS must be manually set using
|
|
|
|
.BR yadm\ config\ local.class\ <class> .
|
2015-07-19 17:06:51 +00:00
|
|
|
OS is determined by running
|
|
|
|
.BR uname\ -s ,
|
2016-01-09 03:43:23 +00:00
|
|
|
HOSTNAME by running
|
2017-02-01 00:00:06 +00:00
|
|
|
.BR hostname ,
|
2016-01-09 03:43:23 +00:00
|
|
|
and USER by running
|
|
|
|
.BR id\ -u\ -n .
|
2015-07-14 21:39:52 +00:00
|
|
|
.B yadm
|
|
|
|
will automatically create these links by default. This can be disabled using the
|
|
|
|
.I yadm.auto-alt
|
|
|
|
configuration.
|
|
|
|
Even if disabled, links can be manually created by running
|
|
|
|
.BR yadm\ alt .
|
2017-02-01 00:00:06 +00:00
|
|
|
|
|
|
|
It is possible to use "%" as a "wildcard" in place of CLASS, OS, HOSTNAME, or
|
|
|
|
USER. For example, The following file could be linked for any host when the
|
|
|
|
user is "harvey".
|
|
|
|
|
|
|
|
.IR $HOME/path/example.txt##%.%.harvey
|
|
|
|
|
|
|
|
CLASS is a special value which is stored locally on each host (inside the local
|
|
|
|
repository). To use alternate symlinks using CLASS, you must set the value of
|
|
|
|
class using the configuration
|
|
|
|
.BR local.class .
|
|
|
|
This is set like any other
|
|
|
|
.B yadm
|
|
|
|
configuration with the
|
|
|
|
.B yadm config
|
|
|
|
command. The following sets the CLASS to be "Work".
|
|
|
|
|
|
|
|
yadm config local.class Work
|
|
|
|
|
|
|
|
Similarly, the values of OS, HOSTNAME, and USER can be manually overridden
|
|
|
|
using the configuration options
|
|
|
|
.BR local.os ,
|
|
|
|
.BR local.hostname ,
|
|
|
|
and
|
|
|
|
.BR local.user .
|
|
|
|
|
2017-03-31 05:30:36 +00:00
|
|
|
.SH JINJA
|
|
|
|
If the
|
|
|
|
.B envtpl
|
|
|
|
command is available,
|
|
|
|
.B Jinja
|
|
|
|
templates will also be processed to create or overwrite real files.
|
2017-03-25 18:26:10 +00:00
|
|
|
.B yadm
|
2017-03-31 02:58:26 +00:00
|
|
|
will treat files ending in
|
2017-03-25 18:26:10 +00:00
|
|
|
|
2017-03-31 05:30:36 +00:00
|
|
|
##yadm_tmpl
|
2017-03-25 18:26:10 +00:00
|
|
|
|
2017-03-31 05:30:36 +00:00
|
|
|
as Jinja templates. During processing, the following variables are set
|
|
|
|
according to the rules explained in the ALTERNATES section:
|
2017-03-25 18:26:10 +00:00
|
|
|
|
2017-03-31 05:30:36 +00:00
|
|
|
YADM_CLASS
|
|
|
|
YADM_OS
|
|
|
|
YADM_HOSTNAME
|
|
|
|
YADM_USER
|
2017-03-25 18:26:10 +00:00
|
|
|
|
2017-03-31 05:30:36 +00:00
|
|
|
For example, a file named
|
|
|
|
.I whatever##yadm_tmpl
|
|
|
|
with the following content
|
2017-03-25 18:26:10 +00:00
|
|
|
|
2017-03-31 05:30:36 +00:00
|
|
|
{% if YADM_USER == 'harvey' -%}
|
|
|
|
config={{YADM_CLASS}}-{{ YADM_OS }}
|
|
|
|
{% else -%}
|
|
|
|
config=dev-whatever
|
|
|
|
{% endif -%}
|
2017-03-25 18:26:10 +00:00
|
|
|
|
2017-03-31 05:30:36 +00:00
|
|
|
would output a file named
|
|
|
|
.I whatever
|
|
|
|
with the following content if the user is "harvey":
|
2017-03-25 18:26:10 +00:00
|
|
|
|
2017-03-31 05:30:36 +00:00
|
|
|
config=work-Linux
|
2017-03-25 18:26:10 +00:00
|
|
|
|
|
|
|
and the following otherwise:
|
|
|
|
|
2017-03-31 05:30:36 +00:00
|
|
|
config=dev-whatever
|
2017-03-25 18:26:10 +00:00
|
|
|
|
2017-03-31 05:30:36 +00:00
|
|
|
See http://jinja.pocoo.org/ for an overview of
|
|
|
|
.BR Jinja .
|
2017-03-25 18:26:10 +00:00
|
|
|
|
2015-07-14 21:39:52 +00:00
|
|
|
.SH ENCRYPTION
|
2015-08-07 12:18:22 +00:00
|
|
|
It can be useful to manage confidential files, like SSH or GPG keys, across
|
|
|
|
multiple systems. However, doing so would put plain text data into a Git
|
|
|
|
repository, which often resides on a public system.
|
2015-07-14 21:39:52 +00:00
|
|
|
.B yadm
|
|
|
|
implements a feature which can make it easy to encrypt and decrypt a set of
|
|
|
|
files so the encrypted version can be maintained in the Git repository.
|
|
|
|
This feature will only work if the
|
|
|
|
.BR gpg (1)
|
|
|
|
command is available.
|
|
|
|
|
|
|
|
To use this feature, a list of patterns must be created and saved as
|
|
|
|
.IR $HOME/.yadm/encrypt .
|
|
|
|
This list of patterns should be relative to the configured
|
|
|
|
.IR work-tree " (usually
|
|
|
|
.IR $HOME ).
|
|
|
|
For example:
|
|
|
|
|
|
|
|
.RS
|
2015-08-07 12:18:22 +00:00
|
|
|
.ssh/*.key
|
|
|
|
.gnupg/*.gpg
|
2015-07-14 21:39:52 +00:00
|
|
|
.RE
|
|
|
|
|
|
|
|
The
|
|
|
|
.B yadm encrypt
|
|
|
|
command will find all files matching the patterns, and prompt for a password. Once a
|
|
|
|
password has confirmed, the matching files will be encrypted and saved as
|
|
|
|
.IR $HOME/.yadm/files.gpg .
|
|
|
|
The patterns and files.gpg should be added to the
|
|
|
|
.B yadm
|
|
|
|
repository so they are available across multiple systems.
|
|
|
|
|
|
|
|
To decrypt these files later, or on another system run
|
|
|
|
.BR yadm\ decrypt
|
|
|
|
and provide the correct password.
|
|
|
|
After files are decrypted, permissions are automatically updated as described
|
|
|
|
in the PERMISSIONS section.
|
|
|
|
|
2016-04-21 12:59:43 +00:00
|
|
|
Symmetric encryption is used by default, but asymmetric encryption may be
|
|
|
|
enabled using the
|
|
|
|
.I yadm.gpg-recipient
|
|
|
|
configuration.
|
|
|
|
|
2015-07-17 07:29:20 +00:00
|
|
|
.BR NOTE :
|
2015-07-19 18:01:52 +00:00
|
|
|
It is recommended that you use a private repository when keeping confidential
|
|
|
|
files, even though they are encrypted.
|
2015-07-14 21:39:52 +00:00
|
|
|
.SH PERMISSIONS
|
|
|
|
When files are checked out of a Git repository, their initial permissions are
|
|
|
|
dependent upon the user's umask. This can result in confidential files with lax permissions.
|
|
|
|
|
|
|
|
To prevent this,
|
|
|
|
.B yadm
|
|
|
|
will automatically update the permissions of confidential files.
|
|
|
|
The "group" and "others" permissions will be removed from the following files:
|
|
|
|
|
|
|
|
.RI - " $HOME/.yadm/files.gpg
|
|
|
|
|
|
|
|
- All files matching patterns in
|
|
|
|
.I $HOME/.yadm/encrypt
|
|
|
|
|
|
|
|
- The SSH directory and files,
|
|
|
|
.I .ssh/*
|
|
|
|
|
2015-08-07 12:18:22 +00:00
|
|
|
- The GPG directory and files,
|
|
|
|
.I .gnupg/*
|
|
|
|
|
2015-07-14 21:39:52 +00:00
|
|
|
.B yadm
|
|
|
|
will automatically update permissions by default. This can be disabled using the
|
|
|
|
.I yadm.auto-perms
|
|
|
|
configuration.
|
|
|
|
Even if disabled, permissions can be manually updated by running
|
|
|
|
.BR yadm\ perms .
|
|
|
|
The SSH directory processing can be disabled using the
|
|
|
|
.I yadm.ssh-perms
|
|
|
|
configuration.
|
|
|
|
.SH FILES
|
2016-04-18 22:24:04 +00:00
|
|
|
The following are the default paths
|
|
|
|
.B yadm
|
|
|
|
uses for its own data.
|
|
|
|
These paths can be altered using universal options.
|
|
|
|
See the OPTIONS section for details.
|
|
|
|
.TP
|
|
|
|
.I $HOME/.yadm
|
|
|
|
The
|
|
|
|
.B yadm
|
|
|
|
directory. By default, all data
|
|
|
|
.B yadm
|
|
|
|
stores is relative to this directory.
|
2015-07-14 21:39:52 +00:00
|
|
|
.TP
|
2016-04-18 22:24:04 +00:00
|
|
|
.I $YADM_DIR/config
|
2015-07-14 21:39:52 +00:00
|
|
|
Configuration file for
|
|
|
|
.BR yadm .
|
|
|
|
.TP
|
2016-04-18 22:24:04 +00:00
|
|
|
.I $YADM_DIR/repo.git
|
2015-07-14 21:39:52 +00:00
|
|
|
Git repository used by
|
|
|
|
.BR yadm .
|
|
|
|
.TP
|
2016-04-18 22:24:04 +00:00
|
|
|
.I $YADM_DIR/encrypt
|
2015-07-14 21:39:52 +00:00
|
|
|
List of globs used for encrypt/decrypt
|
|
|
|
.TP
|
2016-04-18 22:24:04 +00:00
|
|
|
.I $YADM_DIR/files.gpg
|
2015-07-14 21:39:52 +00:00
|
|
|
All files encrypted with
|
|
|
|
.B yadm encrypt
|
|
|
|
are stored in this file.
|
|
|
|
.SH EXAMPLES
|
|
|
|
.TP
|
|
|
|
.B yadm init
|
|
|
|
Create an empty repo for managing files
|
|
|
|
.TP
|
|
|
|
.B yadm add .bash_profile ; yadm commit
|
|
|
|
Add
|
|
|
|
.I .bash_profile
|
|
|
|
to the Git index and create a new commit
|
|
|
|
.TP
|
|
|
|
.B yadm remote add origin <url>
|
|
|
|
Add a remote origin to an existing repository
|
|
|
|
.TP
|
|
|
|
.B yadm push -u origin master
|
|
|
|
Initial push of master to origin
|
|
|
|
.TP
|
|
|
|
.B echo ".ssh/*.key" >> $HOME/.yadm/encrypt
|
|
|
|
Add a new pattern to the list of encrypted files
|
|
|
|
.TP
|
|
|
|
.B yadm encrypt ; yadm add ~/.yadm/files.gpg ; yadm commit
|
|
|
|
Commit a new set of encrypted files
|
2015-07-14 12:48:47 +00:00
|
|
|
.SH REPORTING BUGS
|
2015-07-14 21:39:52 +00:00
|
|
|
Report issues or create pull requests at GitHub:
|
|
|
|
|
2016-09-08 13:08:22 +00:00
|
|
|
https://github.com/TheLocehiliosan/yadm/issues
|
2015-07-14 12:48:47 +00:00
|
|
|
.SH AUTHOR
|
2015-07-14 21:39:52 +00:00
|
|
|
Tim Byrne <sultan@locehilios.com>
|
|
|
|
.SH SEE ALSO
|
|
|
|
|
|
|
|
.BR git (1),
|
|
|
|
.BR gpg (1)
|
|
|
|
|
2016-09-08 13:08:22 +00:00
|
|
|
https://thelocehiliosan.github.io/yadm/
|