Dotfiles #
Linux configuration files
Dotfiles (named after the folder where they’re located .config) are used in Linux to configure programs by text-based files.
nvim #
neovim
Shell and Git Aliases #
Aliases are used to simplify commands and make them more accessible. Often used commands can be bundled into one or specific options/parameters and be used as default.
alias hx="helix"
alias v="NVIM_APPNAME=nvim-vanilla nvim"
alias oil="nvim -c Oil" # start nvim with oil, to edit current directory and files
alias gw="ghostwriter"
alias clock="peaclock --config-dir ~/.config/peaclock" # cli-clock
alias cp="cp -r" # always copy recursive
alias py="python3"
alias term="kitty . &; disown" # open a new terminal at the same location
alias hugo-server="(cd ~/code/bitSheriff.github.io && hugo server --buildDrafts)" # hugo server
alias neofetch="fastfetch"
alias sshs="sshs --config ~/.ssh/hosts" # use own file for the SSH Hosts
alias open="xdg-open" # open file with standard program
alias cat="bat" # better cat command
alias dots="cd $DOTFILES_DIR" # change to the dotfiles directory
alias cd!='cd $(fd --type d --hidden --exclude .git | fzf --ignore-case --no-preview )' # change directory with fuzzy finder
alias go2conf="cd ~/.config"
alias go2code="cd ~/code"
alias iqalc="qalc -i" # interactive mode of Qalculator
alias typo="typora"
alias calc="qalc"
Secrets #
Secrets, are configurations, which are not meant to be shared with others. Like API keys, passwords, etc.
The secrets are located in the same directory as the normal configuration files. So how are they secured?
They are handled by the secrets/secrets.sh script, by encrypting them with age1. Only the encrypted secrets are stored in the repository. Further, a key-file is used to decrypt them and link the real files.
Which files are secrets?
Well, this depends on the user’s needs. You can easily define them in the setup/secret_files.txt file.
Problem: Because the encrypted file is stored in the repository, they will be always changed, because encrypting them will result in a different hash (for security reasons). So I built a check which creates a hash of the decrypted file and if this hash is different from the real file, you need to encrypt them again.
Additionally, I do the same with the encrypted .age file, this way I can check if the secret was updated on the remote server, and I have to update my local file by decrypting it.
| Local Change | Remote Change | Action |
|---|---|---|
false |
false |
do nothing |
false |
true |
remote update $\to$ decrypt |
true |
false |
local update $\to$ encrypt |
true |
true |
shit |
If both the local and the remote files are changed, we have a real problem. So the only option is to decrypt the remote file to another filename and merge them manually. But I am working on a solution for this.
For the secrets to work, you will need to set the environment variable AGE_KEY_DOTFILES to the path of the key file.
export AGE_KEY_DOTFILES=$HOME/.age/dotfiles.key
obviously this file is not checked into git…
[!TIP] if you want to use secure your age-keys, you can encrypt them with a passphrase
age-keygen | age -p > key.ageeverytime you use this identity file (aka the key), you will be prompted for the passphrase
Because I don’t want to rely on a single service like GitHub, I use the decentralized approach of git and push to multiple services at once. So even if one service goes down, my files are still safe.