The author configures lots of syncing by setting the location of config files, I do it by setting up a whitelist based gitignore in my homedir:
*
!.gitignore
!.bashrc
!.ssh/authorized_keys
It's fast (comparative to a blacklist based 'git status' scan) and less work :)
On a sidenote, I'm curious about the security implications of the git repository - if the git host the service is breached, as far as I known there's really nothing stopping the actor leveraging access to achieve code execution on my host right?
I'm aware of commit signing but in the context of a raw git directory synced over ssh an attacker could create and use any valid signature key to commit to the repo. Hosting on Gitlab/Github would require a breach or significant abuse of security controls, but is still possible, too.
So you have a gitignore that says "ignore everything except these three files" -- what does that do? Is it supposed to replace the line where he curls those files to github? Isn't it awkward having all your other git repos in your home dir be under that git repo?
> what does that do? Is it supposed to replace the line where he curls those files to github
No, it is for synchronization. See the article sections titled 'SSH: Move Your SSH Config File Into a Synced Folder' and 'Extra Credit'.
> So you have a gitignore that says "ignore everything except these three files" -- what does that do?
My gitignore is upwards of 100 files, but allows me to track changes and synchronize configurations across hosts, which I do often as I often work in short-lived graphical VMs and across multiple hosts. Using a whitelist of tracked files means 'git status' wont take seconds/minutes to scan the entire directory tree under my homedir which seemed to be the case when using a blacklist when I initially configured it.
> Isn't it awkward having all your other git repos in your home dir be under that git repo?
It breaks stuff like `git add -A` which I haven't fully solved, but don't really feel the need to - most of my commits are 2-3 files at most and I'd prefer to be aware of exactly what's being committed for the additional minor overhead.
There's other alternatives, like rsync, which solve entire tree synchronization but that's not what I'd normally like to do as my ultraportable has a 128gb SSD and my daily driver is a 2TB laptop. I'd be open to hear other suggestions, but at this point git is a convenient and flexible solution that works well in my environment :)
Edit, I inadvertently stripped out the subdir whitelist, without it subdirectory files are completely ignored irrespective of whitelist flagging. I don't understand why it works, but it works. The gitignore should be:
On a sidenote, I'm curious about the security implications of the git repository - if the git host the service is breached, as far as I known there's really nothing stopping the actor leveraging access to achieve code execution on my host right?
I'm aware of commit signing but in the context of a raw git directory synced over ssh an attacker could create and use any valid signature key to commit to the repo. Hosting on Gitlab/Github would require a breach or significant abuse of security controls, but is still possible, too.