my vcsh setup
I've come to rely a lot on vcsh lately. It's a Version Control System for $HOME based on git. It allows me to use git to manage my "dotfiles" (like .zshrc, .vimrc, etc.) but also any file I consider an important part of my $HOME setup. It also allows me to share this setup between multiple computers.
For example, I also manage my ~/bin/
directory with custom scripts I use a lot, ~/config/
where I keep configuration files (like my favorite Terminal.app configuration), a text file I call "recipies" where I paste interesting snippets of code I should always have handy, and ~config/Licenses/
where I keep licenses of applications I've purchesed.
vcsh allows you to split all these files in multiple repostitories and the documentation examples favor using separate repositories for zsh, gitconfigs, vim, etc. I would suggest you stick to one, unless you have a really good reason not to: For example, if some of the files are shared between more than one users --which would actually be a very interesting use case, say sharing an application configuration between members of a team. Anyway, I've sticked to one repo.
I also wanted to have a remote git repository that would allow me to sync my vcsh configurations between computers more easily, and also set up a new working environment with minimal effort. My first thought was Github, but I didn't want my whole setup to be public. So I tried Bitbucket: It had been some time since the last time I was there, and I have to admit they have improved the feel of their service a lot, plus they offer unlimited private repos even on the free plan (if you are looking for a place to host your project repositories, do have a look at what they offer).
In addition to using a private repository, I took some extra measures to protect some very sensitive information. I mean, a "private repo" is just a repo that the server asks for authentication before allowing access. The server admins, a hacker, or even someone that guessed/stole my password can see anything in it. So, I encrypt anything I consider sensitive using AES256, and I add to vcsh the encrypted versions (no diffs obviously, but I can live without them in this case).
# Encrypt and decrypt "file":
openssl aes-256-cbc -salt -in file -out file.aes
openssl aes-256-cbc -d -salt -in file.aes -out file
To make it even easier, I use the following script (located in~/bin/
)
#! /usr/bin/env bash
# mycrypt.sh -e|-d <file>
ACTION=$1
SOURCE=$2
if [ "${ACTION}" == "" ] || [ "${SOURCE}" == "" ]; then
echo "mycrypt.sh -e|-d <file>"
exit 1
fi
if [ ! -f "${SOURCE}" ]; then
echo $SOURCE is not a file.
exit 1
fi
if [ "${ACTION}" == '-d' ]; then
echo Decrypting $SOURCE...
if [ ${SOURCE##*.} == 'aes' ] ; then
TARGET=${SOURCE%.*}
openssl aes-256-cbc -d -salt -in $SOURCE -out $TARGET
else
echo "Source file must have .aes extension."
echo "Exiting."
exit 1
fi
elif [ "${ACTION}" == '-e' ]; then
echo Encrypting $SOURCE
openssl aes-256-cbc -salt -in $SOURCE -out $SOURCE.aes
else
echo "mycrypt.sh -e|-d <file>"
fi
One last thing. I share my setup between Linux and OS X computers and some of the settings are different. I prefer to keep them both in one file and execute them depending on the value returned by uname
. For example:
THISHOST=`uname`
echo $THISHOST
if [ $THISHOST = 'Darwin' ] ; then
echo "OS X Section"
# code for OS X goes here.
fi
if [ $THISHOST = 'Linux' ] ; then
echo "Linux Section."
# code for Linux goes here
fi
echo "Shared code."
# Shared code goes here.