Create an account


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Fedora - Take back your dotfiles with Chezmoi

#1
Take back your dotfiles with Chezmoi

<div><p>In Linux, dotfiles are hidden text files that are used to store various configuration settings for many such as Bash and Git to more complex applications like i3 or VSCode. </p>
<p>Most of these files are contained in the <em>~/.config </em>directory or right in the home directory. Editing these files allows you to customize applications beyond what a settings menu may provide, and they tend to be portable across devices and even other Linux distributions. But one talking point across the Linux enthusiast community is how to manage these dotfiles and how to share them. </p>
<p>We will be showcasing a tool called <a href="https://www.chezmoi.io/">Chezmoi</a> that does this task a little differently from the others. </p>
<h2>The history of dotfile management </h2>
<p>If you search <a href="https://github.com/search?q=dotfiles&amp;type=Repositories">GitHub for dotfiles</a>, what you will see are over 100k repositories after one goal: Store people’s dotfiles in a shareable and repeatable manor. However, other than using git, they store their files differently. </p>
<p>While Git has solved code management problems that also translates to config file management, It does not solve how to separate between distributions, roles (such as home vs work computers) secrets management, and per device configuration. </p>
<p>Because of this, many users decide to craft their own solutions, and the community has responded with multiple answers over the years. This article will briefly cover some of the solutions that have been created. </p>
<h3>Experiment in an isolated environment</h3>
<p>Do you want to try these below solutions quickly in a contained environment? Run:</p>
<pre class="wp-block-preformatted">$ podman run --rm -it fedora</pre>
<p>… to create a Fedora container to try the applications in. This container will automatically delete itself when you exit the shell.</p>
<h3>The install problem</h3>
<p>If you store your dotfiles in Git repository, you will want to make it easy for your changes to automatically be applied inside your home directory, the easiest way to do this at first glance is to use a symlink, such as <em>ln -s ~/.dotfies/bashrc ~/.bashrc</em>. This will allow your changes to take place instantly when your repository is updated.</p>
<p>The problem with symlinks is that managing symlinks can be a chore. Stow and <a href="https://fedoramagazine.org/managing-dotfiles-rcm/">RCM (covered here on Fedora Magazine)</a> can help you manage those, but these are not seamless solutions. Files that are private will need to be modified and chmoded properly after download. If you revamp your dotfiles on one system, and download your repository to another system, you may get conflicts and require troubleshooting. </p>
<p>Another solution to this problem is writing your own install script. This is the most flexible option, but has the tradeoff of requiring more time into building a custom solution.</p>
<h3>The secrets problem</h3>
<p>Git is designed to track changes. If you store a secret such as a password or an API key in your git repository, you will have a difficult time and will need to rewrite your git history to remove that secret. If your repository is public, your secret would be impossible to recover if someone else has downloaded your repository. This problem alone will prevent many individuals from sharing their dotfiles with the public world.</p>
<h3>The multi-device config problem</h3>
<p>The problem is not pulling your config to multiple devices, the problem is when you have multiple devices that require different configuration. Most individuals handle this by either having different folders or by using different forks. This makes it difficult to share configs across the different devices and role sets </p>
<h2>How Chezmoi works</h2>
<p>Chezmoi is a tool to manage your dotfiles with the above problems in mind, it doesn’t blindly copy or symlink files from your repository. Chezmoi acts more like a template engine to generate your dotfiles based on system variables, templates, secret managers, and Chezmoi’s own config file.</p>
<h3>Getting Started with Chezmoi</h3>
<p>Currently Chezmoi is not in the default repositories. You can download the current version of Chezmoi as of writing with the following command.</p>
<pre class="wp-block-preformatted">$ sudo dnf install https://github.com/twpayne/chezmoi/relea...4.rpm</pre>
<p>This will install the pre-packaged RPM to your system.</p>
<p>Lets go ahead and create your repository using:</p>
<pre class="wp-block-preformatted">$ chezmoi init</pre>
<p>It will create your new repository in <em>~/.local/share/chezmoi/</em>. You can easily cd to this directory by using:</p>
<pre class="wp-block-preformatted">$ chezmoi cd</pre>
<p>Lets add our first file: </p>
<pre class="wp-block-preformatted">chezmoi add ~/.bashrc </pre>
<p>… to add your bashrc file to your chezmoi repository.</p>
<p>Note: if your bashrc file is actually a symlink, you will need to add the -f flag to follow it and read the contents of the real file. </p>
<p>You can now edit this file using:</p>
<pre class="wp-block-preformatted">$ chezmoi edit ~/.bashrc</pre>
<p>Now lets add a private file, This is a file that has the permissions 600 or similar. I have a file at .ssh/config that I would like to add by using</p>
<pre class="wp-block-preformatted">$ chezmoi add ~/.ssh/config</pre>
<p>Chezmoi uses special prefixes to keep track of what is a hidden file and a private file to work around Git’s limitations. Run the following command to see it:</p>
<pre class="wp-block-preformatted">$ chezmoi cd</pre>
<p><strong>Do note that files that are marked as private are not actually private, they are still saved as plain text in your git repo. More on that later.</strong></p>
<p>You can apply any changes by using:</p>
<pre class="wp-block-preformatted">$ chezmoi apply</pre>
<p>and inspect what is different by using</p>
<pre class="wp-block-preformatted">$ chezmoi diff</pre>
<h3>Using variables and templates</h3>
<p>To export all of your data Chezmoi can gather, run:</p>
<pre class="wp-block-preformatted">$ chezmoi data</pre>
<p>Most of these are information about your username, arch, hostname, os type and os name. But you can also add our own variables.</p>
<p>Go ahead and run: </p>
<pre class="wp-block-preformatted">$ chezmoi edit-config</pre>
<p>… and input the following:</p>
<pre class="wp-block-preformatted">[data] email = "[email protected]" name = "Fedora Mcdora"</pre>
<p>Save your file and run chezmoi data again. You will see on the bottom that your email and name are now added. You can now use these with templates with Chezmoi. Run:</p>
<pre class="wp-block-preformatted">$ chezmoi add -T --autotemplate ~/.gitconfig</pre>
<p>… to add your gitconfig as a template into Chezmoi. If Chezmoi is successful in inferring template correctly, you could get the following:</p>
<pre class="wp-block-preformatted">[user] email = "{{ .email }}" name = "{{ .name }}"</pre>
<p> If it does not, you can change the file to this instead.</p>
<p>Inspect your file with:</p>
<pre class="wp-block-preformatted">$ chezmoi edit ~/.gitconfig</pre>
<p>After using</p>
<pre class="wp-block-preformatted">$ chezmoi cat ~/.gitconfig</pre>
<p>… to see what chezmoi will generate for this file. My generated example is below:</p>
<pre class="wp-block-preformatted">[root@a6e273a8d010 ~]# chezmoi cat ~/.gitconfig [user] email = "[email protected]" name = "Fedora Mcdora" [root@a6e273a8d010 ~]# </pre>
<p>It will generate a file filled with the variables in our chezmoi config. <br />You can also use the varibles to perform simple logic statements. One example is:</p>
<pre class="wp-block-preformatted">{{- if eq .chezmoi.hostname "fsteel" }}
# this will only be included if the host name is equal to "fsteel"
{{- end }}</pre>
<p>Do note that for this to work the file has to be a template. You can check this by seeing if the file has a “.tmpl” appended to its name on the file in <em>chezmoi cd</em>, or by readding the file using the -T option</p>
<h3>Keeping secrets… secret</h3>
<p>To troubleshoot your setup, use the following command.</p>
<pre class="wp-block-preformatted">$ chezmoi doctor </pre>
<p>What is important here is that it also shows you the <a href="https://www.chezmoi.io/docs/how-to/#keep-data-private">password managers it supports</a>.</p>
<pre class="wp-block-preformatted">[root@a6e273a8d010 ~]# chezmoi doctor warning: version dev ok: runtime.GOOS linux, runtime.GOARCH amd64 ok: /root/.local/share/chezmoi (source directory, perm 700) ok: /root (destination directory, perm 550) ok: /root/.config/chezmoi/chezmoi.toml (configuration file) ok: /bin/bash (shell) ok: /usr/bin/vi (editor) warning: vimdiff (merge command, not found) ok: /usr/bin/git (source VCS command, version 2.25.1)
<strong> ok: /usr/bin/gpg (GnuPG, version 2.2.18) warning: op (1Password CLI, not found) warning: bw (Bitwarden CLI, not found) warning: gopass (gopass CLI, not found) warning: keepassxc-cli (KeePassXC CLI, not found) warning: lpass (LastPass CLI, not found) warning: pass (pass CLI, not found) warning: vault (Vault CLI, not found)</strong> [root@a6e273a8d010 ~]# </pre>
<p>You can use either of these clients, or a <a href="https://www.chezmoi.io/docs/how-to/#use-a-generic-tool-to-keep-your-secrets">generic client</a>, or your system’s <a href="https://www.chezmoi.io/docs/how-to/#use-a-keyring-to-keep-your-secrets">Keyring</a>.</p>
<p>For GPG, you will need to add the following to your config using:</p>
<pre class="wp-block-preformatted">$ chezmoi edit-config</pre>
<pre class="wp-block-preformatted">[gpg] recipient = "&lt;Your GPG keys Recipient"</pre>
<p>You can use:</p>
<pre class="wp-block-preformatted">$ chezmoi add --encrypt</pre>
<p>… to add any files, these will be encrypted in your source respository and not exposed to the public world as plain text. Chezmoi will automatically decrypt them when applying.</p>
<p>We can also use them in templates. For example, a secret token stored in <a href="https://fedoramagazine.org/using-pass-to-manage-your-passwords-on-fedora/">Pass (covered on Fedora Magazine)</a>. Go ahead and generate your secret.</p>
<p>In this example, it’s called “githubtoken”:</p>
<pre class="wp-block-preformatted">rwaltr@fsteel:~] $ pass ls Password Store └── githubtoken [rwaltr@fsteel:~] $ </pre>
<p>Next, edit your template, such as your .gitconfig we created earlier and add this lines. </p>
<pre class="wp-block-preformatted">token = {{ pass "githubtoken" }}</pre>
<p>Then lets inspect using<em>:</em></p>
<pre class="wp-block-preformatted">$ chezmoi cat ~/.gitconfig</pre>
<pre class="wp-block-preformatted">[rwaltr@fsteel:~] $ chezmoi cat ~/.gitconfig This is Git's per-user configuration file. [user] name = Ryan Walter email = [email protected] token = mysecrettoken [rwaltr@fsteel:~] $ </pre>
<p>Now your secrets are properly secured in your password manager, your config can be publicly shared without risk! </p>
<h2>Final notes</h2>
<p>This is only scratching the surface. Please check out <a href="https://www.chezmoi.io/">Chezmoi’s website</a> for more information. The author also has his <a href="https://github.com/twpayne/dotfiles">dotfiles public</a> if you are looking for more examples on how to use Chezmoi.</p>
</div>


https://www.sickgaming.net/blog/2020/04/...h-chezmoi/
Reply



Forum Jump:


Users browsing this thread:
1 Guest(s)

Forum software by © MyBB Theme © iAndrew 2016