SYNOPSIS
yadm command [options]yadm git-command-or-alias [options]
yadm init [-f] [-w directory]
yadm clone url [-f] [-w directory]
yadm config name [value]
yadm config [-e]
yadm list [-a]
yadm encrypt
yadm decrypt [-l]
yadm alt
yadm perms
DESCRIPTION
yadm is a tool for managing a collection of files across multiple computers, using a shared Git repository. In addition, yadm provides a feature to select alternate versions of files based on the operation system or host name. Lastly, yadm supplies the ability to manage a subset of secure files, which are encrypted before they are included in the repository.COMMANDS
- git-command or git-alias
-
Any command not internally handled by
yadm
is passed through to
git(1).
Git commands or aliases are invoked with the
yadm
managed repository.
The working directory for git commands will be the configured
work-tree (usually
$HOME).
Dotfiles are managed by using standard git commands; add, commit, push, pull, etc.
The config command is not passed directly through. Instead use the gitconfig command (see below).
- alt
- Create symbolic links for any managed files matching the naming rules describe in the ALTERNATES section. It is usually unnecessary to run this command, as yadm automatically processes alternates by default. This automatic behavior can be disabled by setting the configuration yadm.auto-alt to "false".
- clone url
-
Clone a remote repository for tracking dotfiles.
After the contents of the remote repository have been fetched, a "merge" of
origin/master
is attempted.
If there are conflicting files already present in the
work-tree,
this merge will fail and instead a "reset" of
origin/master
will be done.
It is up to the user to resolve these conflicts,
but if the desired action is to have the contents in the repository overwrite the existing files,
then a "hard reset" should accomplish that:
-
- yadm reset --hard origin/master
-
- The repository is stored in $HOME/.yadm/repo.git. By default, $HOME will be used as the work-tree, but this can be overridden with the -w option. yadm can be forced to overwrite an existing repository by providing the -f option.
- config
- This command manages configurations for yadm. This command works exactly they way git-config(1) does. See the CONFIGURATION section for more details.
- decrypt
- Decrypt all files stored in $HOME/.yadm/files.gpg. Files decrypted will be relative to the configured work-tree (usually $HOME). Using the -l option will list the files stored without extracting them.
- encrypt
- Encrypt all files matching the patterns found in $HOME/.yadm/encrypt. See the ENCRYPTION section for more details.
- gitconfig
-
Pass options to the
git config
command. Since
yadm
already uses the
config
command to manage its own configurations,
this command is provided as a way to change configurations of the repository managed by
yadm.
One useful case might be to configure the repository so untracked files are shown in status commands.
yadm
initially configures its repository so that untracked files are not shown.
If you wish use the default git behavior (to show untracked files and directories), you can remove this configuration.
-
- yadm gitconfig --unset status.showUntrackedFiles
-
- help
- Print a summary of yadm commands.
- init
- Initialize a new, empty repository for tracking dotfiles. The repository is stored in $HOME/.yadm/repo.git. By default, $HOME will be used as the work-tree, but this can be overridden with the -w option. yadm can be forced to overwrite an existing repository by providing the -f option.
- list
- Print a list of files managed by yadm. The -a option will cause all managed files to be listed. Otherwise, the list will only include files from the current directory or below.
- perms
- Update permissions as described in the PERMISSIONS section. It is usually unnecessary to run this command, as yadm automatically processes permissions by default. This automatic behavior can be disabled by setting the configuration yadm.auto-perms to "false".
- version
- Print the version of yadm.
OPTIONS
yadm supports a set of universal options that alter the paths it uses. The default paths are documented in the FILES section. Any path specified by these options must be fully qualified. If you always want to override one or more of these paths, it may be useful to create an alias for the yadm command. For example, the following alias could be used to override the repository directory.
- alias yadm='yadm --yadm-repo /alternate/path/to/repo'
The following is the full list of universal options. Each option should be followed by a fully qualified path.
- -Y,--yadm-dir
- Override the yadm directory. yadm stores its data relative to this directory.
- --yadm-repo
- Override the location of the yadm repository.
- --yadm-config
- Override the location of the yadm configuration file.
- --yadm-encrypt
- Override the location of the yadm encryption configuration.
- --yadm-archive
- Override the location of the yadm encrypted files archive.
CONFIGURATION
yadm uses a configuration file named $HOME/.yadm/config. This file uses the same format as git-config(1). Also, you can control the contents of the configuration file via the yadm config command (which works exactly like git-config). For example, to disable alternates you can run the command:
- yadm config yadm.auto-alt false
The following is the full list of supported configurations:
- yadm.auto-alt
- Disable the automatic linking described in the section ALTERNATES. If disabled, you may still run yadm alt manually to create the alternate links. This feature is enabled by default.
- yadm.auto-perms
- Disable the automatic permission changes described in the section PERMISSIONS. If disabled, you may still run yadm perms manually to update permissions. This feature is enabled by default.
- yadm.ssh-perms
- Disable the permission changes to $HOME/.ssh/*. This feature is enabled by default.
- yadm.gpg-perms
- Disable the permission changes to $HOME/.gnupg/*. This feature is enabled by default.
- yadm.gpg-recipient
- Asymmetrically encrypt files with a gpg public/private key pair. Provide a "key ID" to specify which public key to encrypt with. The key must exist in your public keyrings. If left blank or not provided, symmetric encryption is used instead. If set to "ASK", gpg will interactively ask for recipients. See the ENCRYPTION section for more details. This feature is disabled by default.
ALTERNATES
When managing a set of files across different systems, it can be useful to have an automated way of choosing an alternate version of a file for a different operation system, host, or user. yadm implements a feature which will automatically create a symbolic link to the appropriate version of a file, as long as you follow a specific naming convention. yadm can detect files with names ending in:
- ## or ##OS or ##OS.HOSTNAME or ##OS.HOSTNAME.USER
If there are any files managed by yadm's repository which match this naming convention, symbolic links will be created for the most appropriate version. This may best be demonstrated by example. Assume the following files are managed by yadm's repository:
- $HOME/path/example.txt##
- $HOME/path/example.txt##Darwin
- $HOME/path/example.txt##Darwin.host1
- $HOME/path/example.txt##Darwin.host2
- $HOME/path/example.txt##Linux
- $HOME/path/example.txt##Linux.host1
- $HOME/path/example.txt##Linux.host2
If running on a Macbook named "host2", yadm will create a symbolic link which looks like this:
$HOME/path/example.txt -> $HOME/path/example.txt##Darwin.host2
However, on another Mackbook named "host3", yadm will create a symbolic link which looks like this:
$HOME/path/example.txt -> $HOME/path/example.txt##Darwin
Since the hostname doesn't match any of the managed files, the more generic version is chosen.
If running on a Linux server named "host4", the link will be:
$HOME/path/example.txt -> $HOME/path/example.txt##Linux
If running on a Solaris server, the link use the default "##" version:
$HOME/path/example.txt -> $HOME/path/example.txt##
If no "##" version exists and no files match the current OS/HOSTNAME/USER, then no link will be created.
OS is determined by running uname -s, HOSTNAME by running hostname -s, and USER by running id -u -n. yadm will automatically create these links by default. This can be disabled using the yadm.auto-alt configuration. Even if disabled, links can be manually created by running yadm alt.
ENCRYPTION
It can be useful to manage confidential files, like SSH or GPG keys, across multiple systems. However, doing so would put plain text data into a Git repository, which often resides on a public system. yadm implements a feature which can make it easy to encrypt and decrypt a set of files so the encrypted version can be maintained in the Git repository. This feature will only work if the gpg(1) command is available.To use this feature, a list of patterns must be created and saved as $HOME/.yadm/encrypt. This list of patterns should be relative to the configured work-tree (usually $HOME). For example:
-
.ssh/*.key
.gnupg/*.gpg
The yadm encrypt command will find all files matching the patterns, and prompt for a password. Once a password has confirmed, the matching files will be encrypted and saved as $HOME/.yadm/files.gpg. The patterns and files.gpg should be added to the yadm repository so they are available across multiple systems.
To decrypt these files later, or on another system run yadm decrypt and provide the correct password. After files are decrypted, permissions are automatically updated as described in the PERMISSIONS section.
Symmetric encryption is used by default, but asymmetric encryption may be enabled using the yadm.gpg-recipient configuration.
NOTE: It is recommended that you use a private repository when keeping confidential files, even though they are encrypted.
PERMISSIONS
When files are checked out of a Git repository, their initial permissions are dependent upon the user's umask. This can result in confidential files with lax permissions.To prevent this, yadm will automatically update the permissions of confidential files. The "group" and "others" permissions will be removed from the following files:
- $HOME/.yadm/files.gpg
- All files matching patterns in $HOME/.yadm/encrypt
- The SSH directory and files, .ssh/*
- The GPG directory and files, .gnupg/*
yadm will automatically update permissions by default. This can be disabled using the yadm.auto-perms configuration. Even if disabled, permissions can be manually updated by running yadm perms. The SSH directory processing can be disabled using the yadm.ssh-perms configuration.
FILES
The following are the default paths yadm uses for its own data. These paths can be altered using universal options. See the OPTIONS section for details.- $HOME/.yadm
- The yadm directory. By default, all data yadm stores is relative to this directory.
- $YADM_DIR/config
- Configuration file for yadm.
- $YADM_DIR/repo.git
- Git repository used by yadm.
- $YADM_DIR/encrypt
- List of globs used for encrypt/decrypt
- $YADM_DIR/files.gpg
- All files encrypted with yadm encrypt are stored in this file.
EXAMPLES
- yadm init
- Create an empty repo for managing files
- yadm add .bash_profile ; yadm commit
- Add .bash_profile to the Git index and create a new commit
- yadm remote add origin <url>
- Add a remote origin to an existing repository
- yadm push -u origin master
- Initial push of master to origin
- echo .ssh/*.key >> $HOME/.yadm/encrypt
- Add a new pattern to the list of encrypted files
- yadm encrypt ; yadm add ~/.yadm/files.gpg ; yadm commit
- Commit a new set of encrypted files