Dotfiles feel too intimate and personal to share
70 comments
·August 6, 2025justonceokay
Ezhik
I honestly just can't vibe with the "don't customize because you'll log into other servers" thing.
To me it feels like getting told to not put nice shelves in my home because other buildings don't have them.
sodapopcan
[delayed]
justonceokay
It completely depends on your work environment. My experience has been doing a lot of admin work and working with distributed databases. I probably spend a third of my day in servers that are not mine. So for me it just doesn’t make sense to make a lot of configuration changes, especially changes that will end up in my muscle memory.
Now my personal computer does have much nicer color schemes and a few plugins for code dev that I don’t carry around. But even then I try to use the defaults in my IDEs and browsers, because at this point I’m on work computer number.. 11? Configuring it is starting to get old
treve
Seems like a great opportunity to learn a bit about automating this set up. Really not hard to upload a .vim directory on a remote server for example.
stopcoffee77
Here you go
# Roaming bashrc profile
function sshrc() {
BASHRC=$(cat ${HOME}/.bashrc_roaming | base64 -w 0)
ssh -t $@ "echo \"${BASHRC}\" | base64 --decode > ~/.bashrc_roaming; \
bash --rcfile ~/.bashrc_roaming; \
rm ~/.bashrc_roaming";
}pkghost
It's bananas!
If the claim these folks make is "time spent struggling through a default config on an unfamiliar machine" > "time saved by crafting an workshop to fit your mind", then we are not the same.
(Probably, the dividing line here is time spent coding vs time spent managing infra.)
speerer
"Free and easy
That's my style
Howdy-do me?
Watch me smile
But fare-the-well me
After a while
'Cause I gotta roam
And any place I hang my hat is home"
LordDragonfang
This is the main reason that, even though I know I'd enjoy zsh, I stubbornly stick with bash. It's because I know that I will be extra frustrated when I have to log into any of the number of machines that I have to do real work on that don't have it already set up.
alisonatwork
The first UNIX account I ever got was on a BSD, and the first thing I saw in the first file I learned how to open was:
# A righteous umask
umask 22
That said, I also am unsure how best to overlap aliases and configs that are sensitive to my workplace with my everywhere config. Maybe I should have a .employer file that I source if it's there, but something about including that into my everywhere config feels decidedly not righteous.
r3trohack3r
Not just the internet but communities too. High trust societies are great to live in, digitally and physically. Leave the doors unlocked, leave keys in the ignition, leave valuables on the table when you walk away.
But high trust societies only work when the price of ongoing admission is not violating that trust.
When you accept/tolerate/expect the violation of trust the doors lock.
lcnPylGDnU4H9OF
> leave valuables on the table when you walk away
I actually do this somewhat frequently at my local game shop. Thousands of dollars' worth of Magic: The Gathering cards (because I bring multiple decks instead of just the one I'm playing) in my backpack left behind as I go to get some water or something.
> high trust societies only work when the price of ongoing admission is not violating that trust
Indeed, the reason I feel comfortable doing that is I know that nobody wants to be banned from going to that store (and they would be). In this context, the community is small enough that rumors would likely circulate at other local shops and they might also become a bit of a pariah at those other places they could play.
mh-
> unsure how best to overlap aliases and configs that are sensitive to my workplace
I have a .zshrc that sources .zshrc_mh, .zshrc_$employer, etc. That way my .zshrc is always a shareable config of sane defaults, and weird/opinionated aliases can go in my _mh, stuff particular to my employer goes in the other one, so forth.
In the past I had a more complex loading system I used (and made) that worked out of ~/.zsh.d/, but I no longer bother with all of that.
lrvick
I would strongly discourage threat modeling with vibes.
If you use Homebrew, pip, etc as part of your dotfiles then you are already trusting total internet randos to have remote code execution rights on your computer.
Those package managers operate like Wikipedia where anyone can push whatever they want without signatures or vetting from poorly secured accounts without phishing-resistant 2FA etc.
At that point you already allow anyone capable of basic phishing or sim swapping the ability to see and publish anything on your computer, so your dotfiles being public should be the least of your concerns.
kernc
Too personal to share, but maybe too personal and important to share even with the members of the cloudy cartel, i.e. the Providers. Is exactly why I wrote myba that does full contents and paths encryption before syncing with the lapsable remotes ...
Some things are better public. Some are not ...
tecleandor
That looks nice!
The moment I started syncing dotfiles between my work and personal computers, I know it was an error because very different reasons. Difficulty of maintaining different OS details (Linux vs MacOS). What if leaked a private key or a sensible path. What if a pushed to the wrong place or somebody made public the wrong repository...
When reading your comment something and idea came to mind about using something like sops to encrypt paths, passwords and keys. But I'll check yours first, so to avoid to construct a bunch of stuff that you've already done :D
stopcoffee77
thank you, I will take a very intimate look at your codebase and probably vibe-code parts of it into this to-be-cleaned-up ugly codebase!
https://github.com/canvas-ai/canvas-cli/blob/main/src/comman...
canvas dot
Dotfiles:
● username@localhost:universe
● /home/username/Wallpaper.jpg → work/customer/wallpaper.jpgthewisenerd
this reminds me of public repos of pass [1] i've seen in the wild
same issue of intimacy, the paths aren't encrypted.
twp
It's not a question of share everything or share nothing - with https://chezmoi.io you can choose exactly what you want to share:
* You can keep your entire dotfile repo secret by using any private git hosting, including your own git hosting or a private GitHub repo.
* You can keep individual files secret by using age or gpg encryption. If you repo is public, this only reveals the existence of the file, not its contents.
* You can keep individual parts of your dotfiles secrets, e.g. API keys, by encrypting them or storing them in your password manager. All popular password managers are supported.
Disclaimer: I'm the author of chezmoi.
kjuulh
Chezmoi has been a blessing to use. It is one of the only tools I've used that had been able to survive me neclecting it for months and then getting back to it. I'd love a more interactive diff when my dotfiles have driften too much. But otherwise it is perfect for my needs.
tecleandor
I used chezmoi briefly yeeeeeears ago, and I think it didn't have the 'encrypt only parts of the files' feature yet. I might test it again :)
sodapopcan
I'll never understand people not wanting to share their dots. Obviously you have to have a way to not share the private stuff of which there are many simple solutions, but I've learned so much from reading other peoples. To each their own, of course.
err4nt
I think the key is that dotfiles are a different genre of (code) writing than production code, with different investment, different motivations, different pain points and histories, and a sensitivity to the author that's not required when analyzing production code. You're looking into someone's daily writings, not their polished releases.
I think the fear is scrutiny, rejection, mockery for something that clearly works for you and you don't ever expect anyone else to use. But also partly that it's exposure without much reward in return. All these feelings are normal and it's fine to share or not share them. Just please honour the authors of the dotfiles you read even if you wouldn't ever think to use code in the way they do!
QuercusMax
I'm sure I have stupid and weird stuff in my dotfiles. At one point I had bash set up so if I typed something like "gi tlog" it would fix it for me; this is obviously not something that everybody needs because it's due to my idiosyncratic typing-too-fast.
I've been using Unix systems since last century; my standard way to do a find-and-replace in a file is still 'perl -pi -e s/foo/bar/ filename.txt'; I've been writing that for 25 years and I'm unlike to stop any time soon unless perl stops working. I'm sure there's a better way to do this, but :shrug:?
cipehr
I feel similarly. For me it’s less about my unique customizations and more about this paranoia of there being something remotely sensitive in my ssh configs or something… the idea of hostnames, ips, domains, etc “leaking” worries me.
I use chezmoi to manage my dotfiles, if anyone has any advice on how to handle these worries I am all ears. I would love to share mine, even to just be able to point coworkers at my config.
phailhaus
I get around that by sourcing a separate file in my config that I don't make public. Those are my company-specific settings.
nobleach
My dots are open to anyone who cares to view my GitHub. I do tend to keep employer specific aliases/stuff in an `.employer.zsh` file that is sourced by my main `.zshrc`. But my NeoVim config is completely open for inspection. I'm not doing anything all that extraordinary though. I don't share my dots on Reddit simply because I don't feel like using my real identity on that platform.
When it comes to consuming the dots of others, I just switched to AxOS for Linux... and am auditioning Celestia (https://github.com/caelestia-dots/shell). This means that in 3 months, my desktop will likely look like everyone else's. I probably won't even commit any of this as it's not really my stuff.
petepete
Similarly, I have two sets of dotfiles, a public one and a private one (hosted on my own server).
Somehow, 11 people have starred my public ones on GitHub.
Insanity
That actually looks pretty cool. Might have to play around a bit with Caelestia as well.
trostaft
Thanks for the reference, that looks incredible.
incognito124
I truly appreciate people sharing their dotfiles, I learned so much about vim and zsh just by reading other people's configuration alone (and the occasional comments there).
Also, the quality of life improvements like `alias ..='cd ..'`, or mapping `l` such that it either opens a pager or lists a dir, depending on the argument. I'd never come up with those, and they're beyond useful.
CMCDragonkai
I've been keeping my personal .dotfiles publically for the past decade. https://github.com/cmcdragonkai/.dotfiles-nixos.
But I do agree that secrets need to be handled carefully. Look at my list of `.gitignore`! But (I'm biased of course) I would recommend using Polykey to manage your secrets instead leaving any trace of things on disk.
alexandroqc
I used to use chezmoi and had a great experience with it .It made it easy to choose exactly what I wanted to share. These days, I don’t have many devices, so I stopped using it. Still, it feels great when someone asks, “How did you set that up?” and I can instantly share my entire configuration through a GitHub repo.
dayjah
I found the syncing process in chezmoi to be so hard to mentally model.
I’d often change a file, forget that it was backed by the chezmoi store, later find myself trying to reconcile the differences, just so I could commit and share w/ another computer. nix + home-manager and snowfall lib, once over the multi month ramp up, have been such a breath of fresh air in multi system management
zeppelin101
This command solve the problem for me: https://www.chezmoi.io/reference/commands/merge-all/
Installing a (read: many) custom vim plugins and color scheme and screen version and etc… stops being fun about the third time you have to log into a nameless server. That being said, there are some settings that I absolutely cannot live without; `j=gj` being a good example in vim.
IMO your dot files are only useful to share if they are usable with the default software of the place you’ve shared them to. Otherwise they become a prison that forces you to install all your special versions and plugins and scripts and etc. on the other hand, I felt like making my dotfiles easy to share forced me to use as many default settings as possible, which in the long run saves me a lot of time and energy.
“The only zen you’ll find on a mountain top is the zen you brought with you” is one of my favorite sayings, and in a weird way I find it fitting here. If you learn to love the default settings then every server feels like home.