Secret data I don't really want in version control at all, regardless of whether it's encrypted this includes weechat’s sec.conf, X.509, gpg, ssh keys etc.

I store these offline but at two different physical sites. They very rarely change so I don't need to put them in a VCS.

I am concerned private details like domains, addresses can be used to map me and my network.

- Public version, (generic configs documentation addresses etc)

- Private version, (specific to me)

- I will only push the private repo to my own git server.

I looked at the bare repo method[1]. Some of my servers/VMs have files deployed to /etc so I don't think this would really work.

I am hoping that friends can make their own private versions from my public version. If they had a suggestion they thought I might like, they could check out a copy of the public version, branch that, and send a PR back.

Current idea[2] (graphviz[3])

1) Am I overthinking this? I am a bit of a git-noob.

2) Would there be any dotfile tools[4] that might help make things easier? When I used stow, I didn’t ever make an instal script, so that will be a big job. I looked at yadm[5] it sort of sounds like it could be appropriate.

3) Should I should use a more fully fledged Configuration Management Software. I think Ansible might be nice, the YAML playbooks look really easy. I had seen some examples that used SaltStack too. I could also further get this to run pacman, apt-get, yum etc.

4) Which out of Ansible or SaltStack? Which should I try.

Any other suggestions welcome!

[1] https://developer.atlassian.com/blog/2016/02/best-way-to-store-dotfiles-git-bare-repo/

[2] https://i.imgur.com/M752hnu.png

[3] https://pastebin.com/173xcQKJ

[4] https://wiki.archlinux.org/index.php/Dotfiles#Tools

[5] https://thelocehiliosan.github.io/yadm/docs/bootstrap