a6296da5df
- hosts/etqc-kenjim-11.bashrc.local: per-host local config for work server, managed from kenjim-mbp and deployed via 'dotfiles deploy-to'. Credentials replaced with CHANGEME placeholders — set real values on server after first deploy, never commit actual secrets. - dotfiles_manager.sh: deploy-to step 5 auto-detects hosts/<hostname>.bashrc.local and SCPs it to ~/.bashrc.local on the remote (with backup of existing file) - .gitignore: clarify that hosts/*.bashrc.local is intentionally tracked (existing .bashrc.local rule only matches the exact filename) - README.md: document hosts/ layout, workflow, and credential placeholder strategy
43 lines
959 B
Plaintext
43 lines
959 B
Plaintext
# macOS
|
|
.DS_Store
|
|
.DS_Store?
|
|
._*
|
|
|
|
# Backup artifacts
|
|
*.bak
|
|
*.orig
|
|
|
|
# SSH private keys — never commit unencrypted private keys
|
|
# Remove a line below only if you store GPG-encrypted versions
|
|
.ssh/id_rsa
|
|
.ssh/id_ed25519
|
|
.ssh/id_ecdsa
|
|
.ssh/id_dsa
|
|
.ssh/keys/*_rsa
|
|
.ssh/keys/*_ed25519
|
|
.ssh/keys/*_ecdsa
|
|
.ssh/keys/*.pem
|
|
# Public keys and config are fine
|
|
!.ssh/*.pub
|
|
!.ssh/keys/*.pub
|
|
!.ssh/config
|
|
!.ssh/known_hosts
|
|
|
|
# GPG-encrypted private key backups are safe to commit
|
|
!.ssh/keys/*.gpg
|
|
|
|
# Secrets / tokens — never commit
|
|
.env
|
|
.env.*
|
|
*.token
|
|
*.secrets
|
|
vault/
|
|
|
|
# Machine-local overrides at HOME level — never commit (written by setup_enterprise_ai_bash.sh)
|
|
.bashrc.local
|
|
.bash_profile.local
|
|
|
|
# Per-host .bashrc.local files ARE committed — managed centrally in dotfiles/hosts/
|
|
# Files are named <hostname>.bashrc.local and deployed via: dotfiles deploy-to user@host
|
|
# hosts/*.bashrc.local is intentionally tracked (gitignore rules above only match exact name)
|