Configuration
This file describes the TOML configuration used by hometree. Defaults come from crates/hometree-core/src/config.rs and paths from crates/hometree-core/src/paths.rs.
Default config file: $XDG_CONFIG_HOME/hometree/config.toml (falls back to ~/.config/hometree/config.toml).
With --home-root and --xdg-root, the config moves to <xdg_root>/config/hometree/config.toml.
A fresh config can be written by the CLI (e.g. hometree init) using these defaults.
[ repo ] git_dir = "/home/user/.local/share/hometree/repo.git" work_tree = "/home/user" [ manage ] roots = [ ".config/" , ".local/bin/" ] extra_files = [] [ ignore ] patterns = [ ".ssh/**" , "**/*secret*" ] [ watch ] enabled = false debounce_ms = 500 auto_stage_tracked_only = true auto_add_new = false auto_add_allow_patterns = [] [ snapshot ] auto_message_template = "snapshot: auto" [ secrets ] enabled = true backend = "age" sidecar_suffix = ".age" recipients = [ "age1example..." ] identity_files = [ "~/.config/hometree/keys/identity.txt" ] backup_policy = "encrypt" # encrypt | skip | plaintext [[ secrets . rules ]] path = ".config/app/secret.txt" mode = 0o600 Key Type Default Notes git_dirpath $XDG_DATA_HOME/hometree/repo.git (bare)Location of the hometree git repo. work_treepath $HOMEWork tree that hometree manages.
Key Type Default Notes rootsarray of relative paths [".config/", ".local/bin/", ".local/share/systemd/user/", ".local/share/applications/"]Managed directories (relative to work_tree). Trailing / is allowed. extra_filesarray of relative paths []Individual files to manage outside the roots list.
Key Type Default Notes patternsarray of glob patterns see list below Patterns are relative to work_tree. Secret rules are auto-added here when secrets are enabled.
Default ignore patterns:
.ssh/** .gnupg/** .local/share/keyrings/** .local/share/kwalletd/** .pki/** .mozilla/** .config/google-chrome/** .config/chromium/** .config/BraveSoftware/** **/*token* **/*secret* Key Type Default Notes enabledbool falseEnables the foreground watcher. debounce_msinteger (ms) 500Debounce window for filesystem events. auto_stage_tracked_onlybool trueIf true, watcher stages only paths already tracked. auto_add_newbool falseIf true, watcher may add new files under managed roots/extra_files when allowlist matches. auto_add_allow_patternsarray of glob patterns []Allowlist for auto-add; ignored when auto_add_new is false.
Auto-add validation rules:
Maximum 50 non-empty entries.
Empty/whitespace-only entries are ignored.
Rejected as overly broad: *, **, **/*, */**, .**, .*/**.
Patterns without / are rejected unless they start with . (e.g. .gitignore is allowed).
Absolute paths are rejected; patterns must be relative to work_tree.
Key Type Default Notes auto_message_templatestring or null nullUsed by hometree snapshot --auto; required when --auto is used.
Key Type Default Notes enabledbool falseTurn secrets support on/off. Validation only runs when enabled. backendstring "age"Only "age" is supported. sidecar_suffixstring ".age" (when enabled)Must be non-empty; defaults to .age if left blank. recipientsarray of strings []Age recipient keys. identity_filesarray of paths []Age identity files to decrypt. rulesarray of tables []See secrets.rules below. backup_policyenum encryptAllowed values: encrypt, skip, plaintext.
[[secrets.rules]] entries:
Key Type Default Notes pathstring (relative) required Path of the plaintext secret. Added to [ignore.patterns] automatically when secrets are enabled. ciphertextstring or null nullOptional ciphertext path; defaults to path + sidecar_suffix when omitted by CLI operations. modeinteger or null nullOptional file mode (e.g. 0o600).
Secrets validation rules:
Runs only when secrets.enabled is true.
backend must be age.sidecar_suffix must not be empty (auto-filled with .age if blank).Secret paths are appended to [ignore.patterns] to keep plaintext out of git.