add git diff filter support

[blaggacao]

attempt towards #11 — please feel free to refine since I don't feel competent for a proper implementation.

[ryantm]

@blaggacao What are you trying to achieve with a git filter?

[blaggacao]

Oh, sorry, implicit context :stuck_out_tongue_closed_eyes:

Simply to replace git crypt in nixflk (issue)

[ryantm]

Unless we can come up with some better plan for how to import the files into the NixOS configuration, they need to be encrypted at rest.

[blaggacao]

PS: seems as this is the way git crypt works, itself: https://github.com/nrdxp/nixflk/blob/37d40e0cfe4e770a1ef388e93de3bd048d5aaee7/.gitattributes#L1

[blaggacao]

Unless we can come up with some better plan for how to import the files into the NixOS configuration, they need to be encrypted at rest.

My assumption was somehow that those git attributes would only affect the git editing workflow. Didn't realize that the checkout is our "at rest" as well. What would happen if we only implement the diff filter? without the smudge and clean? Could be then we would gain elegant diffing, but keeping them encrypted at rest...

[ryantm]

Yeah, a diff filter would be good. Sops supports that. https://github.com/mozilla/sops#showing-diffs-in-cleartext-in-git

[blaggacao]

I'll comply this PR to this. Thanks for the advice and the argument.

[ryantm]

I'm closing this since it has had a merge conflict for a while and no one else has voiced their interest. If this gets picked up again, we should have tests for it.