🐙Git, GitHub & backups
Your code deserves a safety net. Git to version everything, GitHub to keep it safe and share it, and a real backup strategy so you never lose anything, even if the machine fries.
You just laid down an agent that’s going to write code at full speed. Before it touches anything important, we install the safety net: Git, so every change is reversible, and GitHub, so your work lives somewhere other than this one little box. Because a mini-PC can fry, get stolen, or take one rm too many. Your code, though, must never disappear with it.
Why this is non-negotiable (especially with an agent)
A coding agent moves fast, and it’s confident in itself. Most of the time that’s great; sometimes it breaks something. Git turns that into a non-event:
- Every commit is a restore point. The agent broke everything?
git restoreorgit reset, and you’re back to the previous state in a second. It’s the ultimate “undo.” - You see exactly what changed.
git diffshows you, line by line, what the agent touched. You review before approving, that’s the heart of the craft (see Securing access). - GitHub puts your code out of reach of disasters. Dead disk, theft, fat-fingered mistake: your code is on GitHub, intact. You get it back on any machine with one command.
- And you can share. Granting access to a colleague, working as a team, going open source: it all goes through GitHub.
Configure Git on the machine
Three lines, once and for all. Git needs to know who you are (it signs your commits):
git config --global user.name "Your First Last"
git config --global user.email "[email protected]"
# A few sane defaults
git config --global init.defaultBranch main # the default branch is called "main"
git config --global pull.rebase false # predictable pull behavior
Give the machine access to GitHub
Your machine has to prove to GitHub that it’s allowed to push. Two paths; take the one that speaks to you.
The simplest: the GitHub CLI (gh)
The official gh tool handles authentication for you, tokens included.
# Install gh (official Ubuntu method)
sudo apt install -y gh
# Connect the machine to your account, answer the questions, it opens a browser
gh auth login
Choose “GitHub.com,” then “SSH” as the protocol: gh generates and installs the key on its own. At the end, your machine can clone, push, create repos. That’s the option I recommend to start.
The manual option: an SSH key dedicated to the machine
If you prefer to control everything, create an SSH key specific to this mini-PC (one key per machine is healthier):
ssh-keygen -t ed25519 -C "mini-pc-github"
cat ~/.ssh/id_ed25519.pub # copy what's displayed
Paste the public key into GitHub → Settings → SSH and GPG keys → New SSH key. Then verify:
ssh -T [email protected] # should greet you by your GitHub username
Your first repo, and the agent that uses it
cd ~/my-project
git init
# The file that tells git what to IGNORE, crucial
cat > .gitignore <<'EOF'
node_modules/
.env
*.log
dist/
EOF
git add -A
git commit -m "First draft"
# Create the remote repo and push (with gh, it's one line)
gh repo create my-project --private --source=. --push
Once it’s in place, ask your agent to handle git for you: “regular commits with clear messages,” “create a branch for this feature,” “open a pull request.” You can even write it into your memory file: “commit after each approved step, conventional messages, only push to main with my OK.”
Backups: the 3-2-1 rule
GitHub saves your code. But your mini-PC contains plenty of other things that aren’t in git: your .env files, your databases, generated data, system configs. For those, we apply the golden rule of backup:
Decide what to back up
- The code → already on GitHub, nothing more to do.
- The secrets (
.env, keys) → back them up encrypted, never in plaintext. - The data that matters (databases, generated files, custom configs).
- Not the Ollama models or
node_modules: they re-download, no point backing them up.
Pick a tool and a destination
restic is the ideal tool: encrypted, deduplicated, incremental backups. You send it to a NAS, another disk, or cloud storage.
sudo apt install -y restic
# Initialize a backup repository (e.g., to a mounted NAS)
restic -r /mnt/nas/backups init
# First backup
restic -r /mnt/nas/backups backup ~/projects ~/configs
rclone is an excellent alternative for targeting cloud storage (encrypted client-side).
Automate, a manual backup always ends up forgotten
Schedule a systemd timer or a daily cron job. Your agent can write that in two minutes: ask it “create a systemd service that runs my restic backup every night at 3 a.m.”
TEST your restore
A backup you’ve never restored isn’t a backup, it’s a hope. Do the exercise at least once: restic -r /mnt/nas/backups restore latest --target /tmp/test-restore, and check that your files are really there.