This little snippet will help you keeping track of your dotfiles as a bare git repository. It utilizes setgitperms.pl from git's contrib directory to manage permissions. Since I wasn't sure about it's license, I didn't include it here - you'll have to download it yourself.

It was inspired by a Atlassian developer blog entry.

1. Fork and clone this repository (I assume that the path to you repository will be available as $REPO).
2. Either add setgitperms.perl to .dothooks (or simply reference it by path if you are sure that it will be at the same location on all your machines). Make sure that it's executable! Don't forget to commit and push after this :-)

tmp=$(mktemp -d) ; cd $tmp
git clone $REPO && cd .dotfiles
wget -P .dothooks https://raw.githubusercontent.com/git/git/master/contrib/hooks/setgitperms.perl
chmod 755 .dothooks/setgitperms.perl
git add . && git commit -m 'added setgitperms.pl' && git push
cd $HOME && rm -rf $tmp

3. Clone the modified repository to ~/.dotfiles as a bare copy and protect it from access:

git clone --bare $REPO $HOME/.dotfiles
chmod 0700 $HOME/.dotfiles

4. Define an alias, checkout your data, enable hooks, fix permissions:

alias dot='git --git-dir="$HOME/.dotfiles" --work-tree="$HOME"'
dot checkout # for errors, see the Atlassian blog entry
dot config --local core.hooksPath $HOME/.dothooks
dot config --local status.showUntrackedFiles no
dot checkout # this time with hooks

5. Add the dot alias to your shell's initialization files and manage your dotfiles like any other git repository, only while typing dot instead of git.

Don't push any (dot)files containing passwords or any other data you don't want to share to github - they will be world readable there.

You will probably also avoid to run dot clean.

Good luck and have fun.