Do you use git/hg/svn for your system's configuration files?

poorandunlucky · Aug 16, 2020

It just dawned upon me that maybe I could initialize git in the root directory to keep track of /boot/loader.conf /etc /usr/local/etc /jails/nginx/etc /jails/nginx/usr/local/etc etc instead of making a script that updates a tarball... It could be used to backup the configuration, as well as revert the configuration, and keep it secure with signed commits and diff checks...

Thoughts? Experiences? Ideas? ... Comments?

a6h · Aug 16, 2020

I don't think git preserves all permissions on files. Hence I won't do that.

Bobi B. · Aug 16, 2020

Yup, they preserve execute flag, but lose ownership and permissions. Some services might refuse to start if they are not as expected.

Emrion · Aug 16, 2020

I don't use such a thing, but you should read this.

Edit: I corrected the link which wasn't the good one.

Bobi B. · Aug 16, 2020

Thinking of it, you might work around losing of permissions and ownership by wrapping svn in a small shell script and store permissions and ownership as file properties (i.e. svn propset owner user:group file and svn propset mode 0640 file). This way wrapper script can restore them at a later time. I don't have much git experience, but I take it per-file custom properties/attributes are supported there, as well.

Mjölnir · Aug 16, 2020

In the past I used RCS (devel/rcs57). Oldy but goldy. In contrast to CVS, it can be run by root. Now I have periodic ZFS snapshots. That's enough to revert human mistakes & requires no discipline like check-in/out on every editing. These modern tools like Mercurial, Subversion & git are tuned towards colaboration between dozens of developers (where CVS had issues). Usually one does not need that for configuration files & an easy traditional tool like RCS is fully sufficient. Basic usage: RTFM rcsintro(1) and then
cd /etc && mkdir RCS
ci -l -m'initial revision' *

mickey · Aug 16, 2020

I am using a separate directory (/etc/config) under control of CVS where I keep a number of configuration files that I want synchronized between different machines or otherwise want to have under revision control. This includes shell init files (csh.cshrc, csh.login, csh.logout, profile), printcap, mergemaster.rc, Xresources, make.conf.inc (included from each machine's /etc/make.conf for shared settings) as well as kernel configuration files for each machine and other stuff like µEmacs site settings. A Makefile in this directory takes care of installing each file (or all at once) by creating symbolic links and can also be used to uninstall (by restoring the default versions from the FreeBSD source tree).

Eric A. Borisch · Aug 17, 2020

I use ZFS auto-snapshots and my own zfs_versions script to see changes over time.

Jose · Aug 18, 2020

I keep all of my system configs in git. It took me multiple hours to pare down some config files into a manageable form (I'm looking at you, php.ini) and I don't want to lose all that work. Long term plan is to use a combination of Ansible scripts and Jinja templates such that I can fully configure any system with a basic install and ssh enabled.

20-100-2fe · Aug 18, 2020

Using a version control system didn't work for me because installing a system is not just copying configuration files.
I also want installation to be easily reproducible and adaptable.
I have created a small post-installation scripting framework for my own needs and I've been able to build upon it to quickly and easily manage VM configurations at work.
If you want to have a look at it: http://gaia.defert.com/postin/