Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Users Search
Help Dashboard Sign In Sign Up
Q&A Meta
Q&A
Posts Tags Edits
Ask Question

Post History

50%
+0 −0
Q&A How do I keep track of configuration changes?

if I configure everything this way, it will turn into a mess, and after a few months I won't know what things I configured where I agree, and would suggest that we are looking for a way to "ma...

posted 5d ago by mcast‭  ·  edited 3d ago by mcast‭

Answer
#3: Post edited by user avatar mcast‭ · 2025-04-10T13:08:27Z (3 days ago)
+fedora silverblue
  • > if I configure everything this way, it will turn into a mess, and after a few months I won't know what things I configured where
  • I agree, and would suggest that we are looking for a way to "manage the mess".
  • Other than taking notes as @matthewsnyder said, you can put copious comments with your reasons / initials / date in the files modified - when you are not using a GUI.
  • # Cattle vs pets
  • [First search hit](https://www.hava.io/blog/cattle-vs-pets-devops-explained) seems to describe what I'm talking about, TLDR there may be better ones.
  • The gaming rig, the personal laptop and the configured-over-years mail server are "pets" in this analogy. When they get old, you still love them but the vet bills are mounting up and there are hard choices to be made.
  • The DevOps way is to define how the thing should be, put the recipe in version control, test the recipe like any other software release, then run the provisioning tools to make it be that way. When it gets poorly (and it will) just update the recipe, test again, bring up a new one and shoot the old one.
  • (It's also a grim and sad comment on modern industrial animal farms)
  • The DevOps way does _assume_ that bringing up a new VM in a pool of hardware, and returning the previous resources to that pool, is a cheap and fast operation.
  • * Mail servers, microservices and replicated databases work well this way.
  • * Firefox profiles, laptops with large home directories and real animals... not so much?
  • # Tracking changes in `/etc`
  • For /etc **I highly recommend [`etckeeper`](https://etckeeper.branchable.com/)**. It doesn't change anything, it just commits (git, mercurial, brz or darcs) the whole of /etc into `/etc/.vcdir/` each time something happens, or daily.
  • The implementation is fairly easy and quick to inspect, by reading `dpkg -L etckeeper` or equivalent to see the few files contained, so you can be confident it won't cause problems.
  • What does it do for you? After only a few weeks of using it, and many years' not using it,
  • 1. you have the record of exactly what changed and when, at least under /etc, with good precision and accuracy
  • 2. it's better if you remember to `etckeeper commit -m "what I did and why"` after making changes, but if you don't the "daily autocommit" catches it
  • 3. after taking care with permissions and remembering the whole VC history should be sufficiently private, you have the usual ways to ship a copy elsewhere
  • 4. the immediately obvious benefits for me are
  • 1. `etckeeper vcs log { --name-status | -p -5 cloud/cloud.cfg.d/ | ... }` to look at what changes happened in the past
  • 2. `etckeeper vcs diff` to double-check what I'm about to modify and leave running
  • 5. Yes, it does keep a record of the permissions on all files affected, and in a script form that looks easy and safe to re-apply
  • 6. Yes, it ships with a bunch of `/etc/.gitignore` entries to reduce noise
  • 7. **It looks very safe.** If you installed it, forgot about it and never used it... no harm done.
  • 8. It is now #2 in my list of things to do on a fresh machine after that first `apt update`
  • Think of it as
  • * the right way to get older `diff -u /etc/aliases{~,}` versions
  • * the notebook which gives you a good place to write about configuration changes made
  • * a magical notebook that will check your work or even do some of it for you when you forget
  • Downsides,
  • 1. it isn't really designed for rolling back to an old version or merging changes from another machine, but you could and the support is there.
  • 2. running `git` manually as root, especially for networking stuff, is unnerving. Don't fight that, it should be unnerving!
  • 3. although the `etckeeper vcs log` shows `apt` operations and some others with useful information, there is a risk of a run uninformative "daily autocommit" entries.
  • * Because the VCS is tracking not driving changes, you are at liberty to rewrite that Git history any way you like to provide better commit granularity and messages, but who has time for that?
  • # Changing `/etc` from a version control project
  • I'm making a little tool for doing the reverse, for the subset of files `/etc/aliases`, `/etc/exim/` and related, that I need to drive on a couple of machines. Currently this is at the toy project stage.
  • The plan,
  • 1. ✅ copy the old dusty files into Git
  • 2. ✅ write Python / Shell mess to do the important operations
  • * paste those files back into /etc in a controlled way, setting permissions
  • * freshen the VC copy from what's currently live in /etc
  • * diff
  • 3. ⏳ try it on another machine (and see what kind of mess needs clearing up after)
  • 4. Profit! Or more likely GPL / abandonware.
  • 5. ❌ Oh and test driven development. Whoops... I was in a hurry.
  • It might be classed as a kind of semi-DevOps?
  • # `~/`
  • I have yet to bring my `~/.dotfiles` under any kind of control. I have an inconveniently large number of different home directories for various purposes on laptop, servers, Raspberry Pis (plus SD cards swapped out).
  • I know there are projects to do it, but my previous attempts to put my home directory in version control were Not Pretty.
  • Advice welcome...
  • # Gordian solution
  • > Fools ignore complexity. Pragmatists suffer it. Some can avoid it. Geniuses remove it. -- [Alan Perlis](https://www.brainyquote.com/quotes/alan_perlis_177188)
  • Remember that the configuration changes are not important and should not burden you, if the machine is powered off.
  • > if I configure everything this way, it will turn into a mess, and after a few months I won't know what things I configured where
  • I agree, and would suggest that we are looking for a way to "manage the mess".
  • Other than taking notes as @matthewsnyder said, you can put copious comments with your reasons / initials / date in the files modified - when you are not using a GUI.
  • # Cattle vs pets
  • [First search hit](https://www.hava.io/blog/cattle-vs-pets-devops-explained) seems to describe what I'm talking about, TLDR there may be better ones.
  • The gaming rig, the personal laptop and the configured-over-years mail server are "pets" in this analogy. When they get old, you still love them but the vet bills are mounting up and there are hard choices to be made.
  • The DevOps way is to define how the thing should be, put the recipe in version control, test the recipe like any other software release, then run the provisioning tools to make it be that way. When it gets poorly (and it will) just update the recipe, test again, bring up a new one and shoot the old one.
  • (It's also a grim and sad comment on modern industrial animal farms)
  • The DevOps way does _assume_ that bringing up a new VM in a pool of hardware, and returning the previous resources to that pool, is a cheap and fast operation.
  • * Mail servers, microservices and replicated databases work well this way.
  • * Firefox profiles, laptops with large home directories and real animals... not so much?
  • # Tracking changes in `/etc`
  • For /etc **I highly recommend [`etckeeper`](https://etckeeper.branchable.com/)**. It doesn't change anything, it just commits (git, mercurial, brz or darcs) the whole of /etc into `/etc/.vcdir/` each time something happens, or daily.
  • The implementation is fairly easy and quick to inspect, by reading `dpkg -L etckeeper` or equivalent to see the few files contained, so you can be confident it won't cause problems.
  • What does it do for you? After only a few weeks of using it, and many years' not using it,
  • 1. you have the record of exactly what changed and when, at least under /etc, with good precision and accuracy
  • 2. it's better if you remember to `etckeeper commit -m "what I did and why"` after making changes, but if you don't the "daily autocommit" catches it
  • 3. after taking care with permissions and remembering the whole VC history should be sufficiently private, you have the usual ways to ship a copy elsewhere
  • 4. the immediately obvious benefits for me are
  • 1. `etckeeper vcs log { --name-status | -p -5 cloud/cloud.cfg.d/ | ... }` to look at what changes happened in the past
  • 2. `etckeeper vcs diff` to double-check what I'm about to modify and leave running
  • 5. Yes, it does keep a record of the permissions on all files affected, and in a script form that looks easy and safe to re-apply
  • 6. Yes, it ships with a bunch of `/etc/.gitignore` entries to reduce noise
  • 7. **It looks very safe.** If you installed it, forgot about it and never used it... no harm done.
  • 8. It is now #2 in my list of things to do on a fresh machine after that first `apt update`
  • Think of it as
  • * the right way to get older `diff -u /etc/aliases{~,}` versions
  • * the notebook which gives you a good place to write about configuration changes made
  • * a magical notebook that will check your work or even do some of it for you when you forget
  • Downsides,
  • 1. it isn't really designed for rolling back to an old version or merging changes from another machine, but you could and the support is there.
  • 2. running `git` manually as root, especially for networking stuff, is unnerving. Don't fight that, it should be unnerving!
  • 3. although the `etckeeper vcs log` shows `apt` operations and some others with useful information, there is a risk of a run uninformative "daily autocommit" entries.
  • * Because the VCS is tracking not driving changes, you are at liberty to rewrite that Git history any way you like to provide better commit granularity and messages, but who has time for that?
  • # Changing `/etc` from a version control project
  • I'm making a little tool for doing the reverse, for the subset of files `/etc/aliases`, `/etc/exim/` and related, that I need to drive on a couple of machines. Currently this is at the toy project stage.
  • The plan,
  • 1. ✅ copy the old dusty files into Git
  • 2. ✅ write Python / Shell mess to do the important operations
  • * paste those files back into /etc in a controlled way, setting permissions
  • * freshen the VC copy from what's currently live in /etc
  • * diff
  • 3. ⏳ try it on another machine (and see what kind of mess needs clearing up after)
  • 4. Profit! Or more likely GPL / abandonware.
  • 5. ❌ Oh and test driven development. Whoops... I was in a hurry.
  • It might be classed as a kind of semi-DevOps?
  • # `~/`
  • I have yet to bring my `~/.dotfiles` under any kind of control. I have an inconveniently large number of different home directories for various purposes on laptop, servers, Raspberry Pis (plus SD cards swapped out).
  • I know there are projects to do it, but my previous attempts to put my home directory in version control were Not Pretty.
  • Advice welcome...
  • # Immutable OS
  • Something like [Fedora Silverblue](https://fedoraproject.org/atomic-desktops/silverblue/) or (related) [rpm-ostree](https://coreos.github.io/rpm-ostree/) might be relevant.
  • The fundamental idea is that **the base OS is immutable and atomically updated** every few months; then I think other apps are brought in with `flatpak` / `snap` / _etc._
  • It doesn't remove the mess of configuration files, but it should isolate their influence into much smaller zones of sprawl.
  • # Gordian solution
  • > Fools ignore complexity. Pragmatists suffer it. Some can avoid it. Geniuses remove it. -- [Alan Perlis](https://www.brainyquote.com/quotes/alan_perlis_177188)
  • Remember that the configuration changes are not important and should not burden you, if the machine is powered off.
#2: Post edited by user avatar mcast‭ · 2025-04-08T19:52:36Z (5 days ago)
+risk of uninformative etckeeper history
  • > if I configure everything this way, it will turn into a mess, and after a few months I won't know what things I configured where
  • I agree, and would suggest that we are looking for a way to "manage the mess".
  • Other than taking notes as @matthewsnyder said, you can put copious comments with your reasons / initials / date in the files modified - when you are not using a GUI.
  • # Cattle vs pets
  • [First search hit](https://www.hava.io/blog/cattle-vs-pets-devops-explained) seems to describe what I'm talking about, TLDR there may be better ones.
  • The gaming rig, the personal laptop and the configured-over-years mail server are "pets" in this analogy. When they get old, you still love them but the vet bills are mounting up and there are hard choices to be made.
  • The DevOps way is to define how the thing should be, put the recipe in version control, test the recipe like any other software release, then run the provisioning tools to make it be that way. When it gets poorly (and it will) just update the recipe, test again, bring up a new one and shoot the old one.
  • (It's also a grim and sad comment on modern industrial animal farms)
  • The DevOps way does _assume_ that bringing up a new VM in a pool of hardware, and returning the previous resources to that pool, is a cheap and fast operation.
  • * Mail servers, microservices and replicated databases work well this way.
  • * Firefox profiles, laptops with large home directories and real animals... not so much?
  • # Tracking changes in `/etc`
  • For /etc **I highly recommend [`etckeeper`](https://etckeeper.branchable.com/)**. It doesn't change anything, it just commits (git, mercurial, brz or darcs) the whole of /etc into `/etc/.vcdir/` each time something happens, or daily.
  • The implementation is fairly easy and quick to inspect, by reading `dpkg -L etckeeper` or equivalent to see the few files contained, so you can be confident it won't cause problems.
  • What does it do for you? After only a few weeks of using it, and many years' not using it,
  • 1. you have the record of exactly what changed and when, at least under /etc, with good precision and accuracy
  • 2. it's better if you remember to `etckeeper commit -m "what I did and why"` after making changes, but if you don't the "daily autocommit" catches it
  • 3. after taking care with permissions and remembering the whole VC history should be sufficiently private, you have the usual ways to ship a copy elsewhere
  • 4. the immediately obvious benefits for me are
  • 1. `etckeeper vcs log { --name-status | -p -5 cloud/cloud.cfg.d/ | ... }` to look at what changes happened in the past
  • 2. `etckeeper vcs diff` to double-check what I'm about to modify and leave running
  • 5. Yes, it does keep a record of the permissions on all files affected, and in a script form that looks easy and safe to re-apply
  • 6. Yes, it ships with a bunch of `/etc/.gitignore` entries to reduce noise
  • 7. **It looks very safe.** If you installed it, forgot about it and never used it... no harm done.
  • 8. It is now #2 in my list of things to do on a fresh machine after that first `apt update`
  • Think of it as the right way to get older `diff -u /etc/aliases{~,}` versions!
  • Downsides,
  • 1. it isn't really designed for rolling back to an old version or merging changes from another machine, but you could and the support is there.
  • 2. running `git` manually as root, especially for networking stuff, is unnerving. Don't fight that, it should be unnerving!
  • # Changing `/etc` from a version control project
  • I'm making a little tool for doing the reverse, for the subset of files `/etc/aliases`, `/etc/exim/` and related, that I need to drive on a couple of machines. Currently this is at the toy project stage.
  • The plan,
  • 1. ✅ copy the old dusty files into Git
  • 2. ✅ write Python / Shell mess to do the important operations
  • * paste those files back into /etc in a controlled way, setting permissions
  • * freshen the VC copy from what's currently live in /etc
  • * diff
  • 3. ⏳ try it on another machine (and see what kind of mess needs clearing up after)
  • 4. Profit! Or more likely GPL / abandonware.
  • 5. ❌ Oh and test driven development. Whoops... I was in a hurry.
  • It might be classed as a kind of semi-DevOps?
  • # `~/`
  • I have yet to bring my `~/.dotfiles` under any kind of control. I have an inconveniently large number of different home directories for various purposes on laptop, servers, Raspberry Pis (plus SD cards swapped out).
  • I know there are projects to do it, but my previous attempts to put my home directory in version control were Not Pretty.
  • Advice welcome...
  • # Gordian solution
  • > Fools ignore complexity. Pragmatists suffer it. Some can avoid it. Geniuses remove it. -- [Alan Perlis](https://www.brainyquote.com/quotes/alan_perlis_177188)
  • Remember that the configuration changes are not important and should not burden you, if the machine is powered off.
  • > if I configure everything this way, it will turn into a mess, and after a few months I won't know what things I configured where
  • I agree, and would suggest that we are looking for a way to "manage the mess".
  • Other than taking notes as @matthewsnyder said, you can put copious comments with your reasons / initials / date in the files modified - when you are not using a GUI.
  • # Cattle vs pets
  • [First search hit](https://www.hava.io/blog/cattle-vs-pets-devops-explained) seems to describe what I'm talking about, TLDR there may be better ones.
  • The gaming rig, the personal laptop and the configured-over-years mail server are "pets" in this analogy. When they get old, you still love them but the vet bills are mounting up and there are hard choices to be made.
  • The DevOps way is to define how the thing should be, put the recipe in version control, test the recipe like any other software release, then run the provisioning tools to make it be that way. When it gets poorly (and it will) just update the recipe, test again, bring up a new one and shoot the old one.
  • (It's also a grim and sad comment on modern industrial animal farms)
  • The DevOps way does _assume_ that bringing up a new VM in a pool of hardware, and returning the previous resources to that pool, is a cheap and fast operation.
  • * Mail servers, microservices and replicated databases work well this way.
  • * Firefox profiles, laptops with large home directories and real animals... not so much?
  • # Tracking changes in `/etc`
  • For /etc **I highly recommend [`etckeeper`](https://etckeeper.branchable.com/)**. It doesn't change anything, it just commits (git, mercurial, brz or darcs) the whole of /etc into `/etc/.vcdir/` each time something happens, or daily.
  • The implementation is fairly easy and quick to inspect, by reading `dpkg -L etckeeper` or equivalent to see the few files contained, so you can be confident it won't cause problems.
  • What does it do for you? After only a few weeks of using it, and many years' not using it,
  • 1. you have the record of exactly what changed and when, at least under /etc, with good precision and accuracy
  • 2. it's better if you remember to `etckeeper commit -m "what I did and why"` after making changes, but if you don't the "daily autocommit" catches it
  • 3. after taking care with permissions and remembering the whole VC history should be sufficiently private, you have the usual ways to ship a copy elsewhere
  • 4. the immediately obvious benefits for me are
  • 1. `etckeeper vcs log { --name-status | -p -5 cloud/cloud.cfg.d/ | ... }` to look at what changes happened in the past
  • 2. `etckeeper vcs diff` to double-check what I'm about to modify and leave running
  • 5. Yes, it does keep a record of the permissions on all files affected, and in a script form that looks easy and safe to re-apply
  • 6. Yes, it ships with a bunch of `/etc/.gitignore` entries to reduce noise
  • 7. **It looks very safe.** If you installed it, forgot about it and never used it... no harm done.
  • 8. It is now #2 in my list of things to do on a fresh machine after that first `apt update`
  • Think of it as
  • * the right way to get older `diff -u /etc/aliases{~,}` versions
  • * the notebook which gives you a good place to write about configuration changes made
  • * a magical notebook that will check your work or even do some of it for you when you forget
  • Downsides,
  • 1. it isn't really designed for rolling back to an old version or merging changes from another machine, but you could and the support is there.
  • 2. running `git` manually as root, especially for networking stuff, is unnerving. Don't fight that, it should be unnerving!
  • 3. although the `etckeeper vcs log` shows `apt` operations and some others with useful information, there is a risk of a run uninformative "daily autocommit" entries.
  • * Because the VCS is tracking not driving changes, you are at liberty to rewrite that Git history any way you like to provide better commit granularity and messages, but who has time for that?
  • # Changing `/etc` from a version control project
  • I'm making a little tool for doing the reverse, for the subset of files `/etc/aliases`, `/etc/exim/` and related, that I need to drive on a couple of machines. Currently this is at the toy project stage.
  • The plan,
  • 1. ✅ copy the old dusty files into Git
  • 2. ✅ write Python / Shell mess to do the important operations
  • * paste those files back into /etc in a controlled way, setting permissions
  • * freshen the VC copy from what's currently live in /etc
  • * diff
  • 3. ⏳ try it on another machine (and see what kind of mess needs clearing up after)
  • 4. Profit! Or more likely GPL / abandonware.
  • 5. ❌ Oh and test driven development. Whoops... I was in a hurry.
  • It might be classed as a kind of semi-DevOps?
  • # `~/`
  • I have yet to bring my `~/.dotfiles` under any kind of control. I have an inconveniently large number of different home directories for various purposes on laptop, servers, Raspberry Pis (plus SD cards swapped out).
  • I know there are projects to do it, but my previous attempts to put my home directory in version control were Not Pretty.
  • Advice welcome...
  • # Gordian solution
  • > Fools ignore complexity. Pragmatists suffer it. Some can avoid it. Geniuses remove it. -- [Alan Perlis](https://www.brainyquote.com/quotes/alan_perlis_177188)
  • Remember that the configuration changes are not important and should not burden you, if the machine is powered off.
#1: Initial revision by user avatar mcast‭ · 2025-04-08T19:44:34Z (5 days ago) 
> if I configure everything this way, it will turn into a mess, and after a few months I won't know what things I configured where

I agree, and would suggest that we are looking for a way to "manage the mess".

Other than taking notes as @matthewsnyder said, you can put copious comments with your reasons / initials / date in the files modified - when you are not using a GUI.

# Cattle vs pets

[First search hit](https://www.hava.io/blog/cattle-vs-pets-devops-explained) seems to describe what I'm talking about, TLDR there may be better ones.

The gaming rig, the personal laptop and the configured-over-years mail server are "pets" in this analogy. When they get old, you still love them but the vet bills are mounting up and there are hard choices to be made.

The DevOps way is to define how the thing should be, put the recipe in version control, test the recipe like any other software release, then run the provisioning tools to make it be that way. When it gets poorly (and it will) just update the recipe, test again, bring up a new one and shoot the old one.

(It's also a grim and sad comment on modern industrial animal farms)

The DevOps way does _assume_ that bringing up a new VM in a pool of hardware, and returning the previous resources to that pool, is a cheap and fast operation.
* Mail servers, microservices and replicated databases work well this way.
* Firefox profiles, laptops with large home directories and real animals... not so much?

# Tracking changes in `/etc`

For /etc **I highly recommend [`etckeeper`](https://etckeeper.branchable.com/)**. It doesn't change anything, it just commits (git, mercurial, brz or darcs) the whole of /etc into `/etc/.vcdir/` each time something happens, or daily.

The implementation is fairly easy and quick to inspect, by reading `dpkg -L etckeeper` or equivalent to see the few files contained, so you can be confident it won't cause problems.

What does it do for you? After only a few weeks of using it, and many years' not using it,

1. you have the record of exactly what changed and when, at least under /etc, with good precision and accuracy
2. it's better if you remember to `etckeeper commit -m "what I did and why"` after making changes, but if you don't the "daily autocommit" catches it
3. after taking care with permissions and remembering the whole VC history should be sufficiently private, you have the usual ways to ship a copy elsewhere
4. the immediately obvious benefits for me are
    1. `etckeeper vcs log { --name-status | -p -5 cloud/cloud.cfg.d/ | ... }` to look at what changes happened in the past
    2. `etckeeper vcs diff` to double-check what I'm about to modify and leave running
5. Yes, it does keep a record of the permissions on all files affected, and in a script form that looks easy and safe to re-apply
6. Yes, it ships with a bunch of `/etc/.gitignore` entries to reduce noise
7. **It looks very safe.** If you installed it, forgot about it and never used it... no harm done.
8. It is now #2 in my list of things to do on a fresh machine after that first `apt update`

Think of it as the right way to get older `diff -u /etc/aliases{~,}` versions!

Downsides,

1. it isn't really designed for rolling back to an old version or merging changes from another machine, but you could and the support is there.
2. running `git` manually as root, especially for networking stuff, is unnerving. Don't fight that, it should be unnerving!

# Changing `/etc` from a version control project

I'm making a little tool for doing the reverse, for the subset of files `/etc/aliases`, `/etc/exim/` and related, that I need to drive on a couple of machines. Currently this is at the toy project stage.

The plan,
1. ✅ copy the old dusty files into Git
2. ✅ write Python / Shell mess to do the important operations
   * paste those files back into /etc in a controlled way, setting permissions
   * freshen the VC copy from what's currently live in /etc
   * diff
3. ⏳ try it on another machine (and see what kind of mess needs clearing up after)
4. Profit! Or more likely GPL / abandonware.
5. ❌ Oh and test driven development. Whoops... I was in a hurry.

It might be classed as a kind of semi-DevOps?

# `~/`

I have yet to bring my `~/.dotfiles` under any kind of control. I have an inconveniently large number of different home directories for various purposes on laptop, servers, Raspberry Pis (plus SD cards swapped out).

I know there are projects to do it, but my previous attempts to put my home directory in version control were Not Pretty.

Advice welcome...

# Gordian solution

> Fools ignore complexity. Pragmatists suffer it. Some can avoid it. Geniuses remove it. -- [Alan Perlis](https://www.brainyquote.com/quotes/alan_perlis_177188)

Remember that the configuration changes are not important and should not burden you, if the machine is powered off.