
Etckeeper lets you store changes in /etc to git - dz0ny
https://github.com/joeyh/etckeeper
======
sciurus
More great software from Joey Hess.

<http://joeyh.name/>

<http://joey.hess.usesthis.com/>

~~~
marshray
I liked the part about: _I do everything on a netbook, a Dell Mini 9. I’ve
been using it since 2008, and have worn out two keyboards._

He doesn't look like his fingers would be any smaller than mine, but I have
tried to use a netbook and failed. I just ordered myself a new laptop
primarily because I didn't like the keyboard on my ultrabook. Joey, I am
humbled by you.

------
zimbatm
The cool thing about Etckeeper is that it plugs directly into your package
manager. If you're using deb or rpm, a commit is made after each package
install if they changed /etc.

~~~
jared314
Wouldn't a simple inotify[0] watch on /etc handle that scenario? Does it split
up the commits by package?

[0] <http://linux.die.net/man/1/inotifywait>

~~~
ibotty
inotify consumes resources (ram), which a hook into a package manager does
not. you cannot watch all subdirectories within /etc with one handle, so you
will have to recursively setup handles for all subdirectories. then, you might
run into the max_user_watches limit (see sysctl fs.inotify.max_user_watches).

~~~
tankenmate
Acutally, using fanotify() you can watch a whole filesystem with one watcher;
use FAN_MARK_MOUNT (inotify and fanotify both use the fsnotify subsystem in
the kernel). So then you set a watch on either /etc (if it is separately
mounted) or watch / and then ignore any paths that aren't in /etc.

------
edwintorok
I've been using this for quite some time, but mostly as a 'fire and forget'
tool. There were some rare occasions when the information from the git history
was useful though, like finding out how the configuration looked for an older
version of a program.

~~~
dfc
I have one big etckeeper repo for all of my personal machines with each
machine being a separate branch. It comes in handy when you cant remember how
you have something set up on another machine and or for when i get a new
machine.

------
jlgaddis
I've been using etckeeper on all my machines for a few years now. It's
basically "install and forget about it", but it's been a tremendous help on a
few occasions when something broke!

------
dgallagher
Does anyone recommend a good GUI for viewing Linux log files on Windows or
Mac? I'd pay for an OSX-Console-like app that'll connect to a remote Linux
distro and allow easy browsing/searching of /var/log/, or any paths you add to
it.

~~~
cabacon
You could setup splunk free (or one of the OSS clones like logstache or
greylog2) on the Linux host and use that web interface for visualizing and
searching the logs.

~~~
crymer11
I highly recommend Logstash and Kibana. The setup might be a little more
complex then some would desire (but by no means is it difficult and both have
solid docs), but the two are pretty powerful tools.

1 - <http://www.logstash.net/> 2 - <http://kibana.org/>

------
llcoolv
I ve known people doing it with SVN/Git for at least 7-8 years now.

~~~
snaky
And with RCS for almost 30 years.

~~~
joeyh
In a way RCS is a better architectural fit for this than git, because you can
check /etc/shadow in and only one file is used to version it, unlike with git
where the whole /etc/.git/ directory has to be locked down to avoid exposing
its contents.

Oddly, RCS is about the only VCS not supported by etckeeper yet. (Well, and
CVS and svn). It'd be pretty easy to write the 8 or so scripts needed to add
support for it to etckeeper.

~~~
limmeau
Doesn't Mercurial also maintain version info in one file below .hg per file in
the tree?

------
deelowe
Is there something like this that works for arbitrary files or directories?
Basically, I'd like to have something that monitors files and/or directories
for changes and then stores the diffs in git possibly via a cron job or a
daemon using inotify? Anything analogous to this would be great.

I've contemplated writing something like this myself many times, but time is
just not something I have a lot of these days.

~~~
dfc
At first I thought this was a cute lead up to git-annex and then I realized it
was a straight forward question and that you want incremental diffs. You
should take a look at git-annex[1] one of joey's other projects if the diff
feature is not a deal breaker.

 _"git-annex allows managing files with git, without checking the file
contents into git. While that may seem paradoxical, it is useful when dealing
with files larger than git can currently easily handle, whether due to
limitations in memory, time, or disk space.

git-annex is designed for git users who love the command line. For everyone
else, the git-annex assistant turns git-annex into an easy to use folder
synchroniser."_

The only joeyh project that I use more than git-annex or etckeeper is
moreutils.[2] (Obviously I'm not including joey's enormous contributions to
Debian) Included in moreutils:

    
    
      chronic: runs a command quietly unless it fails
      combine: combine the lines in two files using boolean operations
      ifdata: get network interface info without parsing ifconfig output
      ifne: run a program if the standard input is not empty
      isutf8: check if a file or standard input is utf-8
      lckdo: execute a program with a lock held
      mispipe: pipe two commands, returning the exit status of the first
      parallel: run multiple jobs at once
      pee: tee standard input to pipes
      sponge: soak up standard input and write to a file
      ts: timestamp standard input
      vidir: edit a directory in your text editor
      vipe: insert a text editor into a pipe
      zrun: automatically uncompress arguments to command
    

The only program that I never have a use for is ts, I use tai64n[3] from djb.

[1] <http://git-annex.branchable.com/>

[2] <http://joeyh.name/code/moreutils/>

[3] <http://cr.yp.to/daemontools/tai64n.html>

~~~
joeyh
Recently the git-annex assistant has gained the ability to check selected
files directly into git, so you can have your diffs too if you want them.

[http://git-annex.branchable.com/design/assistant/blog/day_22...](http://git-
annex.branchable.com/design/assistant/blog/day_224__annex.largefiles/)

------
james2vegas
Been doing this with RCS for decades.

------
GauntletWizard
I'd been toying around with different versions of this for a bit; / and etc
under git control with .ignore files keeping it limited to only the specific
files I wanted. This sounds like a far more mature and robust solution, so
I'll likely be switching to it shortly.

------
deathcakes
Having used this for about six months, can confirm that it, plus gitweb, have
saved our bacon a good few times. Handy when, as it usually does, push comes
to shove and you have to restore right the fuck now, and only have a browser
on you.

------
VLM
A good analogy is etckeeper is to /etc/* as RANCID is to a (real) router and
its configuration. So now if you know one, you know the other.

------
nnnnni
I worry about the security risks of saving your entire /etc to "somewhere on
the internet"...

~~~
jonasb
I use etckeeper, but only keep the repository locally. I use it so I can keep
track of what changes there are to /etc, to help with that time when something
breaks.

~~~
lukeschlather
I'm still a little disappointed it doesn't ignore /etc/shadow by default. I
can't imagine a valid use case for keeping /etc/shadow in source control.

~~~
marshray
Clearly there are reasons to keep /etc/passwd in version control. Changes to
/etc/passwd often need to be synchronized with changes to /etc/shadow.

For something like professionally administered servers accessible only via ssh
asymmetric keys, /etc/shadow may not be considered so sensitive that it's
worth the risk of having it be an exceptional cases in version control.

------
blantonl
hopefully /etc/passwd and all those other important security related files are
excluded?

~~~
dz0ny
Yes thats excluded, however your .git is stored locally and it would need be
root user to even look at directory.

------
holms
yeah would be nice freebsd support.

