I have a /.git/ directory in the root of a Debian 11 server. Every change under /etc is carefully versioned. My plan when upgrading to 12 is to roll back all the changes, turn the upgraded config into a new commit, then rebase my config changes one by one. I anticipate that I will still be burned, but maybe less than before.
I use etckeeper for this, automatic daily commits if something changes, also does pre and post apt commits.
I use that for potential personal foot shots. Upgrades are almost always straight forward, just read the notes. I have been upgrading in place 6-12 systems since at least 2002.
Yes, everything. The danger is that you won't notice that you changed something; if a file is not under git and you touch it, you don't know.
(I have extensive experience with the Quilt patch management system; countless times I forgot a "quilt add" before changing something. You will not remember.)
Stuff outside of /etc I've added on a case by case basis. I have customized some code in the Roundcube webmail app, so I put it that installation under git.
Now there is some garbage software that puts changing state under /etc. Can you believe it? Snap is like this, and I installed that in order to get Certbot (the SSL cert manager). So I ended up with spurious changes in these changing state files. Ugh.
Too risky at this point; I could end up with a site whose cert fails to renew. From my point of view, Snap to Python is like frying pan out of the fire. Better the devil that currently works.
