How to manage configuration files

How to manage configuration files
from edinbruh@feddit.it to linux@lemmy.ml on 07 Oct 14:17
https://feddit.it/post/22496010

I’m trying to find a better solution to manage configuration files, both user’s dotfiles and system files in /etc. I’m running an ubuntu server where I have a bunch services with custom configurations, and systemd drop-in files, but on top of that I also have some scripts and user dotfiles that I need to track.

What I’m doing right now is that I have a folder full of symlinks in the admin user’s directory (poor username choice, btw) and I’m using bindfs to mount this directory inside a git repository, this way git won’t see them as symlinks, and will version them as regular files. The problem with doing this is that as git deletes and rewrites files, bindfs fails to track the changes and converts the symlink to regular files.

I looked into chezmoi, but that is only meant to track user dotfiles and will refuse to add a file from /etc, that is unless doing some extra work. But even so, chezmoi will not track the user:group of files, so I would still have to manage that manually.

I also looked into GNU Stow, and that would not complain about files from /etc or anywhere, but it similarly will not track permissions and I would have to manage that manually.

I see that some people are using ansible to manage dotfiles, but at that point, it would make sense to just migrate to ansible, except I don’t want to rebuild my server from scratch to use ansible. Also it looks like a lot to learn.

Is there a better solution I’m not seeing? Maybe something using git hooks?

#linux

threaded - newest

k_rol@lemmy.ca on 07 Oct 14:32 next collapse

I’m trying to find an easy way to redo my VMs and configs, I’ve started learning terraform to build my VMs and create a cloud init to install all necessary things. Then I think I’ll use ansible for the remaining and put back my configs.

While I’m sure this will work well, I find this is a huge amount of work. I’m hoping someone else has some good ideas / lessons learned about that.

bruce965@lemmy.ml on 07 Oct 14:53 next collapse

If your goal is to host services, I would recommend looking into Docker, and eventually Podman. Containerization lets you keep the configuration wherever you want, personally I use a dedicated a directory for each service.

Also, please note that a container is not a VM. It’s just a way to keep everything in one place.

edinbruh@feddit.it on 07 Oct 15:01 collapse

The server in question is a raspberry with 4 gigabytes of ram, so I will need to use containers very sparingly. Basically I’m using podman quadlets only for those services that really only comes in containers (which for now means only codimd, overleaf, and zigbee2mqtt), and I’m running everything else on metal. But even with containers, I would still need to manage container configurations, network, firewall, file sharing permissions, etc. just like I did without containers.

bruce965@lemmy.ml on 07 Oct 15:59 collapse

Ah I see… I keep container configs in a specific directory, which contains one directory per-service, which contain all the config files + a compose.yml file to place them in the correct path in the container. I could commit everything to Git if I wanted to.

Regarding network and firewall, you could make a symlink to a versioned file and keep your config with the containers. Same for firewall rules.

I’m not sure what you mean by file sharing permissions. With containers you could give a different user to each service.

If you are worried about memory and disk usage, another option I’ve been exploring recently is using OverlayFS, which, among other things, allows you to inject a directory at a specific path. Again, this would let you keep all your configs where you fancy the best. I use it through Bubblewrap.

Anyways I realize that what I just described is far from standard… hopefully other users will suggest something less custom.

Overspark@piefed.social on 07 Oct 16:14 next collapse

dotfiles and system configuration are pretty different use-cases, usually when you do system-wide stuff you want to manage not just the configuration files but also what software is installed and a bunch of other things. Ansible or something else like it is definitely the right tool for the job. And Ansible isn’t so difficult to learn, you only need to know like 5% of what it can do to be very effective.

For dotfiles my personal preference is dotbot, but there are MANY many different tools that are all good and are just different ways to accomplish roughly the same thing.

algernon@lemmy.ml on 07 Oct 17:10 next collapse

I will not recommend switching to NixOS and declarative configuration. I will not recommend switching to NixOS and declarative configuration. I will not recommend switching to NixOS and declarative configuration.

…fuck. I failed the saving throw. I’m sorry.

Do look into Ansible, and the whole configuration management topic, though.

zstg@programming.dev on 07 Oct 17:52 collapse

Ah yes, the obligatory NixOS recommendation post.

On a serious note though, NixOS IS well-suited for this purpose.

IanTwenty@lemmy.world on 07 Oct 17:50 next collapse

Stow/chezmoi/your choice for dotfiles, config mgmt for system config. You don’t need to rebuild whole server to start with ansible tho, you can take over one file at a time and grow as you learn.

As you’ve found I don’t know of a tool that will cover both usecases as config mgmt for dotfiles is too much and dotfile mgrs for system config is probably out of their scope.

lepinkainen@lemmy.world on 07 Oct 18:17 next collapse

Chezmoi for user stuff, Ansible for system level (packages, user accounts, base services like mail and vpn)

Docker compose managed with opentofu for applications because I’m weird like that

koala@programming.dev on 07 Oct 19:55 next collapse

You don’t need to rebuild your server from scratch to use Ansible or any other configuration management tool. It helps, though, because then you can ensure you can rebuild from scratch in a fully automatic way.

You can start putting small things in control with Ansible; next time you want to make a change, do it through Ansible. If you stop making manual changes, you’ll already get some benefit- like being able to put your Ansible manifests in version control.

(I still use Puppet for configuration files, installing packages, etc. It just does some stuff better than Ansible. Still, Puppet is harder to learn, and Ansible can be more than enough. Plus, there’s stuff that Ansible can do that Puppet can’t do.)

Dotfiles are a completely separate problem, tackle them separately. Don’t use Ansible for that, use a dotfile-specific tool.

darkan15@lemmy.world on 07 Oct 20:56 collapse

You could use aliases on your .bashrc for git (and a bare repo), that would let you manage your $HOME and /etc directly with git without using symlinks, only downside is having them separated in two aliases and two repos.

# user config repo
alias dotfiles='git --git-dir=$HOME/.dotfiles --work-tree=$HOME'

# system config repo
alias etcfiles='sudo git --git-dir=$HOME/.etcfiles --work-tree=/etc'

It is also recommended that you run:

<alias> config --local status.showUntrackedFiles no

in the terminal for both the dotfiles and etcfiles aliases (you can pick the aliases and git-dir names you want)

The aliases help you have a custom named folder instead of .git located in a custom path, and you can manage them without symlinks as you use git directly on the file’s original location, this would solve your issue of other solutions that depend on symlinks

Note: you could technically have the root directory –work-tree=/ as a work tree to use only one command, but It is not recommended to give git the possibility to rewrite any file on the entire file system.

Some reference links:

Text

Video