Use etckeeper for keeping /etc in version control?

[qbi]

Hey Alec,

thanks for the nice writeup.

Your document puts /etc/tor under version control (git). I'd suggest putting the entire /etc under version control by installing etckeeper (see https://help.ubuntu.com/lts/serverguide/etckeeper.html or https://etckeeper.branchable.com/). The software automatically keeps track of all changes inside /etc by making daily commits or committing changes before package updates. I'd consider it quite useful. What do you think?

[alecmuffett]

That's awesome - I did look at etckeeper and found it kinda intimidating. Is it easy?

I am also wary of adding more than is necessary to get the job done, so was actually considering removing git from the draft...

[qbi]

I consider it quite easy. You just do a apt-get install etckeeper and set user.name plus user.email in git. That's all (at least from a Debian/Ubuntu perspective). The package will make a daily commit plus a commit before package upgrade/install. If the admin doesn't do anything, you'll just have those commits in your git history. But you can of course also issue etckeeper commit or etckeeper vcs $GIT_COMMAND to work with the repository.

I don't see any particular problems as long as the nobody tries to push the repository to some remote place. Because the entire /etc is in the repo and usually nobody wants their /etc/shadow or /etc/ssl/private in publix. :-)

[alecmuffett]

in pursuit of simplicity and focus, I think might bust this out to a later document.