this post was submitted on 08 Aug 2023
16 points (100.0% liked)

linux4noobs

1386 readers
1 users here now

linux4noobs


Noob Friendly, Expert Enabling

Whether you're a seasoned pro or the noobiest of noobs, you've found the right place for Linux support and information. With a dedication to supporting free and open source software, this community aims to ensure Linux fits your needs and works for you. From troubleshooting to tutorials, practical tips, news and more, all aspects of Linux are warmly welcomed. Join a community of like-minded enthusiasts and professionals driving Linux's ongoing evolution.


Seeking Support?

Community Rules

founded 1 year ago
MODERATORS
 

You can backup your config files before editing them, like this:

cp configbeingedited.conf configbeingedited.conf__orig_datestring

This way, when things break or don't function how you like, you can easily copy the original config file back into position, restoring the original functionality.

top 12 comments
sorted by: hot top controversial new old
[–] astral_avocado 5 points 1 year ago (1 children)

I generally keep my config files stored in the GitHub repo for version control, and then actual secrets are pulled dynamically from a secret store.

[–] lambda 1 points 1 year ago (1 children)

Secret store? Mind sharing links on what that means? I assume it's something you can self host?

[–] astral_avocado 1 points 1 year ago (1 children)

Specifically AWS secrets manager, I know there's others like if you're using Ansible there's Ansible Vault. The point is that it's a separate service that keeps all your secrets encrypted at rest and to access them you need an initial authentication.

[–] zlatko 3 points 1 year ago (1 children)

I've been meaning to get the ansible thing. Not for my home computers, my dotfiles are on GitHub, SSH keys offline, stuff backed up. But I always think that if my poor hetzner box dies, I'll have a lot of fun getting it all back up :/

[–] astral_avocado 2 points 1 year ago (1 children)

😂 Honestly Ansible can be a little obtuse at times, I'm having a much better time with having all my stuff defined in Docker and deployed via docker-compose or Terraform for non-self-hosted stuff. Ansible can be a lot of effort but I can also see it being better in the long run.

Then there's the NixOS people.. people swear by that. I haven't dived into that whole world yet.

[–] zlatko 2 points 1 year ago

Yeah NixOS is my other alternative, but I think that rabbit hole is much more deep than the Ansible one :)

I also manage my few self-hosted things and play-things with docker-compose on my box, but who manages docker-compose files? :) And nginx config, and network-related stuff etc etc. I am too lazy but I guess I will have to bite the bullet and after 20 years of manually doing it all and backing up raw and praying, actually figuring out the next level.

[–] ndotb 4 points 1 year ago (3 children)

Go ahead and graduate to etckeeper if you're targeting /etc

[–] astral_avocado 4 points 1 year ago

Never knew about this tool, good to know!

[–] [email protected] 2 points 1 year ago

A good tip for setting up a tool to automate this process.

[–] [email protected] 2 points 1 year ago

I tend to make a .bak file before changes. There is nothing worse than fixing one config item only to realize later something else broke and not being sure what it was that changed and no easy way to revert. I'm guilty of having many .bak configs that are poorly named. I hadn't heard of etckeeper before. That looks real handy for me. Thanks for sharing

[–] Andy 2 points 1 year ago (1 children)

Some Zsh:

bak () {
  emulate -L zsh
  for 1 {
    cp -i $1 $1.bak
    ls -l $1 $1.bak
  }
}
[–] [email protected] 2 points 1 year ago

This is a clean way to make your own new command called 'bak', to automate making a second copy of the file.