Better question: Have you looked into infrastructure as code? (IaaC) you can define everything in a Git repo and then create everything in a repeatable way.
this post was submitted on 08 Apr 2025
56 points (100.0% liked)
Selfhosted
45843 readers
394 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
I keep my server backups on a dedicated backup server.
real question though is do you back up your backup server?
Not yet.
- Create git repo
- Put all config in git repo
- Create repo on codeberg
- Clone git repo to both VPS and laptop
No extra money needed
Make sure to not check in secrets in plaintext. git crypt is one way to encrypt secrets before checking them in.
I suggest SOPS
Terraform sensitive variables and AWS secrets manager? ^^
I don't like big corporations so I wouldn't do that, but sure
Codeberg sounds like a good way! I was concerned about server config being stored on self-hosted forgejo (which is configured by the very server config), turns out that need not be the case.
Edit: Was asking about the config targetting process for git (not how to use git) and was going to ask an AI to do some googling for me.
Please don't use AI for simple things like this.
The Odin Project has a tutorial on Git Basics and a guide on Setting Up Git. The instructions are roughly the same whether on Github, Codeberg, etc.
Once you have the repository, it's as simple as:
git add .
git commit -m "Updated config"
git push origin main
Please don't use AI for simple things like this.
Simple things seems like the best use of AI
Ansible if you want to do it the right way.
Or keep all of your configs in one tree and use syncthing on it If you want to phone it in. Turn on versioning call it a night.
Thanks! I gotta get my hands on Ansible, was reluctant as I've heard it can be complicated. Should see myself!
Ansible's not all that bad. The alternatives are far more complicated.
Jeff geerling has a bunch of videos on ansible 101.
I'd get familiar with deploying these with some infrastructure-as-code tools, and keep a git repo. Ansible is pretty easy to get started with.
Git might be over engineered for this purpose. Maybe SVN?
You joking?
No. Git is inefficient for small numbers of files. Just do a “find | wc” and/or a “du -hs” in your repository folder. SVN exists for a reason.
Look at tools like kopia and restic. Depending on how much data you have, it should be relatively cheap to back up to backblaze b2.
If you haven't played with Pulumi (for configuring cloud services) and Ansible (for local services, shell commands, apt installs etc) you may enjoy them as a way to capture / re-apply configuration.
Etckeeper
Most of the time the VPS provider offers some backup solution. It's not only about your configuration files which can easily be recreated, but about all the user data like pictures databases, etc. Which once lost can't be recovered.
Best practice is a 3-2-1 backup: https://www.backblaze.com/blog/the-3-2-1-backup-strategy/
But you could back up your stuff on your laptop if you want, it's not such a bad idea actually. For that you trigger the backup script from your laptop, you can do it automatically there too. This makes sure that the laptop is on while you're doing the backup.
The easiest way is a crown job and a bash file which runs a couple of rsync commands to get specific files and directories from the server via ssh.
A more involved way would be a backup system like restic, which does a lot of things for you but is a bit more involved to set up.
Lots of good ideas.
I'm a fan of stow-like tools, but there are advantages to using something like Salt (or similar) if you're dealing with VPSes that share don't common configs like firewalls. There's a lot to learn with things like salt/chef/puppet/attune/ansible, whereas something like yas-bdsm, which is what I'm currently using, is literally just:
- Keep your configs in a git repos, in a structure that mirrors your target
- Run a command and it creates symlinks for the destination files
- Commit your changes and push them somewhere. Or just restic-backup the repos.
The config file formats are irrelevant; there's no transformation logic to learn. Its greatest feature is its simplicity.