Linux Config File Version Control & Backup on GitHub
Linux famously stores all of its settings in files, making it easy to inspect, query, or backup the configuration with a plethora of tools, including Git. However, given that Git was conceived by the Linux community, there is surprisingly little integration. As a developer, I am used to managing everything with Git. Depending on my current degree of paranoia, I may put nearly or literally everything into version control. So where’s Git for Linux config files?
At vast limits, we’re backing up all our machines, of course. “Traditional” backup tools allow us to quickly restore entire machines in case of catastrophic failures. But there are other types of errors that such traditional backup programs are not covering well: managing configuration state. When you’re used to working with Git, you expect every configuration change to be traceable. You want visibility and transparency. Traditional backup software does not provide that.
When I realized what was missing I started looking for existing solutions. Interestingly, I did not find much, specifically not a lightweight tool that could be set up easily. I did find Manuel Laggner’s Config file backup with Git, though, and started to build my own based on his idea.
The principle is simple but allows for a lot of flexibility:
- Step 1: we create a Git repository in a dedicated directory and run a script that copies all configuration files we want to back up into it.
- Step 2: we commit the changes in the repository and push to GitHub.
A lot of the magic is performed by Git automatically behind the scenes. After the initial full backup Git detects what was changed in between backup runs and does a kind of differential backup. We are not concerned with backup size here, though, we’re interested in Git’s ability to show us what exactly changed at any point in time. Do you want to find out when TLS 1.1 was disabled on your webserver? Just look at the changes to Apache’s configuration files. Git only lists differences and many UIs color-code changed sections for even better visibility.
Where do we interact with backup sets – in a tiny text-only SSH window connected to a server’s console? Of course not! After all, all the data is synchronized to GitHub. We have all the amenities of GitHub’s web UI and we can even grant access to other members of our team.
- Head over to the GitHub project OS-Conf-Backup-Linux.
- Follow the steps in the readme. It should not take more than a few minutes.
When you’re planning to sync your machine’s configuration files to a central Git repository, you need to store Git credentials per machine, not per user. When you’re using Git credentials per machine, you want to make sure those credentials only allow minimal access, specifically to the machine’s repository only. That sounds like a pretty basic requirement for any Git hosting service. Sadly, our go-to Git host Azure DevOps fails miserably (a post on the specifics is upcoming). GitHub, on the other hand, is more forthcoming with its SSH deploy keys that grant access to a single repository only. So I chose GitHub as the storage provider for our machine backup data even though I would have preferred Azure DevOps because we are using it for everything else that we don’t want to publish publicly.