1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • Re: Current best practices for system configuration =?UTF-8?Q?managemen

    From Linux-Fan@21:1/5 to Mike Castle on Fri Apr 19 17:30:01 2024
    This is a MIME GnuPG-signed message. If you see this text, it means that
    your E-mail or Usenet software does not support MIME signed messages.
    The Internet standard for MIME PGP messages, RFC 2015, was published in 1996. To open this message correctly you will need to install E-mail or Usenet software that supports modern Internet standards.

    Mike Castle writes:

    For a while now, I've been using `equivs-build` for maintaining a
    hierarchy of metapackages to control what is installed on my various machines. Generally, I can do `apt install mrc-$(hostname -s)` and
    I'm golden.

    Now, I would like to expand that into also setting up various config
    files that I currently do manually, for example, the `/etc/apt/*`
    configs I need to make the above work. For a single set of files,

    [...]

    My first thought was to simply add a `Files:` section to *.control
    files I use for my metapackages. After all, for configs going into
    *.d directories, they are usually easy to just drop in and remove, no
    editing in place required. But, that is when I discovered that all
    files under `/etc` are treated specially.

    [...]

    Hello,

    I can confirm from experience that Ansible can indeed scale down to as
    little as the one local machine that it is running from. It has a learning curve and at least to me it always felt a little clumsy to learn a YAML
    based scripting language for this purpose, but its a solid choice.

    Continuing the package-based approach is what I do because once some wrapper around the `debuild` commands was established, it became acceptably easy to use. I even maintain my “dotfiles” (not under $HOME but under /etc, but to
    a similar effect) this way: https://masysma.net/32/conf-cli.xhtml.

    With `config-package-dev` there are some tricks to even allow changing (config) files supplied by other packages.

    The disadvantage with the package-based approach is that it is heavily distribution-specific and also if you mess anything up, a core component of the OS (package management) can become broken - I luckily never broke it to the extent that recovery was impossible, but in the beginning ran a
    dedicated test VM to validate all package changes prior to installing them
    on my main system

    I have also heard good things about Nix and if I had to start again from scratch today, I'd probably invest time into learning that technology. Right now I am sufficiently satisfied with the package-based approach to not look into it yet.

    HTH
    Linux-Fan

    öö

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEkKMBOo1F/f2B6jfK+Elw7bKeCLUFAmYijWwACgkQ+Elw7bKe CLWeuw//TrZd7/R3/uJf5AEOjBnXLi90rJdyTFCdIeyQj6dT2m4U8CUQzdN4nNte Qn5OCEWa4g/1JvTRegK7UnBWMZ0QapAVeteHjl9cb3crbxPnXrXIJWJhw5x8m5Qi eVoQUas0ZumMBtcvyQTodW6tXVW9/dcquOJ7rHTMjQ/+kLQ+XKwvrvXGmN/Yfrc9 m4BmPAhjr1kwS6CQjvMD798ZJO/QejHccRdFzYl+Zl69Lr5YVygt0uKIKkQ+J1se Xlvwx6w8l4D5TfEjthwxLfY8Hkn3O0t3rvYoP5kkUTDKTMKLOJcLa68eJwzZ6IPh xJA8LOlcMjRV2cj/qT4LxRt8Cwfa5SlhvGNIgwMoYVIYN0VvcoMpt86/nS6TAaR4 r2C329+WP8G0qwmVik+BR5jfCWny9WnRLadVxvwIcy1n+oZPXoCbkxrVKTkKX2J2 EJYAIfWGEfPqvc7W5sMw6Mllf8cphMM6aL5O0WrL8sW3uxELAW6mLn/fOiVgv4cM 73btYbgP23ce9QB7XYM1wFePR81w1C8LRK/8dn0nbF1a/yGSQWGKmCmbnGl11Imx V6Gq91cA4NoLGFdfs+Al2Gv5U1MegGlSBOVE8o8Fm07T9738hFpWy16tI8bmPBIP 6IDmQoq2843W6A4AhOYQXNN49ZmaFND1cMoAtNvfceaAcm7GzFY=
    =V/mk
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Linux-Fan@21:1/5 to Mike Castle on Wed Apr 24 18:30:01 2024
    This is a MIME GnuPG-signed message. If you see this text, it means that
    your E-mail or Usenet software does not support MIME signed messages.
    The Internet standard for MIME PGP messages, RFC 2015, was published in 1996. To open this message correctly you will need to install E-mail or Usenet software that supports modern Internet standards.

    Mike Castle writes:

    Hah!

    https://lists.debian.org/debian-user/2013/08/msg00042.html

    Yes, that was me > 10a ago. Transitioning from these scripts to ant allowed came with a few improvements:

    * I switched all package building to `debuild` in favor of using more
    low-level tools for `raw` packages before.

    * I was able to establish some sort of “buld upon new commit” poor man's
    local CI -- I experimented with some fully-fledged systems like Concurse CI
    and GitLab, too, but they were all too much for my local-first
    activities....

    * When resources were required from external locations (e.g. source code
    downloads), that set of scripts did not provide for any automatism in this
    regard. One of my continuous goals is to split between “my settings” and
    some re-downloadable files. It was only achieved partially back then and
    the ant-approach takes it much further :)

    Still, in many ways the ant does not do much more than the scripts linked at the
    message above. If you are about to create your own scripts (which is
    probably a better idea than trying to use my scripts anyways :) ) the shellscripts may be easier to understand.

    HTH
    Linux-Fan

    öö

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEkKMBOo1F/f2B6jfK+Elw7bKeCLUFAmYpMx0ACgkQ+Elw7bKe CLWUhA//UKpv2eYTWoj2O5amDmuszKhfrZpbHdUrDjd+f7iE6Y6eWac0Msv6yxr7 X2jZoKoZdDD+t6mCVyKtNfvcZHKLwJEkwum5hZp2YqVYn4Q19TJegkiyR0ftb4p6 qFMvJGvvpzJmaO9+UhwzLG3yRkIlQprzUdUXop5R88OnOoYmniJv5V+eWEZa31yG 8NNIk3bpM2Nrd2QjMLHW7uYGWwZVt/39VIgxWr4IeeKvsTWmbUROPy/hHxysR9Xq C/8CeMsaMz0O5WOBG/xmbAJ224TNQoDbs2Gwg6Z7YLx3SFIUJn461QKhnEATGxRZ LnwyQ/Vebqd3DsIU3pI1/57oSzRd0EZJUU4cILAvLJEOoGXc4e63AFtoDz0PXrw5 LgbQZ8KZ9wgB3bFgJXpo11AU53D8qznRIa9MHbQUBJv4mEhDxgJ4ws/Q4F015NWo gZqAo4/hldmmMCnmUX+9gmPG2CMPUcutEpbKkX/bVkZ5g9avyQnibwN0zrUnY+XD uwer/V8Y14XeizxprE/ShGFBS1XGeyVPWOLv+TNaezZta3DOo+WEM6YQC9eEp6W1 jGbFmVRAyEGA8zICwUdeM0cXS4fXQ92UJ68Dj6EstRoiYJ6NR1N2aQ8agGqeexO8 1aP0fLIAjrxr/D8q7BhCOgFDE0z+jDFjmHL/35a7j7dfrYhXtuk=
    =5f3c
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)