Source Control /etc dot config files in *nix

Motivation

For the past few years, I am using NixOs, as my primary OS, and all configuration files of the NixOs is located in /etc/nixos folder. I needed to find a way to manage configuration files in /etc folder, and few options is available to manage and source control config files not owned by the user.

One option to create a separate git repository and, on every change, copy/paste modified files into the configuration repository in the user’s home folder. This solution is troublesome at best as you need to perform few steps to source control the system files.

Another option is to use git as the root user and create a repository in the folder where configuration files are located. This solution is not optimal as every time configuration files changes, and you need to login as root, commit and push the changes, and security concern as we do not want root access to git. “NixOs allows installing application binaries specific for the user who need the app to use, in my case, I use git only for the main user, and root does not have git installed.”

Solution

Last year I started using git bare repositories that allow me to manage /etc configuration files that are own by root with the main user.

The difference between a standard repository created using the git init, and the git init --bare?

Repositories created with the git init command are called working directories. In the top-level folder of the repository, we can see:

1. .git subfolder with all the git related revision history of the repository.
2. working tree, or checked out copies of your source controlled files.

Repositories created with git init --bare contain no working or checked out a copy of your source files. Bare repositories store the git revision history of your repo in the root folder of your repository instead of in a .git subfolder.

Where do I start?

First, let’s create a bare repository in user’s $HOME directory.

git init --bare $HOME/bare_repo/

The second step is to create an alias for git to operate on the bare repo.

git-bare = "git --git-dir=$HOME/bare_repo/ --work-tree=/etc/nixos"

Hint: In the above case I added only /etc/nixos folder. You can add all config files in /etc if you are not using NixOs

Now we can add all files in the folder to be tracked

git-bare add .

Hint: You can add only individual files to be tracked by git bare repo instead of all files Ex. git-bare add file_name

The last step is to configure git to not show or alert on untracked files.

git-bare --local status.showUntrackedFiles no

Now we can add the repository to Github.

git-bare remote add origin git@github.com:user/repo.git

Hint: Make sure you already have a GitHub repository before adding remote

You can use an alias as a git command for bare repositories.

git-bare status
git-bare log
git-bare commit -am "commit message"
git-bare push

Note: The only limitation of the above solution is that you can’t pull the configuration files from the remote, as the command runs as a user, but the root owns the files.

Sources:
https://www.atlassian.com/git/tutorials/dotfiles
https://www.youtube.com/watch?v=tBoLDpTWVOM