Automating new-computer configuration: sanity check
Just thought about and had some thoughts on the last item on my list (reconfigure laptop after wiping it in order to install the F11-based POSSE remix) I wanted to sanity-check here...
I tend to favor the upgrade method of "nuke computer! fresh reinstall!" because I want to keep re-forcing myself through as close an approximation of the first-time user experience as possible (I figure other hackers will test out the other upgrade methods en masse). This means I spend perhaps a day or two a year just reconfiguring my laptop. I find this to be a useful time investment, since it keeps me fluent in new-laptop-setup, which means it's easier for me to help new users through their process (thereby learning more about what to develop/poke-at to make that experience more friendly, etc.) as well as keeping down the inevitable cruft that accumulates on my computer during the course of a release cycle. (I've also moved to a new physical at least once a year since I was 14, so perhaps this is a habit by now.)
However, as a lazy geek, I'd like to have the option of automating the process too. So I have two questions to ask the Fedora community:
- What's the best way to do this? I've saved .history before, but that doesn't account for all the things I changed about the way I use my laptop since my last install - is there a way to say "snapshot all the packages, plugins, files, configuration settings, etc. from this computer, and then splurt the same stuff into a fresh install of a different release (or maybe even a different distro; my package list is not particulary Fedora-centric, and it'd be good to cross-compare distro experiences), and tell me what broke?"
- How can I not be stupid about security while doing so? In particular, I am debating whether pulling my RSA/GPG/WEP/etc. keys as part of the automated process is possible to do in a non-idiotic way. I could put them in git repos, which is how I'll be pulling the rest of my (ok-to-be-public) stuff. (Private stuff is only on my computer + a backup hard drive at home right now.) I could password-protect the RSA key checkout (in its own repository, protected by a very, very strong password), then key-auth and check out the remainder of my private files. This makes me nervous, since a single password to protect all this stuff seems like A BAD IDEA. However, the alternative (put git repos on a thumbdrive instead) makes me equally nervous, because if I lose that thumbdrive, it's all over. (I could have multiple password-protected thumbdrives, yes. But combining two broken solutions does not make a good solution.)
Solutions? The disclaimer is that I know very little about security, other than that It Is A Good Thing, and something I should learn about more. (Total side note: I think it'd be hilarious to coauthor a crypto paper someday with people named Alice and Bob (and Eve, etc.) - my legal name is Mallory.)