dotfiles/etc/.ignore, branch master

feat(etc/.ignore): exclude getty@tty1 override (contains username)

2026-04-21T00:23:49Z

feat(etc): diff/upstream-diff/add/reset recipes + ignore fstab

2026-04-21T00:23:48Z

- etc-diff: diff repo-managed etc/ vs live /etc (defaults to all) - etc-upstream-diff: diff live /etc vs pristine pacman archive (defaults to pacman -Qkk modified set) - etc-add: copy /etc/ into the repo's etc/ tree - etc-reset: restore pristine via bsdtar -xpf, or rm if unowned; refuses managed paths without --force - ignore /etc/fstab (host-specific UUIDs/layout) - path-traversal guards on all recipe inputs - regular-file-only enforcement (no symlinks/dirs) - fail-fast with clear message if mirror can't supply installed version

fix(etc-drift): match real pacman -Qkk "backup file:" prefix format

2026-04-21T00:23:47Z

Pacman emits lines like "backup file: : ()", not the "(Modified backup file)" suffix format. Anchor the path extraction to /etc/ to avoid catching stderr warnings interleaved into a line. Also extend etc/.ignore with /etc/{passwd,group,shells} — system-managed identity files that surfaced in the new drift output.

feat(etc/.ignore): exclude wireguard .network (contains public IPs)

2026-04-21T00:23:47Z

feat(etc/.ignore): exclude wireguard .netdev (contains PrivateKey)

2026-04-21T00:23:47Z

feat(etc/.ignore): filter pacsave/pacnew, hostname, xml/catalog

2026-04-21T00:23:46Z

feat(etc): drift detection + auto-enumerating deploy template

2026-04-21T00:23:46Z

- `just etc-drift` reports /etc files modified from pacman defaults (via pacman -Qii) and user-created files (via pacman -Qo), subtracting already-managed paths and patterns listed in etc/.ignore. - Refactor run_onchange_after_deploy-etc.sh.tmpl to enumerate files under etc/ automatically via find; single combined hash via chezmoi output + sha256sum, so new files only need to be dropped into etc/. - etc/.ignore seeds noise filters: machine-id, ssh host keys, pacman keyring, mirrorlist, shadow/passwd backups, sbctl keys, ca-certs.