diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-13 13:43:39 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-13 13:43:39 +0100 |
| commit | 2026f98babdcdd34c09eb59479a02a5603fc70a2 (patch) | |
| tree | 9efa6f4ca03c314ad6f7e3f484864f409d6837c3 /etc | |
| parent | fef8129ccaf0fc439ff1d1a117b26654f58efc78 (diff) | |
| download | dotfiles-2026f98babdcdd34c09eb59479a02a5603fc70a2.tar.gz dotfiles-2026f98babdcdd34c09eb59479a02a5603fc70a2.tar.bz2 dotfiles-2026f98babdcdd34c09eb59479a02a5603fc70a2.zip | |
feat(lostfiles): filter known/private/cache paths via auto-synced ignore
Upstream lostfiles has no extension mechanism; the weekly report ends
up dominated by files this repo intentionally deploys plus host-private
files we deliberately don't track plus regenerated GTK caches.
Add etc/lostfiles.ignore.tmpl which renders /etc/lostfiles.ignore from
two sources:
1. Every file under etc/ in the repo (auto-enumerated at chezmoi-apply
time, same find-sort pattern the etc deploy script uses). This
keeps the ignore list in sync with what we actually deploy with
zero manual maintenance.
2. A static block for: the sudo-i symlink, host-private
systemd-networkd units (99-hodor*, 99-mandibles*) which contain
WireGuard secrets, the getty@tty1 autologin override which
contains the username, and known pacman-hook-generated caches
under /usr/lib/{gdk-pixbuf-2.0,gtk-4.0}/.
Wrap /usr/bin/lostfiles in lostfiles.service via grep -vFxf, with a
fallback when /etc/lostfiles.ignore doesn't yet exist (first deploy).
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/lostfiles.ignore.tmpl | 35 | ||||
| -rw-r--r-- | etc/systemd/system/lostfiles.service | 2 |
2 files changed, 36 insertions, 1 deletions
diff --git a/etc/lostfiles.ignore.tmpl b/etc/lostfiles.ignore.tmpl new file mode 100644 index 0000000..dee9be7 --- /dev/null +++ b/etc/lostfiles.ignore.tmpl @@ -0,0 +1,35 @@ +{{- /* + Auto-generated ignore list for /usr/bin/lostfiles. + Consumed by lostfiles.service via grep -vFxf. + + The first block is the absolute path of every file this repo deploys + under /etc/, computed at chezmoi-apply time from the source tree — + adding or removing files in etc/ keeps this in sync automatically. + + The second block lists host-private files (we deliberately don't + track these) and generated caches (pacman post-install regenerates + them, so they will never be pacman-owned). +*/ -}} +{{ output "sh" "-c" (printf "cd %q && find etc -type f ! -name .ignore | sed -e 's|^etc|/etc|' -e 's|\\.tmpl$||' | LC_ALL=C sort -u" .chezmoi.sourceDir) -}} +# sudo-rs deploy script symlinks /etc/pam.d/sudo-i -> sudo +/etc/pam.d/sudo-i +# Host-private systemd-networkd units (contain secrets, not tracked) +/etc/systemd/network/99-hodor.netdev +/etc/systemd/network/99-hodor.network +/etc/systemd/network/99-mandibles.netdev +/etc/systemd/network/99-mandibles.network +# Host-private getty autologin override (contains username, not tracked) +/etc/systemd/system/getty@tty1.service.d +/etc/systemd/system/getty@tty1.service.d/override.conf +# Generated caches (pacman hooks regenerate; never package-owned) +/usr/lib/gdk-pixbuf-2.0 +/usr/lib/gdk-pixbuf-2.0/2.10.0 +/usr/lib/gtk-4.0 +/usr/lib/gtk-4.0/4.0.0 +/usr/lib/gtk-4.0/4.0.0/media +/usr/lib/gtk-4.0/4.0.0/media/giomodule.cache +/usr/lib/gtk-4.0/4.0.0/printbackends +/usr/lib/gtk-4.0/4.0.0/printbackends/giomodule.cache +# Runtime state directories +/etc/iwd +/etc/userdb diff --git a/etc/systemd/system/lostfiles.service b/etc/systemd/system/lostfiles.service index 4d94a18..d2df9e4 100644 --- a/etc/systemd/system/lostfiles.service +++ b/etc/systemd/system/lostfiles.service @@ -7,4 +7,4 @@ ConditionPathExists=/usr/bin/lostfiles Type=oneshot Nice=19 IOSchedulingClass=idle -ExecStart=/bin/sh -c '/usr/bin/lostfiles >/run/lostfiles.txt.tmp && mv /run/lostfiles.txt.tmp /run/lostfiles.txt' +ExecStart=/bin/sh -c '/usr/bin/lostfiles | { if [ -f /etc/lostfiles.ignore ]; then grep -vFxf /etc/lostfiles.ignore; else cat; fi; } >/run/lostfiles.txt.tmp && mv /run/lostfiles.txt.tmp /run/lostfiles.txt' |