diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-04-21 01:23:46 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-04-21 01:23:46 +0100 |
| commit | 372b8b27a64179602a8c81fe9d12931ebb5b8cef (patch) | |
| tree | d0b7ccd2c11cf9f02fa422f2c95e64278690350c /justfile | |
| parent | 9f74c9a819396d766f735ec2cc3339fb1659a716 (diff) | |
| download | dotfiles-372b8b27a64179602a8c81fe9d12931ebb5b8cef.tar.gz dotfiles-372b8b27a64179602a8c81fe9d12931ebb5b8cef.tar.bz2 dotfiles-372b8b27a64179602a8c81fe9d12931ebb5b8cef.zip | |
feat(etc): drift detection + auto-enumerating deploy template
- `just etc-drift` reports /etc files modified from pacman defaults
(via pacman -Qii) and user-created files (via pacman -Qo), subtracting
already-managed paths and patterns listed in etc/.ignore.
- Refactor run_onchange_after_deploy-etc.sh.tmpl to enumerate files under
etc/ automatically via find; single combined hash via chezmoi output +
sha256sum, so new files only need to be dropped into etc/.
- etc/.ignore seeds noise filters: machine-id, ssh host keys, pacman
keyring, mirrorlist, shadow/passwd backups, sbctl keys, ca-certs.
Diffstat (limited to 'justfile')
| -rw-r--r-- | justfile | 42 |
1 files changed, 42 insertions, 0 deletions
@@ -179,6 +179,48 @@ services-drift: # ═══════════════════════════════════════════════════════════════════ +# System config (/etc) +# ═══════════════════════════════════════════════════════════════════ + +# Show /etc drift: package configs modified from defaults, plus user-created files +etc-drift: + #!/usr/bin/env bash + set -eo pipefail + tmp=$(mktemp -d); trap 'rm -rf "$tmp"' EXIT + + find etc -type f ! -name .ignore 2>/dev/null \ + | sed 's|^etc/|/etc/|' | sort -u > "$tmp/managed" + + patterns=() + if [ -f etc/.ignore ]; then + while IFS= read -r line; do + [[ -z "$line" || "$line" =~ ^[[:space:]]*# ]] && continue + patterns+=("$line") + done < etc/.ignore + fi + + keep() { + local path=$1 + grep -qxF "$path" "$tmp/managed" && return 1 + for pat in ${patterns[@]+"${patterns[@]}"}; do + [[ "$path" == $pat ]] && return 1 + done + return 0 + } + + echo "=== /etc drift ===" + echo "--- modified package configs ---" + pacman -Qii 2>/dev/null | grep -oP 'MODIFIED\t\K/\S+' | sort -u \ + | while IFS= read -r p; do keep "$p" && echo " modified: $p"; done + + echo "--- user-created (no owning package) ---" + find /etc -xdev -type f -print0 2>/dev/null \ + | xargs -0 pacman -Qo 2>&1 >/dev/null \ + | sed -n 's/^error: No package owns //p' | sort -u \ + | while IFS= read -r p; do keep "$p" && echo " unowned: $p"; done + + +# ═══════════════════════════════════════════════════════════════════ # Package management # ═══════════════════════════════════════════════════════════════════ |