diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-04-21 01:23:46 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-04-21 01:23:46 +0100 |
| commit | 372b8b27a64179602a8c81fe9d12931ebb5b8cef (patch) | |
| tree | d0b7ccd2c11cf9f02fa422f2c95e64278690350c /run_onchange_after_deploy-etc.sh.tmpl | |
| parent | 9f74c9a819396d766f735ec2cc3339fb1659a716 (diff) | |
| download | dotfiles-372b8b27a64179602a8c81fe9d12931ebb5b8cef.tar.gz dotfiles-372b8b27a64179602a8c81fe9d12931ebb5b8cef.tar.bz2 dotfiles-372b8b27a64179602a8c81fe9d12931ebb5b8cef.zip | |
feat(etc): drift detection + auto-enumerating deploy template
- `just etc-drift` reports /etc files modified from pacman defaults
(via pacman -Qii) and user-created files (via pacman -Qo), subtracting
already-managed paths and patterns listed in etc/.ignore.
- Refactor run_onchange_after_deploy-etc.sh.tmpl to enumerate files under
etc/ automatically via find; single combined hash via chezmoi output +
sha256sum, so new files only need to be dropped into etc/.
- etc/.ignore seeds noise filters: machine-id, ssh host keys, pacman
keyring, mirrorlist, shadow/passwd backups, sbctl keys, ca-certs.
Diffstat (limited to 'run_onchange_after_deploy-etc.sh.tmpl')
| -rwxr-xr-x | run_onchange_after_deploy-etc.sh.tmpl | 26 |
1 files changed, 7 insertions, 19 deletions
diff --git a/run_onchange_after_deploy-etc.sh.tmpl b/run_onchange_after_deploy-etc.sh.tmpl index 225ceac..04f72c1 100755 --- a/run_onchange_after_deploy-etc.sh.tmpl +++ b/run_onchange_after_deploy-etc.sh.tmpl @@ -1,26 +1,14 @@ #!/bin/sh -# Deploy system-level configs from etc/ to /etc/ -# chezmoi re-runs this script when any hash below changes. -# {{ include "etc/doas.conf" | sha256sum }} -# {{ include "etc/modules-load.d/tcp_bbr.conf" | sha256sum }} -# {{ include "etc/pacman.d/hooks/orphans.hook" | sha256sum }} -# {{ include "etc/sysctl.d/99-sysctl.conf" | sha256sum }} -# {{ include "etc/systemd/system.conf.d/timeout.conf" | sha256sum }} -# {{ include "etc/xdg/reflector/reflector.conf" | sha256sum }} +# Deploy system-level configs from etc/ to /etc/. +# chezmoi re-runs this script whenever any file under etc/ changes. +# etc/ content hash: {{ output "sh" "-c" (printf "cd %q && find etc -type f ! -name .ignore -exec sha256sum {} + | LC_ALL=C sort" .chezmoi.sourceDir) | sha256sum }} set -eu -for f in \ - doas.conf \ - modules-load.d/tcp_bbr.conf \ - pacman.d/hooks/orphans.hook \ - sysctl.d/99-sysctl.conf \ - systemd/system.conf.d/timeout.conf \ - xdg/reflector/reflector.conf -do - doas mkdir -p "/etc/$(dirname "$f")" - doas cp --remove-destination "$CHEZMOI_SOURCE_DIR/etc/$f" "/etc/$f" +cd "$CHEZMOI_SOURCE_DIR" +find etc -type f ! -name .ignore | while IFS= read -r src; do + dest="/${src}" + doas install -D -m 0644 -o root -g root "$src" "$dest" done # doas refuses to parse /etc/doas.conf unless it's 0400 root:root -doas chown root:root /etc/doas.conf doas chmod 0400 /etc/doas.conf |