diff options
| -rw-r--r-- | .chezmoi.toml.tmpl | 6 | ||||
| -rw-r--r-- | etc/kernel/cmdline | 1 | ||||
| -rw-r--r-- | etc/kernel/cmdline.tmpl | 1 | ||||
| -rw-r--r-- | justfile | 32 | ||||
| -rwxr-xr-x | run_onchange_after_deploy-etc.sh.tmpl | 16 |
5 files changed, 48 insertions, 8 deletions
diff --git a/.chezmoi.toml.tmpl b/.chezmoi.toml.tmpl index f41c11a..f7b1156 100644 --- a/.chezmoi.toml.tmpl +++ b/.chezmoi.toml.tmpl @@ -5,3 +5,9 @@ sourceDir = {{ .chezmoi.sourceDir | quote }} [diff] exclude = ["scripts"] + +[data] + # Block device holding the LUKS-encrypted root, without the /dev/ prefix + # (e.g. "nvme0n1p2", "sda2"). Resolved to a UUID at apply time via lsblk, + # used by etc/kernel/cmdline.tmpl. + luksRootPartition = {{ promptStringOnce . "luksRootPartition" "LUKS root partition (e.g. nvme0n1p2)" | quote }} diff --git a/etc/kernel/cmdline b/etc/kernel/cmdline deleted file mode 100644 index 341f153..0000000 --- a/etc/kernel/cmdline +++ /dev/null @@ -1 +0,0 @@ -rd.luks.name=81520bbc-1e7a-45e6-9465-cfc2e8b18945=root root=/dev/mapper/root rw quiet diff --git a/etc/kernel/cmdline.tmpl b/etc/kernel/cmdline.tmpl new file mode 100644 index 0000000..dab0461 --- /dev/null +++ b/etc/kernel/cmdline.tmpl @@ -0,0 +1 @@ +rd.luks.name={{ output "lsblk" "-no" "UUID" (printf "/dev/%s" .luksRootPartition) | trim }}=root root=/dev/mapper/root rw quiet @@ -521,7 +521,7 @@ etc-status: tmp=$(mktemp -d); trap 'rm -rf "$tmp"' EXIT find etc -type f ! -name .ignore 2>/dev/null \ - | sed 's|^etc/|/etc/|' | sort -u > "$tmp/managed" + | sed 's|^etc/|/etc/|; s|\.tmpl$||' | sort -u > "$tmp/managed" patterns=() if [ -f etc/.ignore ]; then @@ -564,19 +564,34 @@ etc-diff *paths: *..*|*/./*|./*|../*) echo "error: unsafe path: $raw" >&2; exit 1 ;; esac p=${raw#/}; p=${p#etc/} - live=/etc/$p + live=/etc/${p%.tmpl} repo=etc/$p if [ ! -f "$repo" ]; then - echo "skip: $live (not a regular file in etc/)" >&2; continue + if [ -f "$repo.tmpl" ]; then + repo=$repo.tmpl + live=/etc/$p + else + echo "skip: $live (not a regular file in etc/)" >&2; continue + fi + fi + # Render .tmpl sources so the diff reflects what would actually deploy. + if [ "${repo%.tmpl}" != "$repo" ]; then + rendered=$(mktemp) + chezmoi execute-template <"$repo" >"$rendered" + repo_for_diff=$rendered + else + repo_for_diff=$repo + rendered= fi # Fast path for world-readable files; doas fallback only when needed (e.g. /etc/doas.conf 0600). if [ -r "$live" ]; then - diff -u --label "$live" --label "$repo" "$live" "$repo" || true + diff -u --label "$live" --label "$repo" "$live" "$repo_for_diff" || true elif doas test -f "$live"; then - diff -u --label "$live" --label "$repo" <(doas cat "$live") "$repo" || true + diff -u --label "$live" --label "$repo" <(doas cat "$live") "$repo_for_diff" || true else echo "skip: $live (missing or not a regular file on host)" >&2 fi + [ -n "$rendered" ] && rm -f "$rendered" done # Diff live /etc/<path> against pristine pacman version (defaults to all repo-managed files) @@ -726,6 +741,13 @@ etc-re-add *paths: fi changed=0 for p in "${targets[@]}"; do + # Template sources can't be reverse-rendered; skip with a note. + case "$p" in + *.tmpl) + echo " skip .tmpl: etc/$p (edit the template manually)" + continue + ;; + esac live=/etc/$p repo=etc/$p [ -e "$live" ] || { echo " missing live: $live (skipped)"; continue; } diff --git a/run_onchange_after_deploy-etc.sh.tmpl b/run_onchange_after_deploy-etc.sh.tmpl index 04f72c1..e72b374 100755 --- a/run_onchange_after_deploy-etc.sh.tmpl +++ b/run_onchange_after_deploy-etc.sh.tmpl @@ -2,12 +2,24 @@ # Deploy system-level configs from etc/ to /etc/. # chezmoi re-runs this script whenever any file under etc/ changes. # etc/ content hash: {{ output "sh" "-c" (printf "cd %q && find etc -type f ! -name .ignore -exec sha256sum {} + | LC_ALL=C sort" .chezmoi.sourceDir) | sha256sum }} +# luks root uuid: {{ output "lsblk" "-no" "UUID" (printf "/dev/%s" .luksRootPartition) | trim }} set -eu cd "$CHEZMOI_SOURCE_DIR" find etc -type f ! -name .ignore | while IFS= read -r src; do - dest="/${src}" - doas install -D -m 0644 -o root -g root "$src" "$dest" + case "$src" in + *.tmpl) + dest="/${src%.tmpl}" + tmp=$(mktemp) + chezmoi execute-template <"$src" >"$tmp" + doas install -D -m 0644 -o root -g root "$tmp" "$dest" + rm -f "$tmp" + ;; + *) + dest="/${src}" + doas install -D -m 0644 -o root -g root "$src" "$dest" + ;; + esac done # doas refuses to parse /etc/doas.conf unless it's 0400 root:root |