| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Split concerns: fmt-check (check-fmt) from lint. check-fmt mirrors fmt
with each tool's --check/-d flag. check runs both as a single quality
gate. A new .githooks/pre-commit runs 'just check' on every commit;
bypass with git commit --no-verify.
Also drop just --fmt --check and prettier --check from the lint recipe
(they're format checks, belong in check-fmt).
|
| |
|
|
|
| |
Required by the 'just lint' and 'just fmt' recipes for lua linting and
TOML format/lint respectively.
|
| |
|
|
|
|
|
|
|
|
| |
Inline directives for cases where the linter's shell/language dialect
doesn't match reality:
- init.lua: _G.P helper is intentional
- dot_zprofile: zsh tied arrays, $+commands, optional sourcing
- dot_zshrc: zsh brace-group-as-function-body
- ipython_config: 'c' is injected by IPython at load time
- doasedit: /bin/sh on Arch is bash, -O test is supported
|
| |
|
|
| |
Also removes a stray ANSI escape in treesitter.lua.
|
| |
|
|
|
|
| |
Module-local function avoids selene's incorrect_standard_library_use
lint and stops polluting the os namespace. Inner url variable renamed
to remove shadowing warning.
|
| |
|
|
|
|
| |
Rename nvim.yml to selene-globals.yml (more accurate scope). Add the
mpv scripting 'mp' global alongside neovim's 'vim'. Allow mixed_table
since it's idiomatic in lazy.nvim/which-key specs.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two recipes with matching shape:
just fmt # format the whole repo
just fmt <path> # format one file (dispatch by ext/filename/shebang)
just lint # lint the whole repo
just lint <path> # lint one file
Dispatch:
.lua stylua / selene
*.sh + sh shebang shfmt / shellcheck
.zshrc/.zprofile (no fmt) / shellcheck --shell=bash (best-effort)
.py ruff format / ruff check
justfile just --fmt / just --fmt --check
.toml taplo format / taplo lint
.md/.json/.jsonc/.yaml/.yml/.css prettier --write / --check
If a required tool is missing, the recipe aborts with an install hint
naming the package. Whole-repo mode aggregates non-zero exits in lint
so you see every issue in one pass.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add minimal config for the upcoming fmt/lint recipes:
- .stylua.toml: stylua-specific knobs only; indent/line-length/eol
continue to come from .editorconfig (stylua reads it natively).
- selene.toml + nvim.yml: lua51 base plus a 'vim' global so neovim
config files don't get flagged as undefined.
- .prettierrc.json: double quotes, trailing commas, 80-col, preserve
prose wrap (avoid reflowing markdown).
All four ignored by chezmoi so they stay repo-only.
|
| |
|
|
|
|
|
|
|
|
| |
'bsdtar -xOf | doas tee' wrote pristine content but with mtime=now,
which caused 'pacman -Qkk' (and therefore 'just etc') to still flag
the file as drifted — pacman compares stored metadata, not content.
Switch to 'doas bsdtar -xpf <archive> -C / <file>', which extracts
the single file in place with its original owner, mode, and mtime
from the package archive.
|
| |
|
|
|
|
|
|
|
|
| |
Sibling to etc-reset but operates directly on /etc (via doas tee)
and never touches the repo. Use when a live file has drifted from
pristine but you don't want to track it:
just etc-restore /etc/systemd/resolved.conf
Previously this required a 2-step dance (etc-add + etc-untrack).
|
| | |
|
| |
|
|
|
|
|
|
|
| |
All 44 lines are comments/section headers — zero active settings.
Tracking was useless: no real state to preserve, and 'just etc'
would surface any future drift anyway.
The live /etc/systemd/resolved.conf on the host is unaffected;
chezmoi's deploy-etc script only installs files, never removes.
|
| |
|
|
|
|
|
| |
Type=ether and Type=wlan match every interface of that class.
Add comments pointing out that future USB/Thunderbolt dongles
would get auto-enslaved into bond0, and how to narrow the match
if that becomes undesirable.
|
| |
|
|
|
|
|
| |
Having only the 'default' preset means no safety net if the main
initramfs ever fails to boot (broken firmware update, microcode
regression, hook misconfig). The fallback image is ~40 MB and
regenerates with every kernel update — cheap insurance.
|
| |
|
|
|
|
|
|
| |
Pristine /etc/xdg/reflector/reflector.conf sets '--protocol https'.
Dropping it reverts to reflector's permissive default (http, https,
rsync, ftp), which could let non-HTTPS mirrors into the mirrorlist.
Also drop '--completion-percent 100' — that's reflector's default.
|
| |
|
|
|
|
|
|
|
|
|
| |
- etc-drift → etc (the main entry point to the /etc subsystem).
- New etc-readd: pull changes from live /etc back into tracked
repo files (the /etc analog of 'chezmoi re-add'). No args
refreshes all tracked files; explicit paths error if the file
isn't already tracked (use etc-add to adopt). Skips unchanged
files silently; runs 'just apply' only when something changed.
- New top-level readd: 'chezmoi re-add' + 'just etc-readd'.
One command to mirror live state back into the repo.
|
| |
|
|
|
|
|
|
|
|
| |
- etc-reset and etc-rm now chain 'just apply' at the end, so a
single invocation leaves both repo and /etc consistent.
- New etc-untrack recipe = etc-reset + etc-rm. One command to
cleanly stop tracking an owned /etc file:
before: just etc-reset X && just apply && just etc-rm X && just apply
after : just etc-untrack X
(etc-untrack doesn't apply to unowned files — use etc-rm.)
|
| |
|
|
|
|
|
| |
Adopted via 'just etc-add' after 'just etc-drift' surfaced them:
locale.conf, locale.gen, mkinitcpio.conf, mkinitcpio.d/linux.preset,
pacman.conf, resolved.conf, systemd/network/30-bond*, and the shokz
udev blacklist rule.
|
| |
|
|
|
|
|
|
|
|
|
| |
Removes one or more files from the repo's etc/ tree and tidies any
now-empty parent directories (bounded to inside etc/). Leaves the
live /etc copy untouched.
Composes with etc-reset to stop tracking a file cleanly:
just etc-reset /etc/foo.conf # repo → pristine
just apply # deploy pristine to /etc
just etc-rm etc/foo.conf # stop tracking; /etc unchanged
|
| |
|
|
|
|
|
|
|
|
|
| |
Operating on /etc directly created a two-source-of-truth problem:
chezmoi apply would just redeploy the repo copy anyway, so we had
to either refuse managed paths or bolt on a --force flag.
New semantics: etc-reset overwrites etc/<path> in the repo with
the pristine package contents (no doas needed, no /etc touched).
User then runs 'just apply' to deploy. Unowned files are now an
error (nothing to reset to) — remove them from the repo manually.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
readable
- etc-upstream-diff: default to iterating over repo-managed etc/ files
instead of running full 'pacman -Qkk' (scans every installed package).
Upstream drift only matters for files I actually track.
- both recipes: read live /etc via plain cat when the file is
world-readable; only fall back to 'doas cat' for restricted files
(e.g. /etc/doas.conf 0600). Cuts doas round-trips for the common case.
|
| |
|
|
|
| |
dotfile-drift is fastest so it gives immediate feedback; etc-drift
is slowest (full pacman -Qkk pass) so it runs last.
|
| |
|
|
|
|
|
| |
- status now runs etc-drift alongside pkg-drift and dotfile-drift
- diff routes /etc/* paths to etc-diff; with no arg, runs both
chezmoi diff and etc-diff so drift in /etc is visible alongside
$HOME dotfiles.
|
| |
|
|
|
|
|
| |
/etc/doas.conf (0600) and similar mode-restricted files triggered
'Permission denied' when diff tried to read them as the user. Read
via 'doas cat' on the live side; keep the repo/pristine side as the
user since those are readable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- etc-diff: diff repo-managed etc/<path> vs live /etc (defaults to all)
- etc-upstream-diff: diff live /etc vs pristine pacman archive
(defaults to pacman -Qkk modified set)
- etc-add: copy /etc/<path> into the repo's etc/ tree
- etc-reset: restore pristine via bsdtar -xpf, or rm if unowned;
refuses managed paths without --force
- ignore /etc/fstab (host-specific UUIDs/layout)
- path-traversal guards on all recipe inputs
- regular-file-only enforcement (no symlinks/dirs)
- fail-fast with clear message if mirror can't supply installed version
|
| |
|
|
|
|
|
|
|
| |
Pacman emits lines like "backup file: <pkg>: <path> (<reason>)", not the
"(Modified backup file)" suffix format. Anchor the path extraction to
/etc/ to avoid catching stderr warnings interleaved into a line.
Also extend etc/.ignore with /etc/{passwd,group,shells} — system-managed
identity files that surfaced in the new drift output.
|
| |
|
|
|
|
|
| |
The old -Qii regex "MODIFIED\s+/\S+" accidentally matched UNMODIFIED lines
(no word boundary), which hid truly-modified configs like pacman.conf from
the drift report. Switch to -Qkk which uses an explicit "Modified backup
file" / "Altered backup file" tag that is unambiguous.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
- grep exits 1 when pattern has no matches; under pipefail that killed
the recipe. Wrap both pipelines in `{ ...; } || true`.
- pacman -Qii can separate MODIFIED from the path with spaces or a tab
depending on formatting; use \s+ instead of \t.
|
| |
|
|
|
|
|
|
|
|
|
| |
- `just etc-drift` reports /etc files modified from pacman defaults
(via pacman -Qii) and user-created files (via pacman -Qo), subtracting
already-managed paths and patterns listed in etc/.ignore.
- Refactor run_onchange_after_deploy-etc.sh.tmpl to enumerate files under
etc/ automatically via find; single combined hash via chezmoi output +
sha256sum, so new files only need to be dropped into etc/.
- etc/.ignore seeds noise filters: machine-id, ssh host keys, pacman
keyring, mirrorlist, shadow/passwd backups, sbctl keys, ca-certs.
|
| |
|
|
|
|
|
| |
systemd-networkd-resolve-hook.socket, systemd-networkd-varlink.socket,
systemd-networkd-varlink-metrics.socket, systemd-resolved-monitor.socket,
systemd-resolved-varlink.socket are all auto-activated via dependency
graphs of their parent services and have no [Install] of their own.
|
| |
|
|
|
|
|
| |
systemd-networkd.socket has no [Install] section; it's auto-activated
by systemd-networkd.service via Sockets=. systemctl enable fails on it.
It still shows as enabled (symlinked from the service's dependency
graph), so add it to .ignore to keep drift output clean.
|
| |
|
|
|
|
|
|
|
|
| |
systemd-units/.ignore is a user-maintainable list of units to suppress
from 'just services-drift' uncurated output. Starts with three systemd
presets that are harmless noise: remote-fs.target,
systemd-network-generator.service, systemd-userdbd.socket.
The dotfile is outside the *.txt glob so services / services-enable
don't accidentally pick it up.
|
| |
|
|
|
| |
User runs iwd (wifi auth) + systemd-networkd (IP config) together,
with systemd-networkd-wait-online as boot gate.
|
| |
|
|
|
|
|
|
|
|
| |
- tor.service -> systemd-units/btc.txt (pairs with tor in meta/btc.txt)
- pcscd.socket -> systemd-units/base.txt (smartcards, used by GPG)
- services-drift now filters @-template units (getty@ etc.), which
are abstract and can't be curated meaningfully anyway
systemd-networkd.{service,socket,wait-online} remain uncurated;
that's a real decision (conflicts with iwd) left to disable by hand.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce systemd-units/<group>.txt files paired by name with meta
groups (systemd-units/base.txt <-> meta/base.txt). Units listed there
are enabled by a new 'just services-enable' recipe, wired into 'just
init' so bootstrap.sh no longer needs its own systemctl loop.
New justfile recipes (Services section):
services list curated units with enabled/active state
services-enable idempotent 'systemctl enable --now', soft-fail per unit
services-drift two-way diff vs systemctl list-unit-files
bootstrap.sh drops its hardcoded 9-unit loop and laptop TLP block
(~22 lines); 'just init' now handles it. tlp.service lives directly in
systemd-units/base.txt (no laptop gating).
|
| |
|
|
|
|
| |
Make the 'wheel user must already exist' prerequisite explicit with a
three-line useradd/passwd snippet, rather than leaving it implicit in
bootstrap.sh's preconditions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After 'just init' the script now:
- enables recommended systemd units that base.txt installs but nothing
was activating: fstrim.timer, systemd-timesyncd, systemd-resolved,
reflector.timer, paccache.timer, pkgstats.timer, acpid, cpupower, iwd
- enables tlp.service only when a battery is present
(/sys/class/power_supply/BAT*)
- refreshes the pacman mirrorlist via reflector using the already-
deployed /etc/xdg/reflector/reflector.conf
- runs xdg-user-dirs-update to create ~/Documents, ~/Downloads, etc.
Each step is soft-fail: warns and continues on failure rather than
aborting the whole bootstrap.
pacman.conf tuning is intentionally left out (should be managed via
chezmoi's etc/ pipeline). User creation is also out of scope; the
script continues to require the wheel user to exist beforehand, per
the Arch installation guide.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Takes a minimal Arch system (only 'base' installed) to the point where
'just init' has run and dotfiles are deployed. Installs prerequisites
(sudo, git, base-devel, chezmoi, just, efibootmgr), enables %wheel in
sudoers, bootstraps paru-bin from the AUR, clones the repo, runs
'just init' (which swaps sudo for doas-sudo-shim via the existing base
meta list), and launches create-efi if no Arch EFI boot entry exists.
Designed to be curlable:
curl -fsSL https://raw.githubusercontent.com/sommerfelddev/dotfiles/master/bootstrap.sh | sh
|
| |
|
|
|
|
|
|
|
| |
- mold moves cpp→dev (broader home; used by both Rust and C++ builds)
- choose/curlie/dog restored to base (actively used)
- restore 'alias curl=curlie' to match
linux-headers stays only in nvidia.txt (pulled by nvidia-dkms; no
other DKMS packages in the set).
|
sommerfeld