| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
Type=ether and Type=wlan match every interface of that class.
Add comments pointing out that future USB/Thunderbolt dongles
would get auto-enslaved into bond0, and how to narrow the match
if that becomes undesirable.
|
| |
|
|
|
|
|
| |
Having only the 'default' preset means no safety net if the main
initramfs ever fails to boot (broken firmware update, microcode
regression, hook misconfig). The fallback image is ~40 MB and
regenerates with every kernel update — cheap insurance.
|
| |
|
|
|
|
|
|
| |
Pristine /etc/xdg/reflector/reflector.conf sets '--protocol https'.
Dropping it reverts to reflector's permissive default (http, https,
rsync, ftp), which could let non-HTTPS mirrors into the mirrorlist.
Also drop '--completion-percent 100' — that's reflector's default.
|
| |
|
|
|
|
|
|
|
|
|
| |
- etc-drift → etc (the main entry point to the /etc subsystem).
- New etc-readd: pull changes from live /etc back into tracked
repo files (the /etc analog of 'chezmoi re-add'). No args
refreshes all tracked files; explicit paths error if the file
isn't already tracked (use etc-add to adopt). Skips unchanged
files silently; runs 'just apply' only when something changed.
- New top-level readd: 'chezmoi re-add' + 'just etc-readd'.
One command to mirror live state back into the repo.
|
| |
|
|
|
|
|
|
|
|
| |
- etc-reset and etc-rm now chain 'just apply' at the end, so a
single invocation leaves both repo and /etc consistent.
- New etc-untrack recipe = etc-reset + etc-rm. One command to
cleanly stop tracking an owned /etc file:
before: just etc-reset X && just apply && just etc-rm X && just apply
after : just etc-untrack X
(etc-untrack doesn't apply to unowned files — use etc-rm.)
|
| |
|
|
|
|
|
| |
Adopted via 'just etc-add' after 'just etc-drift' surfaced them:
locale.conf, locale.gen, mkinitcpio.conf, mkinitcpio.d/linux.preset,
pacman.conf, resolved.conf, systemd/network/30-bond*, and the shokz
udev blacklist rule.
|
| |
|
|
|
|
|
|
|
|
|
| |
Removes one or more files from the repo's etc/ tree and tidies any
now-empty parent directories (bounded to inside etc/). Leaves the
live /etc copy untouched.
Composes with etc-reset to stop tracking a file cleanly:
just etc-reset /etc/foo.conf # repo → pristine
just apply # deploy pristine to /etc
just etc-rm etc/foo.conf # stop tracking; /etc unchanged
|
| |
|
|
|
|
|
|
|
|
|
| |
Operating on /etc directly created a two-source-of-truth problem:
chezmoi apply would just redeploy the repo copy anyway, so we had
to either refuse managed paths or bolt on a --force flag.
New semantics: etc-reset overwrites etc/<path> in the repo with
the pristine package contents (no doas needed, no /etc touched).
User then runs 'just apply' to deploy. Unowned files are now an
error (nothing to reset to) — remove them from the repo manually.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
readable
- etc-upstream-diff: default to iterating over repo-managed etc/ files
instead of running full 'pacman -Qkk' (scans every installed package).
Upstream drift only matters for files I actually track.
- both recipes: read live /etc via plain cat when the file is
world-readable; only fall back to 'doas cat' for restricted files
(e.g. /etc/doas.conf 0600). Cuts doas round-trips for the common case.
|
| |
|
|
|
| |
dotfile-drift is fastest so it gives immediate feedback; etc-drift
is slowest (full pacman -Qkk pass) so it runs last.
|
| |
|
|
|
|
|
| |
- status now runs etc-drift alongside pkg-drift and dotfile-drift
- diff routes /etc/* paths to etc-diff; with no arg, runs both
chezmoi diff and etc-diff so drift in /etc is visible alongside
$HOME dotfiles.
|
| |
|
|
|
|
|
| |
/etc/doas.conf (0600) and similar mode-restricted files triggered
'Permission denied' when diff tried to read them as the user. Read
via 'doas cat' on the live side; keep the repo/pristine side as the
user since those are readable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- etc-diff: diff repo-managed etc/<path> vs live /etc (defaults to all)
- etc-upstream-diff: diff live /etc vs pristine pacman archive
(defaults to pacman -Qkk modified set)
- etc-add: copy /etc/<path> into the repo's etc/ tree
- etc-reset: restore pristine via bsdtar -xpf, or rm if unowned;
refuses managed paths without --force
- ignore /etc/fstab (host-specific UUIDs/layout)
- path-traversal guards on all recipe inputs
- regular-file-only enforcement (no symlinks/dirs)
- fail-fast with clear message if mirror can't supply installed version
|
| |
|
|
|
|
|
|
|
| |
Pacman emits lines like "backup file: <pkg>: <path> (<reason>)", not the
"(Modified backup file)" suffix format. Anchor the path extraction to
/etc/ to avoid catching stderr warnings interleaved into a line.
Also extend etc/.ignore with /etc/{passwd,group,shells} — system-managed
identity files that surfaced in the new drift output.
|
| |
|
|
|
|
|
| |
The old -Qii regex "MODIFIED\s+/\S+" accidentally matched UNMODIFIED lines
(no word boundary), which hid truly-modified configs like pacman.conf from
the drift report. Switch to -Qkk which uses an explicit "Modified backup
file" / "Altered backup file" tag that is unambiguous.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
- grep exits 1 when pattern has no matches; under pipefail that killed
the recipe. Wrap both pipelines in `{ ...; } || true`.
- pacman -Qii can separate MODIFIED from the path with spaces or a tab
depending on formatting; use \s+ instead of \t.
|
| |
|
|
|
|
|
|
|
|
|
| |
- `just etc-drift` reports /etc files modified from pacman defaults
(via pacman -Qii) and user-created files (via pacman -Qo), subtracting
already-managed paths and patterns listed in etc/.ignore.
- Refactor run_onchange_after_deploy-etc.sh.tmpl to enumerate files under
etc/ automatically via find; single combined hash via chezmoi output +
sha256sum, so new files only need to be dropped into etc/.
- etc/.ignore seeds noise filters: machine-id, ssh host keys, pacman
keyring, mirrorlist, shadow/passwd backups, sbctl keys, ca-certs.
|
| |
|
|
|
|
|
| |
systemd-networkd-resolve-hook.socket, systemd-networkd-varlink.socket,
systemd-networkd-varlink-metrics.socket, systemd-resolved-monitor.socket,
systemd-resolved-varlink.socket are all auto-activated via dependency
graphs of their parent services and have no [Install] of their own.
|
| |
|
|
|
|
|
| |
systemd-networkd.socket has no [Install] section; it's auto-activated
by systemd-networkd.service via Sockets=. systemctl enable fails on it.
It still shows as enabled (symlinked from the service's dependency
graph), so add it to .ignore to keep drift output clean.
|
| |
|
|
|
|
|
|
|
|
| |
systemd-units/.ignore is a user-maintainable list of units to suppress
from 'just services-drift' uncurated output. Starts with three systemd
presets that are harmless noise: remote-fs.target,
systemd-network-generator.service, systemd-userdbd.socket.
The dotfile is outside the *.txt glob so services / services-enable
don't accidentally pick it up.
|
| |
|
|
|
| |
User runs iwd (wifi auth) + systemd-networkd (IP config) together,
with systemd-networkd-wait-online as boot gate.
|
| |
|
|
|
|
|
|
|
|
| |
- tor.service -> systemd-units/btc.txt (pairs with tor in meta/btc.txt)
- pcscd.socket -> systemd-units/base.txt (smartcards, used by GPG)
- services-drift now filters @-template units (getty@ etc.), which
are abstract and can't be curated meaningfully anyway
systemd-networkd.{service,socket,wait-online} remain uncurated;
that's a real decision (conflicts with iwd) left to disable by hand.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce systemd-units/<group>.txt files paired by name with meta
groups (systemd-units/base.txt <-> meta/base.txt). Units listed there
are enabled by a new 'just services-enable' recipe, wired into 'just
init' so bootstrap.sh no longer needs its own systemctl loop.
New justfile recipes (Services section):
services list curated units with enabled/active state
services-enable idempotent 'systemctl enable --now', soft-fail per unit
services-drift two-way diff vs systemctl list-unit-files
bootstrap.sh drops its hardcoded 9-unit loop and laptop TLP block
(~22 lines); 'just init' now handles it. tlp.service lives directly in
systemd-units/base.txt (no laptop gating).
|
| |
|
|
|
|
| |
Make the 'wheel user must already exist' prerequisite explicit with a
three-line useradd/passwd snippet, rather than leaving it implicit in
bootstrap.sh's preconditions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After 'just init' the script now:
- enables recommended systemd units that base.txt installs but nothing
was activating: fstrim.timer, systemd-timesyncd, systemd-resolved,
reflector.timer, paccache.timer, pkgstats.timer, acpid, cpupower, iwd
- enables tlp.service only when a battery is present
(/sys/class/power_supply/BAT*)
- refreshes the pacman mirrorlist via reflector using the already-
deployed /etc/xdg/reflector/reflector.conf
- runs xdg-user-dirs-update to create ~/Documents, ~/Downloads, etc.
Each step is soft-fail: warns and continues on failure rather than
aborting the whole bootstrap.
pacman.conf tuning is intentionally left out (should be managed via
chezmoi's etc/ pipeline). User creation is also out of scope; the
script continues to require the wheel user to exist beforehand, per
the Arch installation guide.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Takes a minimal Arch system (only 'base' installed) to the point where
'just init' has run and dotfiles are deployed. Installs prerequisites
(sudo, git, base-devel, chezmoi, just, efibootmgr), enables %wheel in
sudoers, bootstraps paru-bin from the AUR, clones the repo, runs
'just init' (which swaps sudo for doas-sudo-shim via the existing base
meta list), and launches create-efi if no Arch EFI boot entry exists.
Designed to be curlable:
curl -fsSL https://raw.githubusercontent.com/sommerfelddev/dotfiles/master/bootstrap.sh | sh
|
| |
|
|
|
|
|
|
|
| |
- mold moves cpp→dev (broader home; used by both Rust and C++ builds)
- choose/curlie/dog restored to base (actively used)
- restore 'alias curl=curlie' to match
linux-headers stays only in nvidia.txt (pulled by nvidia-dkms; no
other DKMS packages in the set).
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Structural:
- Dedupe: drop git/unzip/wget/mold from dev, linux-headers from base,
zbar from btc (kept in wayland)
- Move thermald base→intel (Intel-only daemon)
- Split wayland.txt into wayland (compositor stack), browser, office
- Sort base.txt alphabetically
Content:
- Drop stale: dog, choose, curlie (base); sloccount (dev)
- Drop redundant: pipenv, yarn (dev has uv and npm)
- Drop niche: irqbalance, libusb-compat (base); go-md2man, flamelens (dev)
- Switch doas-sudo-shim-k → doas-sudo-shim (mainline variant)
Removed packages are list-only; uninstall afterward with paru -Rsn
if they appear in 'just undeclared'.
|
| | |
|
| |
|
|
|
| |
Added to the etc/ deploy loop plus a post-copy chown/chmod to 0400
root:root since doas refuses to parse otherwise.
|
| |
|
|
|
| |
Aligned with the other personal scripts; chezmoi will deploy it as
~/.local/bin/create-efi (executable, no .sh extension).
|
| |
|
|
|
| |
Package may belong to other groups; uninstall is the user's call (use
'just undeclared | paru -Rs -' afterward if desired).
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Needed so the first 'just init' on a stock Arch system (sudo preinstalled)
can swap sudo for doas-sudo-shim without a prompt pacman refuses to emit
under --noconfirm.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
A package only listed in unadopted groups (e.g. steam in gaming on a
non-gaming machine) now counts as undeclared.
Extracts a hidden _active-packages helper so pkg-drift and undeclared
share the same 'active list' logic.
|
| |
|
|
|
|
| |
- ✓ fully installed (100%)
- ~ adopted but partial (≥50%, <100%)
- ✗ not adopted (<50%, includes 0%)
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
- 'just status' now a thin wrapper for 'pkg-drift + dotfile-drift'
- 'just pkg-drift' and 'just dotfile-drift' are individually addressable
- 'just undeclared' prints undeclared packages unindented, one per line,
so they pipe cleanly into 'paru -Rs -'
- pkg-drift reuses 'just undeclared' via sed to avoid duplicating logic
|
| |
|
|
|
|
| |
Both accept an optional file path. 'just merge' without an argument
runs chezmoi merge-all (interactive across all modified files);
with an argument it merges just that one target.
|
sommerfeld