aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* feat(etc): diff/upstream-diff/add/reset recipes + ignore fstabLibravatar sommerfeld46 hours1-0/+3
| | | | | | | | | | | | | - etc-diff: diff repo-managed etc/<path> vs live /etc (defaults to all) - etc-upstream-diff: diff live /etc vs pristine pacman archive (defaults to pacman -Qkk modified set) - etc-add: copy /etc/<path> into the repo's etc/ tree - etc-reset: restore pristine via bsdtar -xpf, or rm if unowned; refuses managed paths without --force - ignore /etc/fstab (host-specific UUIDs/layout) - path-traversal guards on all recipe inputs - regular-file-only enforcement (no symlinks/dirs) - fail-fast with clear message if mirror can't supply installed version
* fix(etc-drift): match real pacman -Qkk "backup file:" prefix formatLibravatar sommerfeld46 hours1-2/+5
| | | | | | | | | Pacman emits lines like "backup file: <pkg>: <path> (<reason>)", not the "(Modified backup file)" suffix format. Anchor the path extraction to /etc/ to avoid catching stderr warnings interleaved into a line. Also extend etc/.ignore with /etc/{passwd,group,shells} — system-managed identity files that surfaced in the new drift output.
* feat(etc/.ignore): exclude wireguard .network (contains public IPs)Libravatar sommerfeld46 hours1-4/+4
|
* feat(etc/.ignore): exclude wireguard .netdev (contains PrivateKey)Libravatar sommerfeld46 hours1-0/+5
|
* feat(etc/.ignore): filter pacsave/pacnew, hostname, xml/catalogLibravatar sommerfeld46 hours1-0/+8
|
* feat(etc): drift detection + auto-enumerating deploy templateLibravatar sommerfeld46 hours1-0/+35
| | | | | | | | | | | - `just etc-drift` reports /etc files modified from pacman defaults (via pacman -Qii) and user-created files (via pacman -Qo), subtracting already-managed paths and patterns listed in etc/.ignore. - Refactor run_onchange_after_deploy-etc.sh.tmpl to enumerate files under etc/ automatically via find; single combined hash via chezmoi output + sha256sum, so new files only need to be dropped into etc/. - etc/.ignore seeds noise filters: machine-id, ssh host keys, pacman keyring, mirrorlist, shadow/passwd backups, sbctl keys, ca-certs.
* refactor(doas): widen setenv allowlist (PATH TERM PAGER)Libravatar sommerfeld46 hours1-1/+1
|
* feat: deploy /etc/doas.conf via chezmoiLibravatar sommerfeld46 hours1-0/+3
| | | | | Added to the etc/ deploy loop plus a post-copy chown/chmod to 0400 root:root since doas refuses to parse otherwise.
* refactor: merge etc2/ into etc/, add content hashes to run scriptsLibravatar sommerfeld46 hours1-0/+7
| | | | | | | | - etc2/ only existed because stow used symlinks and reflector refused them. Chezmoi copies files, so no reason to keep them separate. - Run scripts are now .tmpl files with sha256sum hashes of deployed files. chezmoi only re-runs them when file content actually changes, avoiding unnecessary doas prompts on every apply.
* chore: trim comments from etc configsLibravatar sommerfeld6 days1-1/+0
| | | | | - orphans.hook: remove commented-out alternative Exec line - reflector.conf: strip comment bloat, keep only active settings
* Change event_paranoid for better profilingLibravatar Arnold Sommerfeld2024-03-131-1/+1
|
* first commitLibravatar Arnold Sommerfeld2023-10-184-0/+35