| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extend meta/flatpak.txt format to allow per-line URL for non-Flathub
.flatpak bundles. Lines are now either '<id>' (Flathub) or '<id> <url>'
(downloaded + installed via 'flatpak install <file>'). Bundle entries
are skipped on pkg-apply/pkg-fix when already installed, and re-fetched
on flatpak-update only when the version embedded in the URL differs
from the installed version.
Use this to migrate Portuguese Citizen Card (pteid-mw) off the AUR
'autenticacao-gov-pt-bin' pseudo-flatpak unpack to the upstream-shipped
flatpak bundle from amagovpt/autenticacao.gov GitHub releases — same
codebase the AUR PKGBUILD already vendors, but properly sandboxed.
Refactors duplicated install logic in pkg-apply/pkg-fix into a private
_flatpak-install helper. ID-only contexts (pkg-status, undeclared,
pkg-list) now extract the first whitespace-separated token instead of
treating each line as a single ID.
Caveat: PKCS#11-based Citizen Card web auth in the LibreWolf flatpak
remains unsolved — the .so lives inside the autenticacao-gov sandbox
and would need a 'flatpak override' + 'modutil' bridge to be loaded
across sandboxes. The CLI/GUI eID app works as expected.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Delete meta/gaming.txt entirely (no longer used; takes discord with it)
- Delete now-empty meta/office.txt; LibreOffice and Okular move to flatpak
- Trim meta/browser.txt: chromium and torbrowser-launcher now flatpaks
- New meta/flatpak.txt: 4 Flathub app IDs (chromium, okular, libreoffice,
torbrowser-launcher), under --user scope
- Add flatpak runtime to meta/extra.txt
- Teach pkg-apply / pkg-list / pkg-fix / pkg-add / pkg-status / undeclared
to branch on the magic 'flatpak' group name (no parallel recipe namespace)
- New flatpak-update recipe; update aggregate now refreshes flatpaks too
- _active-packages now skips flatpak.txt (it remains pacman-only)
- pkg-apply (no args) installs pacman groups together, then flatpaks
- First flatpak install auto-adds the flathub --user remote
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old etc-status scanned all of /etc (pacman -Qkk for modified
backup configs, then 'find /etc | xargs pacman -Qo' for unowned
files), producing a discovery report of things we might want to
track. That was useful when seeding the repo but is slow and
misaligned with dotfiles-status, which only reports drift on files
chezmoi already manages.
Rewrite etc-status to mirror that model: iterate etc/, render .tmpl
sources, and cmp against the live /etc file. Report 'modified' or
'missing' per tracked path. Runs in under a second and matches the
semantics of 'just status'.
Drop the now-unused etc/.ignore and update README.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the three existing files into systemd-units/system/ and seed
systemd-units/user/ with a .ignore stub. Teach the unit-* recipes a
user:/system: group-token prefix (bare names keep system semantics for
back-compat). unit-apply and unit-status now walk both scopes; user
units go through 'systemctl --user' (no sudo), system units via 'sudo
systemctl' as before. Soft-fail per unit preserved for both scopes.
Top-level add/forget dispatchers need no changes: the unit-extension
sniff already routes anything ending in .service/.timer/etc to
unit-*, and user:base passes through as the group token.
Docs updated in README.md and .github/copilot-instructions.md.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prompt once at 'chezmoi init' time for the LUKS root partition (e.g.
nvme0n1p2) and store it under [data].luksRootPartition in the per-machine
chezmoi config. etc/kernel/cmdline.tmpl resolves the UUID at apply time
via lsblk, so reinstalls only require re-entering the partition name.
The etc deploy script now renders *.tmpl sources through
'chezmoi execute-template' and installs them without the suffix. The
resolved UUID is folded into the onchange hash so the script re-runs
when the UUID changes even if etc/ content is unchanged.
just etc-status/diff transparently handle .tmpl sources (strip suffix
for the live-path mapping, render before diffing). etc-re-add skips
.tmpl files since template sources can't be reverse-rendered from the
live file.
|
| |
|
|
|
|
|
|
| |
- use systemctl is-enabled per curated unit (list-unit-files does not
show instantiated template units like btrfs-scrub@-.timer)
- accept static/indirect/generated/alias states in addition to enabled
- drop pkgstats.timer from curated (no [Install] section)
- ignore systemd-oomd.socket (distro default)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New recipes (new 'Updates' section after 'Day-to-day'):
- update: pkg-update nvim-update
- pkg-update: paru -Syu
- nvim-update: nvim --headless +'lua require("config.update").run()'
New dot_config/nvim/lua/config/update.lua drives the headless session:
clean orphan plugins, vim.pack.update with force=true (skips the confirm
buffer since this is unattended; changes still go to nvim-pack.log),
then :MasonToolsUpdateSync — the blocking variant intended for headless
Interactive :PackSync stays unchanged (confirm buffer remains visible
for reviewed updates).
|
| |
|
|
|
|
|
|
|
|
| |
The grep-based filter only dropped lines starting with '#' and blank
lines, so 'xorg-xwayland # note' got passed to paru verbatim and failed
with 'could not find all required packages'. Replace all 11 call sites
with a single sed that strips trailing '# ...' comments AND blank lines,
so both full-line and inline comments are supported consistently
across pkg-apply, pkg-add, pkg-forget, pkg-status, pkg-list, and
unit-apply / unit-list / unit-status.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dispatchers
Adopt chezmoi-aligned vocabulary (add, forget, re-add, apply, diff, merge,
status) uniformly across four domains (dotfiles, etc, pkg, unit). Add
top-level dispatchers that sniff argument shape and delegate:
- contains '/': path -> etc-* (^/?etc) or dotfiles-*
- ends with .service/.timer/.socket/.mount/.target/.path: unit-*
- bare words: pkg-*
Fill in missing recipes: dotfiles-add/forget/re-add/diff/merge/status,
etc-merge, etc-forget (was etc-rm), unit-add/forget. Rename:
services-* -> unit-*, *-drift -> *-status, install/install-all -> pkg-apply,
fix -> pkg-fix, groups -> pkg-list, readd -> re-add, add/remove ->
pkg-add/forget, etc -> etc-status, etc-readd -> etc-re-add.
Top-level apply stays monolithic (chezmoi apply deploys dotfiles + /etc
atomically via the onchange template). sync = apply + pkg-fix + unit-apply.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Split concerns: fmt-check (check-fmt) from lint. check-fmt mirrors fmt
with each tool's --check/-d flag. check runs both as a single quality
gate. A new .githooks/pre-commit runs 'just check' on every commit;
bypass with git commit --no-verify.
Also drop just --fmt --check and prettier --check from the lint recipe
(they're format checks, belong in check-fmt).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two recipes with matching shape:
just fmt # format the whole repo
just fmt <path> # format one file (dispatch by ext/filename/shebang)
just lint # lint the whole repo
just lint <path> # lint one file
Dispatch:
.lua stylua / selene
*.sh + sh shebang shfmt / shellcheck
.zshrc/.zprofile (no fmt) / shellcheck --shell=bash (best-effort)
.py ruff format / ruff check
justfile just --fmt / just --fmt --check
.toml taplo format / taplo lint
.md/.json/.jsonc/.yaml/.yml/.css prettier --write / --check
If a required tool is missing, the recipe aborts with an install hint
naming the package. Whole-repo mode aggregates non-zero exits in lint
so you see every issue in one pass.
|
| |
|
|
|
|
|
|
|
|
| |
'bsdtar -xOf | doas tee' wrote pristine content but with mtime=now,
which caused 'pacman -Qkk' (and therefore 'just etc') to still flag
the file as drifted — pacman compares stored metadata, not content.
Switch to 'doas bsdtar -xpf <archive> -C / <file>', which extracts
the single file in place with its original owner, mode, and mtime
from the package archive.
|
| |
|
|
|
|
|
|
|
|
| |
Sibling to etc-reset but operates directly on /etc (via doas tee)
and never touches the repo. Use when a live file has drifted from
pristine but you don't want to track it:
just etc-restore /etc/systemd/resolved.conf
Previously this required a 2-step dance (etc-add + etc-untrack).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
- etc-drift → etc (the main entry point to the /etc subsystem).
- New etc-readd: pull changes from live /etc back into tracked
repo files (the /etc analog of 'chezmoi re-add'). No args
refreshes all tracked files; explicit paths error if the file
isn't already tracked (use etc-add to adopt). Skips unchanged
files silently; runs 'just apply' only when something changed.
- New top-level readd: 'chezmoi re-add' + 'just etc-readd'.
One command to mirror live state back into the repo.
|
| |
|
|
|
|
|
|
|
|
| |
- etc-reset and etc-rm now chain 'just apply' at the end, so a
single invocation leaves both repo and /etc consistent.
- New etc-untrack recipe = etc-reset + etc-rm. One command to
cleanly stop tracking an owned /etc file:
before: just etc-reset X && just apply && just etc-rm X && just apply
after : just etc-untrack X
(etc-untrack doesn't apply to unowned files — use etc-rm.)
|
| |
|
|
|
|
|
|
|
|
|
| |
Removes one or more files from the repo's etc/ tree and tidies any
now-empty parent directories (bounded to inside etc/). Leaves the
live /etc copy untouched.
Composes with etc-reset to stop tracking a file cleanly:
just etc-reset /etc/foo.conf # repo → pristine
just apply # deploy pristine to /etc
just etc-rm etc/foo.conf # stop tracking; /etc unchanged
|
| |
|
|
|
|
|
|
|
|
|
| |
Operating on /etc directly created a two-source-of-truth problem:
chezmoi apply would just redeploy the repo copy anyway, so we had
to either refuse managed paths or bolt on a --force flag.
New semantics: etc-reset overwrites etc/<path> in the repo with
the pristine package contents (no doas needed, no /etc touched).
User then runs 'just apply' to deploy. Unowned files are now an
error (nothing to reset to) — remove them from the repo manually.
|
| |
|
|
|
|
|
|
|
|
|
| |
readable
- etc-upstream-diff: default to iterating over repo-managed etc/ files
instead of running full 'pacman -Qkk' (scans every installed package).
Upstream drift only matters for files I actually track.
- both recipes: read live /etc via plain cat when the file is
world-readable; only fall back to 'doas cat' for restricted files
(e.g. /etc/doas.conf 0600). Cuts doas round-trips for the common case.
|
| |
|
|
|
| |
dotfile-drift is fastest so it gives immediate feedback; etc-drift
is slowest (full pacman -Qkk pass) so it runs last.
|
| |
|
|
|
|
|
| |
- status now runs etc-drift alongside pkg-drift and dotfile-drift
- diff routes /etc/* paths to etc-diff; with no arg, runs both
chezmoi diff and etc-diff so drift in /etc is visible alongside
$HOME dotfiles.
|
| |
|
|
|
|
|
| |
/etc/doas.conf (0600) and similar mode-restricted files triggered
'Permission denied' when diff tried to read them as the user. Read
via 'doas cat' on the live side; keep the repo/pristine side as the
user since those are readable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- etc-diff: diff repo-managed etc/<path> vs live /etc (defaults to all)
- etc-upstream-diff: diff live /etc vs pristine pacman archive
(defaults to pacman -Qkk modified set)
- etc-add: copy /etc/<path> into the repo's etc/ tree
- etc-reset: restore pristine via bsdtar -xpf, or rm if unowned;
refuses managed paths without --force
- ignore /etc/fstab (host-specific UUIDs/layout)
- path-traversal guards on all recipe inputs
- regular-file-only enforcement (no symlinks/dirs)
- fail-fast with clear message if mirror can't supply installed version
|
| |
|
|
|
|
|
|
|
| |
Pacman emits lines like "backup file: <pkg>: <path> (<reason>)", not the
"(Modified backup file)" suffix format. Anchor the path extraction to
/etc/ to avoid catching stderr warnings interleaved into a line.
Also extend etc/.ignore with /etc/{passwd,group,shells} — system-managed
identity files that surfaced in the new drift output.
|
| |
|
|
|
|
|
| |
The old -Qii regex "MODIFIED\s+/\S+" accidentally matched UNMODIFIED lines
(no word boundary), which hid truly-modified configs like pacman.conf from
the drift report. Switch to -Qkk which uses an explicit "Modified backup
file" / "Altered backup file" tag that is unambiguous.
|
| | |
|
| |
|
|
|
|
|
| |
- grep exits 1 when pattern has no matches; under pipefail that killed
the recipe. Wrap both pipelines in `{ ...; } || true`.
- pacman -Qii can separate MODIFIED from the path with spaces or a tab
depending on formatting; use \s+ instead of \t.
|
| |
|
|
|
|
|
|
|
|
|
| |
- `just etc-drift` reports /etc files modified from pacman defaults
(via pacman -Qii) and user-created files (via pacman -Qo), subtracting
already-managed paths and patterns listed in etc/.ignore.
- Refactor run_onchange_after_deploy-etc.sh.tmpl to enumerate files under
etc/ automatically via find; single combined hash via chezmoi output +
sha256sum, so new files only need to be dropped into etc/.
- etc/.ignore seeds noise filters: machine-id, ssh host keys, pacman
keyring, mirrorlist, shadow/passwd backups, sbctl keys, ca-certs.
|
| |
|
|
|
|
|
|
|
|
| |
systemd-units/.ignore is a user-maintainable list of units to suppress
from 'just services-drift' uncurated output. Starts with three systemd
presets that are harmless noise: remote-fs.target,
systemd-network-generator.service, systemd-userdbd.socket.
The dotfile is outside the *.txt glob so services / services-enable
don't accidentally pick it up.
|
| |
|
|
|
|
|
|
|
|
| |
- tor.service -> systemd-units/btc.txt (pairs with tor in meta/btc.txt)
- pcscd.socket -> systemd-units/base.txt (smartcards, used by GPG)
- services-drift now filters @-template units (getty@ etc.), which
are abstract and can't be curated meaningfully anyway
systemd-networkd.{service,socket,wait-online} remain uncurated;
that's a real decision (conflicts with iwd) left to disable by hand.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce systemd-units/<group>.txt files paired by name with meta
groups (systemd-units/base.txt <-> meta/base.txt). Units listed there
are enabled by a new 'just services-enable' recipe, wired into 'just
init' so bootstrap.sh no longer needs its own systemctl loop.
New justfile recipes (Services section):
services list curated units with enabled/active state
services-enable idempotent 'systemctl enable --now', soft-fail per unit
services-drift two-way diff vs systemctl list-unit-files
bootstrap.sh drops its hardcoded 9-unit loop and laptop TLP block
(~22 lines); 'just init' now handles it. tlp.service lives directly in
systemd-units/base.txt (no laptop gating).
|
| |
|
|
|
| |
Package may belong to other groups; uninstall is the user's call (use
'just undeclared | paru -Rs -' afterward if desired).
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Needed so the first 'just init' on a stock Arch system (sudo preinstalled)
can swap sudo for doas-sudo-shim without a prompt pacman refuses to emit
under --noconfirm.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
A package only listed in unadopted groups (e.g. steam in gaming on a
non-gaming machine) now counts as undeclared.
Extracts a hidden _active-packages helper so pkg-drift and undeclared
share the same 'active list' logic.
|
| |
|
|
|
|
| |
- ✓ fully installed (100%)
- ~ adopted but partial (≥50%, <100%)
- ✗ not adopted (<50%, includes 0%)
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
- 'just status' now a thin wrapper for 'pkg-drift + dotfile-drift'
- 'just pkg-drift' and 'just dotfile-drift' are individually addressable
- 'just undeclared' prints undeclared packages unindented, one per line,
so they pipe cleanly into 'paru -Rs -'
- pkg-drift reuses 'just undeclared' via sed to avoid duplicating logic
|
| |
|
|
|
|
| |
Both accept an optional file path. 'just merge' without an argument
runs chezmoi merge-all (interactive across all modified files);
with an argument it merges just that one target.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- 'just sync' now wraps apply + fix for combined dotfile + package
reconciliation
- 'just init' generalized for first-time machine setup: regenerate
chezmoi config, install git hooks, install base packages
- Hidden helper recipes (_chezmoi-init, _install-hooks) via [private]
so they don't clutter 'just --list'
- Section banners organize the justfile into Setup, Day-to-day,
Inspection, Package management, and Hidden helpers
- Default recipe (bare 'just') shows the list
- Doc comments reworded for clarity in the autocomplete menu
|
| |
|
|
|
|
| |
chezmoi init is only needed when .chezmoi.toml.tmpl changes, so running
it on every apply is unnecessary overhead. Run 'just init' manually
when the template changes.
|
| |
|
|
|
|
|
| |
When .chezmoi.toml.tmpl changes (e.g. adding [status] exclude=scripts),
plain 'chezmoi apply' warns and keeps using the stale config. Using
'init --apply' regenerates the config from the template and applies
in one step. Status does a silent init first for the same reason.
|
| |
|
|
|
|
| |
Without an explicit source, chezmoi defaults to ~/.local/share/chezmoi
which doesn't exist on this setup. The post-commit hook uses git
rev-parse so it works even if the hook is run from a subdirectory.
|
| |
|
|
|
|
| |
Unadopted groups (e.g. gaming, nvidia on non-gaming/non-nvidia machines)
no longer spam 'missing:' lines. Undeclared detection is unchanged —
any installed package not in any list is still reported.
|
sommerfeld