From f185694ff83f40f93ea535358ea36eccc837fa6e Mon Sep 17 00:00:00 2001
From: sommerfeld <sommerfeld@sommerfeld.dev>
Date: Tue, 21 Apr 2026 01:23:18 +0100
Subject: feat: add chezmoi config, ignore, and deploy scripts

- .chezmoi.toml.tmpl: minimal config with hostname data
- .chezmoiignore: exclude repo-only files from deployment
- run_onchange_after_deploy-etc.sh: deploy etc/ and etc2/ to /etc
- run_onchange_after_deploy-firefox.sh: deploy firefox overrides to profile
---
 .chezmoi.toml.tmpl                   |  2 ++
 .chezmoiignore                       | 10 ++++++++++
 run_onchange_after_deploy-etc.sh     | 25 +++++++++++++++++++++++++
 run_onchange_after_deploy-firefox.sh | 20 ++++++++++++++++++++
 4 files changed, 57 insertions(+)
 create mode 100644 .chezmoi.toml.tmpl
 create mode 100644 .chezmoiignore
 create mode 100755 run_onchange_after_deploy-etc.sh
 create mode 100755 run_onchange_after_deploy-firefox.sh

diff --git a/.chezmoi.toml.tmpl b/.chezmoi.toml.tmpl
new file mode 100644
index 0000000..23ebba7
--- /dev/null
+++ b/.chezmoi.toml.tmpl
@@ -0,0 +1,2 @@
+[data]
+  hostname = "{{ .chezmoi.hostname }}"
diff --git a/.chezmoiignore b/.chezmoiignore
new file mode 100644
index 0000000..d87d077
--- /dev/null
+++ b/.chezmoiignore
@@ -0,0 +1,10 @@
+KEYBINDS.md
+README.md
+create-efi.sh
+.editorconfig
+.github/
+.worktrees/
+meta/
+etc/
+etc2/
+firefox/
diff --git a/run_onchange_after_deploy-etc.sh b/run_onchange_after_deploy-etc.sh
new file mode 100755
index 0000000..2e59290
--- /dev/null
+++ b/run_onchange_after_deploy-etc.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+# Deploy system-level configs from etc/ and etc2/ to /etc/
+# etc/ files can be symlinked; etc2/ files must be copied (tools that refuse symlinks)
+set -eu
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+
+# etc/ — symlink-friendly configs
+for f in \
+    modules-load.d/tcp_bbr.conf \
+    pacman.d/hooks/orphans.hook \
+    sysctl.d/99-sysctl.conf \
+    systemd/system.conf.d/timeout.conf
+do
+    doas mkdir -p "/etc/$(dirname "$f")"
+    doas cp "$SCRIPT_DIR/etc/$f" "/etc/$f"
+done
+
+# etc2/ — must be real files (e.g. reflector refuses symlinks)
+for f in \
+    xdg/reflector/reflector.conf
+do
+    doas mkdir -p "/etc/$(dirname "$f")"
+    doas cp "$SCRIPT_DIR/etc2/$f" "/etc/$f"
+done
diff --git a/run_onchange_after_deploy-firefox.sh b/run_onchange_after_deploy-firefox.sh
new file mode 100755
index 0000000..e72f304
--- /dev/null
+++ b/run_onchange_after_deploy-firefox.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+# Deploy Firefox/LibreWolf hardening overrides and custom CSS
+set -eu
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+
+# Find LibreWolf profile directory (first profile with a default=1 marker)
+PROFILES_DIR="$HOME/.librewolf"
+if [ -d "$PROFILES_DIR" ]; then
+    PROFILE=$(find "$PROFILES_DIR" -maxdepth 1 -mindepth 1 -type d -name '*.default-default' | head -1)
+    if [ -z "$PROFILE" ]; then
+        PROFILE=$(find "$PROFILES_DIR" -maxdepth 1 -mindepth 1 -type d | head -1)
+    fi
+
+    if [ -n "$PROFILE" ]; then
+        cp "$SCRIPT_DIR/firefox/user-overrides.js" "$PROFILE/user-overrides.js"
+        mkdir -p "$PROFILE/chrome"
+        cp "$SCRIPT_DIR/firefox/chrome/userChrome.css" "$PROFILE/chrome/userChrome.css"
+    fi
+fi
-- 
cgit v1.2.3-70-g09d2