From fcafb03c9b1030dea399d44dda52f62e9117ad96 Mon Sep 17 00:00:00 2001 From: sommerfeld Date: Tue, 21 Apr 2026 01:23:19 +0100 Subject: refactor: merge etc2/ into etc/, add content hashes to run scripts - etc2/ only existed because stow used symlinks and reflector refused them. Chezmoi copies files, so no reason to keep them separate. - Run scripts are now .tmpl files with sha256sum hashes of deployed files. chezmoi only re-runs them when file content actually changes, avoiding unnecessary doas prompts on every apply. --- .chezmoiignore | 1 - etc/xdg/reflector/reflector.conf | 7 +++++++ etc2/xdg/reflector/reflector.conf | 7 ------- run_onchange_after_deploy-etc.sh | 25 ------------------------- run_onchange_after_deploy-etc.sh.tmpl | 20 ++++++++++++++++++++ run_onchange_after_deploy-firefox.sh | 20 -------------------- run_onchange_after_deploy-firefox.sh.tmpl | 20 ++++++++++++++++++++ 7 files changed, 47 insertions(+), 53 deletions(-) create mode 100644 etc/xdg/reflector/reflector.conf delete mode 100644 etc2/xdg/reflector/reflector.conf delete mode 100755 run_onchange_after_deploy-etc.sh create mode 100755 run_onchange_after_deploy-etc.sh.tmpl delete mode 100755 run_onchange_after_deploy-firefox.sh create mode 100755 run_onchange_after_deploy-firefox.sh.tmpl diff --git a/.chezmoiignore b/.chezmoiignore index d87d077..82bbeb2 100644 --- a/.chezmoiignore +++ b/.chezmoiignore @@ -6,5 +6,4 @@ create-efi.sh .worktrees/ meta/ etc/ -etc2/ firefox/ diff --git a/etc/xdg/reflector/reflector.conf b/etc/xdg/reflector/reflector.conf new file mode 100644 index 0000000..a5dd94d --- /dev/null +++ b/etc/xdg/reflector/reflector.conf @@ -0,0 +1,7 @@ +--save /etc/pacman.d/mirrorlist +--country Spain,Portugal,France,Switzerland,Germany,Netherlands +--age 12 +--completion-percent 100 +--sort score +--fastest 10 +--threads 12 diff --git a/etc2/xdg/reflector/reflector.conf b/etc2/xdg/reflector/reflector.conf deleted file mode 100644 index a5dd94d..0000000 --- a/etc2/xdg/reflector/reflector.conf +++ /dev/null @@ -1,7 +0,0 @@ ---save /etc/pacman.d/mirrorlist ---country Spain,Portugal,France,Switzerland,Germany,Netherlands ---age 12 ---completion-percent 100 ---sort score ---fastest 10 ---threads 12 diff --git a/run_onchange_after_deploy-etc.sh b/run_onchange_after_deploy-etc.sh deleted file mode 100755 index e016fa1..0000000 --- a/run_onchange_after_deploy-etc.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh -# Deploy system-level configs from etc/ and etc2/ to /etc/ -# etc/ files can be symlinked; etc2/ files must be copied (tools that refuse symlinks) -set -eu - -# CHEZMOI_SOURCE_DIR is set by chezmoi when executing run scripts - -# etc/ — symlink-friendly configs -for f in \ - modules-load.d/tcp_bbr.conf \ - pacman.d/hooks/orphans.hook \ - sysctl.d/99-sysctl.conf \ - systemd/system.conf.d/timeout.conf -do - doas mkdir -p "/etc/$(dirname "$f")" - doas cp --remove-destination "$CHEZMOI_SOURCE_DIR/etc/$f" "/etc/$f" -done - -# etc2/ — must be real files (e.g. reflector refuses symlinks) -for f in \ - xdg/reflector/reflector.conf -do - doas mkdir -p "/etc/$(dirname "$f")" - doas cp --remove-destination "$CHEZMOI_SOURCE_DIR/etc2/$f" "/etc/$f" -done diff --git a/run_onchange_after_deploy-etc.sh.tmpl b/run_onchange_after_deploy-etc.sh.tmpl new file mode 100755 index 0000000..921d956 --- /dev/null +++ b/run_onchange_after_deploy-etc.sh.tmpl @@ -0,0 +1,20 @@ +#!/bin/sh +# Deploy system-level configs from etc/ to /etc/ +# chezmoi re-runs this script when any hash below changes. +# {{ include "etc/modules-load.d/tcp_bbr.conf" | sha256sum }} +# {{ include "etc/pacman.d/hooks/orphans.hook" | sha256sum }} +# {{ include "etc/sysctl.d/99-sysctl.conf" | sha256sum }} +# {{ include "etc/systemd/system.conf.d/timeout.conf" | sha256sum }} +# {{ include "etc/xdg/reflector/reflector.conf" | sha256sum }} +set -eu + +for f in \ + modules-load.d/tcp_bbr.conf \ + pacman.d/hooks/orphans.hook \ + sysctl.d/99-sysctl.conf \ + systemd/system.conf.d/timeout.conf \ + xdg/reflector/reflector.conf +do + doas mkdir -p "/etc/$(dirname "$f")" + doas cp --remove-destination "$CHEZMOI_SOURCE_DIR/etc/$f" "/etc/$f" +done diff --git a/run_onchange_after_deploy-firefox.sh b/run_onchange_after_deploy-firefox.sh deleted file mode 100755 index affea64..0000000 --- a/run_onchange_after_deploy-firefox.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -# Deploy Firefox/LibreWolf hardening overrides and custom CSS -set -eu - -# CHEZMOI_SOURCE_DIR is set by chezmoi when executing run scripts - -# Find LibreWolf profile directory (first profile with a default=1 marker) -PROFILES_DIR="$HOME/.librewolf" -if [ -d "$PROFILES_DIR" ]; then - PROFILE=$(find "$PROFILES_DIR" -maxdepth 1 -mindepth 1 -type d -name '*.default-default' | head -1) - if [ -z "$PROFILE" ]; then - PROFILE=$(find "$PROFILES_DIR" -maxdepth 1 -mindepth 1 -type d | head -1) - fi - - if [ -n "$PROFILE" ]; then - cp --remove-destination "$CHEZMOI_SOURCE_DIR/firefox/user-overrides.js" "$PROFILE/user-overrides.js" - mkdir -p "$PROFILE/chrome" - cp --remove-destination "$CHEZMOI_SOURCE_DIR/firefox/chrome/userChrome.css" "$PROFILE/chrome/userChrome.css" - fi -fi diff --git a/run_onchange_after_deploy-firefox.sh.tmpl b/run_onchange_after_deploy-firefox.sh.tmpl new file mode 100755 index 0000000..b8bf309 --- /dev/null +++ b/run_onchange_after_deploy-firefox.sh.tmpl @@ -0,0 +1,20 @@ +#!/bin/sh +# Deploy Firefox/LibreWolf hardening overrides and custom CSS +# chezmoi re-runs this script when any hash below changes. +# {{ include "firefox/user-overrides.js" | sha256sum }} +# {{ include "firefox/chrome/userChrome.css" | sha256sum }} +set -eu + +PROFILES_DIR="$HOME/.librewolf" +if [ -d "$PROFILES_DIR" ]; then + PROFILE=$(find "$PROFILES_DIR" -maxdepth 1 -mindepth 1 -type d -name '*.default-default' | head -1) + if [ -z "$PROFILE" ]; then + PROFILE=$(find "$PROFILES_DIR" -maxdepth 1 -mindepth 1 -type d | head -1) + fi + + if [ -n "$PROFILE" ]; then + cp --remove-destination "$CHEZMOI_SOURCE_DIR/firefox/user-overrides.js" "$PROFILE/user-overrides.js" + mkdir -p "$PROFILE/chrome" + cp --remove-destination "$CHEZMOI_SOURCE_DIR/firefox/chrome/userChrome.css" "$PROFILE/chrome/userChrome.css" + fi +fi -- cgit v1.2.3-70-g09d2