From 173a614eea1c787e10fe873ef3c334bb284368a2 Mon Sep 17 00:00:00 2001
From: sommerfeld <sommerfeld@sommerfeld.dev>
Date: Tue, 21 Apr 2026 01:23:47 +0100
Subject: feat(etc/.ignore): exclude wireguard .network (contains public IPs)

---
 etc/.ignore | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'etc/.ignore')

diff --git a/etc/.ignore b/etc/.ignore
index 2e2885a..e27185c 100644
--- a/etc/.ignore
+++ b/etc/.ignore
@@ -42,7 +42,7 @@
 # sbctl signed-boot state (keys live here; never commit)
 /etc/secureboot/*
 
-# WireGuard peer configs contain PrivateKey= — keep local only.
-# To version these, template PrivateKey via `pass` at chezmoi apply time.
-/etc/systemd/network/99-hodor.netdev
-/etc/systemd/network/99-mandibles.netdev
+# WireGuard peer configs — .netdev has PrivateKey=, .network has public IPs (PII).
+# Keep local only. To version: template secrets via `pass` at chezmoi apply time.
+/etc/systemd/network/99-hodor.*
+/etc/systemd/network/99-mandibles.*
-- 
cgit v1.2.3-70-g09d2