From 3b2beec0ca95ce863a6cd4f7bf7be24247f96acd Mon Sep 17 00:00:00 2001
From: sommerfeld <sommerfeld@sommerfeld.dev>
Date: Wed, 13 May 2026 13:43:21 +0100
Subject: refactor(etc): narrow etc-status to tracked-file drift

The old etc-status scanned all of /etc (pacman -Qkk for modified
backup configs, then 'find /etc | xargs pacman -Qo' for unowned
files), producing a discovery report of things we might want to
track. That was useful when seeding the repo but is slow and
misaligned with dotfiles-status, which only reports drift on files
chezmoi already manages.

Rewrite etc-status to mirror that model: iterate etc/, render .tmpl
sources, and cmp against the live /etc file. Report 'modified' or
'missing' per tracked path. Runs in under a second and matches the
semantics of 'just status'.

Drop the now-unused etc/.ignore and update README.
---
 etc/.ignore | 57 ---------------------------------------------------------
 1 file changed, 57 deletions(-)
 delete mode 100644 etc/.ignore

(limited to 'etc')

diff --git a/etc/.ignore b/etc/.ignore
deleted file mode 100644
index 31f9ec0..0000000
--- a/etc/.ignore
+++ /dev/null
@@ -1,57 +0,0 @@
-# Paths excluded from `just etc-drift` output.
-# Shell-glob patterns (case $path in $pat) work here: *, ?, [].
-
-# Per-host state / auto-generated
-/etc/machine-id
-/etc/adjtime
-/etc/.updated
-/etc/.pwd.lock
-/etc/mtab
-/etc/ld.so.cache
-/etc/hostname
-/etc/xml/catalog
-
-# Per-host identity / secrets
-/etc/ssh/ssh_host_*
-/etc/passwd
-/etc/passwd-
-/etc/group
-/etc/group-
-/etc/shadow
-/etc/shadow-
-/etc/gshadow
-/etc/gshadow-
-/etc/shells
-
-# pacman leftovers from removed packages
-*.pacsave
-*.pacsave.*
-*.pacnew
-*.pacorig
-
-# Regenerated by tools (not worth versioning)
-/etc/resolv.conf
-/etc/ssl/certs/*
-/etc/ca-certificates/extracted/*
-/etc/pacman.d/gnupg/*
-/etc/pacman.d/mirrorlist
-
-# Host-specific (UUIDs, partition layout)
-/etc/fstab
-
-# Managed by useradd (podman uses them)
-/etc/subuid
-/etc/subgid
-/etc/subuid-
-/etc/subgid-
-
-# sbctl signed-boot state (keys live here; never commit)
-/etc/secureboot/*
-
-# WireGuard peer configs — .netdev has PrivateKey=, .network has public IPs (PII).
-# Keep local only. To version: template secrets via `pass` at chezmoi apply time.
-/etc/systemd/network/99-hodor.*
-/etc/systemd/network/99-mandibles.*
-
-# Contains hardcoded username (autologin); host-specific
-/etc/systemd/system/getty@tty1.service.d/override.conf
-- 
cgit v1.3.1