From 208877d1e682536aa737748fffe4560956d3908a Mon Sep 17 00:00:00 2001
From: sommerfeld <sommerfeld@sommerfeld.dev>
Date: Wed, 13 May 2026 13:43:16 +0100
Subject: feat(etc): template kernel cmdline, derive LUKS UUID from partition
 name

Prompt once at 'chezmoi init' time for the LUKS root partition (e.g.
nvme0n1p2) and store it under [data].luksRootPartition in the per-machine
chezmoi config. etc/kernel/cmdline.tmpl resolves the UUID at apply time
via lsblk, so reinstalls only require re-entering the partition name.

The etc deploy script now renders *.tmpl sources through
'chezmoi execute-template' and installs them without the suffix. The
resolved UUID is folded into the onchange hash so the script re-runs
when the UUID changes even if etc/ content is unchanged.

just etc-status/diff transparently handle .tmpl sources (strip suffix
for the live-path mapping, render before diffing). etc-re-add skips
.tmpl files since template sources can't be reverse-rendered from the
live file.
---
 run_onchange_after_deploy-etc.sh.tmpl | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'run_onchange_after_deploy-etc.sh.tmpl')

diff --git a/run_onchange_after_deploy-etc.sh.tmpl b/run_onchange_after_deploy-etc.sh.tmpl
index 04f72c1..e72b374 100755
--- a/run_onchange_after_deploy-etc.sh.tmpl
+++ b/run_onchange_after_deploy-etc.sh.tmpl
@@ -2,12 +2,24 @@
 # Deploy system-level configs from etc/ to /etc/.
 # chezmoi re-runs this script whenever any file under etc/ changes.
 # etc/ content hash: {{ output "sh" "-c" (printf "cd %q && find etc -type f ! -name .ignore -exec sha256sum {} + | LC_ALL=C sort" .chezmoi.sourceDir) | sha256sum }}
+# luks root uuid: {{ output "lsblk" "-no" "UUID" (printf "/dev/%s" .luksRootPartition) | trim }}
 set -eu
 
 cd "$CHEZMOI_SOURCE_DIR"
 find etc -type f ! -name .ignore | while IFS= read -r src; do
-    dest="/${src}"
-    doas install -D -m 0644 -o root -g root "$src" "$dest"
+    case "$src" in
+        *.tmpl)
+            dest="/${src%.tmpl}"
+            tmp=$(mktemp)
+            chezmoi execute-template <"$src" >"$tmp"
+            doas install -D -m 0644 -o root -g root "$tmp" "$dest"
+            rm -f "$tmp"
+            ;;
+        *)
+            dest="/${src}"
+            doas install -D -m 0644 -o root -g root "$src" "$dest"
+            ;;
+    esac
 done
 
 # doas refuses to parse /etc/doas.conf unless it's 0400 root:root
-- 
cgit v1.3.1