From cf5a2f46f0167c8495d28de5b1364c8bc460b6d0 Mon Sep 17 00:00:00 2001
From: sommerfeld <sommerfeld@sommerfeld.dev>
Date: Fri, 19 Jun 2026 17:57:23 +0100
Subject: Migrate VM dotfiles to chezmoi

Move VM dotfile deployment out of Home Manager and into chezmoi with a machineRole guard.

Add VM recipes for applying chezmoi state and restarting the Nix GnuPG agent.

Make host-only hooks no-op on the VM and render container storage per role.
---
 run_onchange_after_deploy-firefox.sh.tmpl | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'run_onchange_after_deploy-firefox.sh.tmpl')

diff --git a/run_onchange_after_deploy-firefox.sh.tmpl b/run_onchange_after_deploy-firefox.sh.tmpl
index c9e49be..a9c3a1d 100755
--- a/run_onchange_after_deploy-firefox.sh.tmpl
+++ b/run_onchange_after_deploy-firefox.sh.tmpl
@@ -1,3 +1,5 @@
+{{- $machineRole := default "host" (index . "machineRole") -}}
+{{- if eq $machineRole "host" -}}
 #!/usr/bin/env dash
 # Deploy Firefox/LibreWolf hardening and custom CSS.
 # chezmoi re-runs this script whenever any file under firefox/ or the nix
@@ -36,3 +38,9 @@ find firefox -type f | while IFS= read -r src; do
     mkdir -p "$(dirname "$dest")"
     cp --remove-destination "$src" "$dest"
 done
+{{- else -}}
+#!/usr/bin/env dash
+# Firefox/LibreWolf hardening is host-only.
+set -eu
+exit 0
+{{- end }}
-- 
cgit v1.3.1