# Paths excluded from `just etc-drift` output.
# Shell-glob patterns (case $path in $pat) work here: *, ?, [].

# Per-host state / auto-generated
/etc/machine-id
/etc/adjtime
/etc/.updated
/etc/.pwd.lock
/etc/mtab
/etc/ld.so.cache

# Per-host identity / secrets
/etc/ssh/ssh_host_*
/etc/shadow
/etc/shadow-
/etc/gshadow
/etc/gshadow-
/etc/passwd-
/etc/group-

# Regenerated by tools (not worth versioning)
/etc/resolv.conf
/etc/ssl/certs/*
/etc/ca-certificates/extracted/*
/etc/pacman.d/gnupg/*
/etc/pacman.d/mirrorlist

# Managed by useradd (podman uses them)
/etc/subuid
/etc/subgid
/etc/subuid-
/etc/subgid-

# sbctl signed-boot state (keys live here; never commit)
/etc/secureboot/*