blob: 31f9ec08ba96033e88b0d28e94029621f61012c2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
# Paths excluded from `just etc-drift` output.
# Shell-glob patterns (case $path in $pat) work here: *, ?, [].
# Per-host state / auto-generated
/etc/machine-id
/etc/adjtime
/etc/.updated
/etc/.pwd.lock
/etc/mtab
/etc/ld.so.cache
/etc/hostname
/etc/xml/catalog
# Per-host identity / secrets
/etc/ssh/ssh_host_*
/etc/passwd
/etc/passwd-
/etc/group
/etc/group-
/etc/shadow
/etc/shadow-
/etc/gshadow
/etc/gshadow-
/etc/shells
# pacman leftovers from removed packages
*.pacsave
*.pacsave.*
*.pacnew
*.pacorig
# Regenerated by tools (not worth versioning)
/etc/resolv.conf
/etc/ssl/certs/*
/etc/ca-certificates/extracted/*
/etc/pacman.d/gnupg/*
/etc/pacman.d/mirrorlist
# Host-specific (UUIDs, partition layout)
/etc/fstab
# Managed by useradd (podman uses them)
/etc/subuid
/etc/subgid
/etc/subuid-
/etc/subgid-
# sbctl signed-boot state (keys live here; never commit)
/etc/secureboot/*
# WireGuard peer configs — .netdev has PrivateKey=, .network has public IPs (PII).
# Keep local only. To version: template secrets via `pass` at chezmoi apply time.
/etc/systemd/network/99-hodor.*
/etc/systemd/network/99-mandibles.*
# Contains hardcoded username (autologin); host-specific
/etc/systemd/system/getty@tty1.service.d/override.conf
|
