From 33ff55507895af2c29a20ec7e7e707d317cb8ef1 Mon Sep 17 00:00:00 2001
From: Craig Jennings <c@cjennings.net>
Date: Sun, 12 Apr 2026 23:20:48 -0400
Subject: security: gitignore host configs, add .example templates

velox-{zfs,btrfs}.conf contain LUKS/ZFS passphrases and root passwords.
Untrack them and add velox-*.conf to .gitignore. Committed .example
templates show the expected structure with 'welcome' placeholders.
---
 .gitignore                         |  3 +++
 installer/velox-btrfs.conf         | 15 ---------------
 installer/velox-btrfs.conf.example | 15 +++++++++++++++
 installer/velox-zfs.conf           | 15 ---------------
 installer/velox-zfs.conf.example   | 15 +++++++++++++++
 5 files changed, 33 insertions(+), 30 deletions(-)
 delete mode 100644 installer/velox-btrfs.conf
 create mode 100644 installer/velox-btrfs.conf.example
 delete mode 100644 installer/velox-zfs.conf
 create mode 100644 installer/velox-zfs.conf.example

diff --git a/.gitignore b/.gitignore
index be56724..9b75c30 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,6 @@ reference-repos/
 docs/
 todo.org
 inbox/
+
+# Host-specific installer configs (contain secrets); see *.conf.example templates
+installer/velox-*.conf
diff --git a/installer/velox-btrfs.conf b/installer/velox-btrfs.conf
deleted file mode 100644
index af7c0c0..0000000
--- a/installer/velox-btrfs.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-# velox - Unattended archangel installation config (Btrfs)
-# Usage: archangel --config-file /root/velox-btrfs.conf
-
-FILESYSTEM=btrfs
-HOSTNAME=velox
-TIMEZONE=America/Chicago
-LOCALE=en_US.UTF-8
-KEYMAP=us
-
-DISKS=/dev/nvme0n1
-RAID_LEVEL=
-
-LUKS_PASSPHRASE=welcome
-ROOT_PASSWORD=welcome
-ENABLE_SSH=yes
diff --git a/installer/velox-btrfs.conf.example b/installer/velox-btrfs.conf.example
new file mode 100644
index 0000000..af7c0c0
--- /dev/null
+++ b/installer/velox-btrfs.conf.example
@@ -0,0 +1,15 @@
+# velox - Unattended archangel installation config (Btrfs)
+# Usage: archangel --config-file /root/velox-btrfs.conf
+
+FILESYSTEM=btrfs
+HOSTNAME=velox
+TIMEZONE=America/Chicago
+LOCALE=en_US.UTF-8
+KEYMAP=us
+
+DISKS=/dev/nvme0n1
+RAID_LEVEL=
+
+LUKS_PASSPHRASE=welcome
+ROOT_PASSWORD=welcome
+ENABLE_SSH=yes
diff --git a/installer/velox-zfs.conf b/installer/velox-zfs.conf
deleted file mode 100644
index a309843..0000000
--- a/installer/velox-zfs.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-# velox - Unattended archangel installation config
-# Usage: archangel --config-file /root/velox.conf
-
-FILESYSTEM=zfs
-HOSTNAME=velox
-TIMEZONE=America/Chicago
-LOCALE=en_US.UTF-8
-KEYMAP=us
-
-DISKS=/dev/nvme0n1
-RAID_LEVEL=
-
-ZFS_PASSPHRASE=welcome
-ROOT_PASSWORD=welcome
-ENABLE_SSH=yes
diff --git a/installer/velox-zfs.conf.example b/installer/velox-zfs.conf.example
new file mode 100644
index 0000000..a309843
--- /dev/null
+++ b/installer/velox-zfs.conf.example
@@ -0,0 +1,15 @@
+# velox - Unattended archangel installation config
+# Usage: archangel --config-file /root/velox.conf
+
+FILESYSTEM=zfs
+HOSTNAME=velox
+TIMEZONE=America/Chicago
+LOCALE=en_US.UTF-8
+KEYMAP=us
+
+DISKS=/dev/nvme0n1
+RAID_LEVEL=
+
+ZFS_PASSPHRASE=welcome
+ROOT_PASSWORD=welcome
+ENABLE_SSH=yes
-- 
cgit v1.2.3