# Large binary files — download/build these, don't commit them
*.deb
*.zip
*.wim
*.iso
*.efi
*.sdi

# OneDrive download artifacts
OneDrive_*/

# Error folders from OneDrive download
__*/
___*.txt

# Original OneDrive folder structure (reorganized into autoinstall/ and playbook/)
WestJeff*/

# Duplicate at root (canonical copy in unattend/)
/FlatUnattendW10.xml

# Offline packages (built by download-packages.sh)
offline-packages/

# Boot tool binaries (built by prepare-boot-tools.sh). Everything
# under boot-tools/ is local artifact cache - EXCEPT grub-blancco.cfg,
# which is the source-of-truth config embedded into Blancco's
# grubx64.efi at build time and must be version-controlled.
boot-tools/*
!boot-tools/blancco/
boot-tools/blancco/*
!boot-tools/blancco/grub-blancco.cfg

# WinPE boot files (wimboot, boot.wim, BCD, ipxe.efi, etc.)
boot-files/

# Python wheels for offline install (built by download-packages.sh)
pip-wheels/

# Deployment images (imported via webapp or USB)
geastandardpbr/

# OS files
.DS_Store
Thumbs.db

# Python
__pycache__/
*.pyc
*.pyo
venv/

# MOK Secure Boot signing keys (contains private key)
mok-keys/

# Secrets
secrets.md
**/eMxInfo*.txt
*.ppkg
enrollment/
drivers-staging/
bios-staging/
.claude/

# Secrets and credentials (defensive)
.env
.env.*
!.env.example
!.env.*.example
*.pem
*.key
id_rsa
id_rsa.*
*.ppk
*.p12
*.pfx
secrets.json
secrets.yaml
secrets.yml
*_secret
*_secrets
credentials.json
