My linux config and rc files https://git.sommerfeld.dev/dotfiles/atom/dot_config/waybar/executable_arch-audit-status.sh?h=master 2026-05-13T12:43:35Z 2026-05-13T12:43:35Z sommerfeld sommerfeld@sommerfeld.dev 2026-05-13T12:43:35Z urn:sha1:bd50d1c05aceb1eecffcb479ab2bf8baa56fe078 Wiring: arch-audit.timer (daily, RandomizedDelaySec=1h, Persistent=true) → arch-audit.service (After=network-online.target) → /run/arch-audit.txt ('--upgradable' output, atomic via .tmp+mv) → custom/arch-audit waybar module (interval 300s) → mako 'critical' once/24h while count > 0 → on-click: `ghostty -e nvim -R /run/arch-audit.txt` The bar entry stays hidden when there are no fixable CVEs, fades in as red 'CVE N' the moment arch-audit finds at least one, and the throttled mako means you'll see exactly one notification per day instead of one per waybar poll. No -Sy refresh and no auto-update — this only reports the gap between what's installed and what's already in the repos. Why /run and not the user's runtime dir: the producer is a system unit (needs the system's pacman db on the network-online path), the consumer is a user-scope waybar that just reads it; /run is the canonical 'fast, volatile, world-readable' system-tmpfs and survives the reboot cycle in exactly the way we want — fresh empty file on every boot, repopulated on the next timer fire.