<feed xmlns='http://www.w3.org/2005/Atom'>
<title>dotfiles/etc, branch master</title>
<subtitle>My linux config and rc files</subtitle>
<id>https://git.sommerfeld.dev/dotfiles/atom/etc?h=master</id>
<link rel='self' href='https://git.sommerfeld.dev/dotfiles/atom/etc?h=master'/>
<link rel='alternate' type='text/html' href='https://git.sommerfeld.dev/dotfiles/'/>
<updated>2026-07-02T10:35:35Z</updated>
<entry>
<title>Prune stale dotfiles commentary</title>
<updated>2026-07-02T10:35:35Z</updated>
<author>
<name>sommerfeld</name>
<email>sommerfeld@sommerfeld.dev</email>
</author>
<published>2026-07-02T10:35:35Z</published>
<link rel='alternate' type='text/html' href='https://git.sommerfeld.dev/dotfiles/commit/?id=f0c626059451e1f8621600e610240739d5633560'/>
<id>urn:sha1:f0c626059451e1f8621600e610240739d5633560</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Remove SNX Waybar integration</title>
<updated>2026-07-02T10:35:35Z</updated>
<author>
<name>sommerfeld</name>
<email>sommerfeld@sommerfeld.dev</email>
</author>
<published>2026-07-02T10:35:35Z</published>
<link rel='alternate' type='text/html' href='https://git.sommerfeld.dev/dotfiles/commit/?id=e0e1068bf00ee4e0859e596610f087aa791141f8'/>
<id>urn:sha1:e0e1068bf00ee4e0859e596610f087aa791141f8</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Reduce Arch package surface</title>
<updated>2026-06-18T11:06:20Z</updated>
<author>
<name>sommerfeld</name>
<email>sommerfeld@sommerfeld.dev</email>
</author>
<published>2026-06-18T11:06:20Z</published>
<link rel='alternate' type='text/html' href='https://git.sommerfeld.dev/dotfiles/commit/?id=511793cba498f52b0f92904965ea5c9afa8b6ea4'/>
<id>urn:sha1:511793cba498f52b0f92904965ea5c9afa8b6ea4</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Reduce AUR package surface</title>
<updated>2026-06-14T23:55:43Z</updated>
<author>
<name>sommerfeld</name>
<email>sommerfeld@sommerfeld.dev</email>
</author>
<published>2026-06-14T23:55:43Z</published>
<link rel='alternate' type='text/html' href='https://git.sommerfeld.dev/dotfiles/commit/?id=bb607b3cdb027a2d02cf2111b8ee12dab172efad'/>
<id>urn:sha1:bb607b3cdb027a2d02cf2111b8ee12dab172efad</id>
<content type='text'>
Move pass-secret-service, snx-rs, and Sparrow under Nix/Home Manager.

Track the snx-rs system unit, pass-secret-service user unit, and pacman cache cleanup hook in the repo.

Drop the mkinitcpio firmware metapackage, overdue, pacman-cleanup-hook, and the standalone btc package group.
</content>
</entry>
<entry>
<title>Move more host tooling to Nix</title>
<updated>2026-06-05T10:06:02Z</updated>
<author>
<name>sommerfeld</name>
<email>sommerfeld@sommerfeld.dev</email>
</author>
<published>2026-06-05T10:06:02Z</published>
<link rel='alternate' type='text/html' href='https://git.sommerfeld.dev/dotfiles/commit/?id=b0e83e2ee3fc328e55119ee7c1f09ad7ed20a635'/>
<id>urn:sha1:b0e83e2ee3fc328e55119ee7c1f09ad7ed20a635</id>
<content type='text'>
</content>
</entry>
<entry>
<title>feat(kernel): swap stock linux for linux-lts as fallback kernel</title>
<updated>2026-05-29T10:18:16Z</updated>
<author>
<name>sommerfeld</name>
<email>sommerfeld@sommerfeld.dev</email>
</author>
<published>2026-05-29T10:18:16Z</published>
<link rel='alternate' type='text/html' href='https://git.sommerfeld.dev/dotfiles/commit/?id=a6f1e9026e5d19b50c7c522e30e6f216fc9f8180'/>
<id>urn:sha1:a6f1e9026e5d19b50c7c522e30e6f216fc9f8180</id>
<content type='text'>
Promotes linux-hardened to the sole primary kernel and replaces
linux with linux-lts as the safety-net fallback. Rationale:

- linux and linux-hardened track the same upstream major version
  and ship within days of each other, so 'linux' was a poor
  fallback for the regression class that historically takes out
  the hardened kernel on this hardware (e.g. checkpoint 026
  wake-from-suspend panic). linux-lts lags by weeks/months and is
  almost always known-good when hardened breaks.
- Drop etc/mkinitcpio.d/linux.preset, add linux-lts.preset.
  Hardened preset header + bootstrap.sh efibootmgr instructions
  updated accordingly (hardened registered first so it's the
  default; lts registered as the on-demand fallback).
- Also add mkinitcpio-firmware (AUR) to silence the spurious
  'missing firmware' warnings during initramfs builds.

Manual host-side steps after deploy:
  paru -S linux-lts linux-lts-headers mkinitcpio-firmware
  sudo pacman -Rsn linux  # or via 'just pkg-apply' undeclared flow
  sudo rm -f /etc/mkinitcpio.d/linux.preset  # chezmoi-deployed, not pkg-owned
  sudo mkinitcpio -P
  sudo efibootmgr  # add the Arch LTS entries, drop the stock linux ones

Note: meta/nvidia.txt still lists 'linux-headers' for nvidia-dkms.
That's a per-host concern; flagged for follow-up if any nvidia host
moves to the linux-lts world.
</content>
</entry>
<entry>
<title>feat(etc/resolved): forward single-label queries upstream</title>
<updated>2026-05-29T10:18:16Z</updated>
<author>
<name>sommerfeld</name>
<email>sommerfeld@sommerfeld.dev</email>
</author>
<published>2026-05-29T10:18:16Z</published>
<link rel='alternate' type='text/html' href='https://git.sommerfeld.dev/dotfiles/commit/?id=fdba57c9c05f321d3a75ae8f2e46e4053193744f'/>
<id>urn:sha1:fdba57c9c05f321d3a75ae8f2e46e4053193744f</id>
<content type='text'>
Enables ResolveUnicastSingleLabel=yes so non-FQDN names like
'sw-jenkins01' get sent to the configured DNS server instead of
being dropped to LLMNR/mDNS. Needed for corp shortname resolution
via Pi-hole CNAME records that point at *.xsight.ent (resolved by
unbound's forward-zone over the new WireGuard bridge).
</content>
</entry>
<entry>
<title>refactor(eer): install external-editor-revived via nix on the host</title>
<updated>2026-05-29T10:18:16Z</updated>
<author>
<name>sommerfeld</name>
<email>sommerfeld@sommerfeld.dev</email>
</author>
<published>2026-05-29T10:18:16Z</published>
<link rel='alternate' type='text/html' href='https://git.sommerfeld.dev/dotfiles/commit/?id=be3c6fda881bc11d5123d6b3a09ce9d250199b32'/>
<id>urn:sha1:be3c6fda881bc11d5123d6b3a09ce9d250199b32</id>
<content type='text'>
The AUR `external-editor-revived` PKGBUILD declares a hard `thunderbird`
dependency, which blocks removing the unused system Thunderbird binary
alongside the org.mozilla.thunderbird flatpak (and pacman's
`AssumeInstalled` is a CLI flag, not a pacman.conf directive, so the
previous workaround was nonfunctional).

Nixpkgs' `external-editor-revived` is just `rustPlatform.buildRustPackage`
plus a relocatable native-messaging manifest — zero mailer dep — so the
host gets it from nix instead.

* nix/host.nix: add `external-editor-revived` to `home.packages`. Kept
  out of `common.nix` so the remote-dev VM (which has no Thunderbird)
  doesn't carry the build closure.
* run_onchange_after_deploy-tb-eer.sh.tmpl: search
  `~/.nix-profile/{bin,lib/mozilla/native-messaging-hosts}` first and
  fall through to the legacy pacman paths. The chezmoi manifest-hash
  probe now checks the nix path too, so the hook re-runs cleanly when
  nix bumps the EER version.
* meta/base.txt: drop the `external-editor-revived` AUR entry and
  rewrite the comment to point at the nix declaration.
* etc/pacman.conf: revert the bogus `AssumeInstalled` directive
  (CLI-only, not pacman.conf).

On-host migration:

    home-manager switch --flake ~/dotfiles/nix#host    # picks up EER
    sudo pacman -Rns external-editor-revived thunderbird mpv
    chezmoi apply -v                                   # re-runs tb-eer hook
</content>
</entry>
<entry>
<title>refactor(flatpak): route mpv and thunderbird via flatpak; drop system pkgs</title>
<updated>2026-05-29T10:18:16Z</updated>
<author>
<name>sommerfeld</name>
<email>sommerfeld@sommerfeld.dev</email>
</author>
<published>2026-05-29T10:18:16Z</published>
<link rel='alternate' type='text/html' href='https://git.sommerfeld.dev/dotfiles/commit/?id=cd1c92b746a51a6994281f34a5f773c37d1d2dfe'/>
<id>urn:sha1:cd1c92b746a51a6994281f34a5f773c37d1d2dfe</id>
<content type='text'>
Both org.mozilla.thunderbird and io.mpv.Mpv are already installed via
flatpak, but several places still launched the system binaries (because
they were in PATH). Worse, `mpv` was kept on the host *only* for the
streamlink-launches-mpv path, and `thunderbird` was being pulled in as
a hard dep of external-editor-revived even though it was never the
mailer actually used. Untangle both.

Thunderbird
-----------
* dot_config/sway/executable_tb-toggle.sh,
  dot_config/sway/executable_tb-autostart.sh:
    swap `thunderbird` → `flatpak run org.mozilla.thunderbird`. The
    `app_id` matcher in sway config already targets the flatpak id, so
    the scratchpad-stash and Super+t toggle keep working unchanged.
* etc/pacman.conf:
    add `AssumeInstalled = thunderbird=999.0-1`. external-editor-revived
    (AUR) hard-depends on `thunderbird`; this satisfies the dep without
    installing the package. Run `sudo pacman -Rns thunderbird` after
    deploy to remove the now-unneeded system binary.
* meta/base.txt: document the AssumeInstalled trick next to the
  external-editor-revived entry.

mpv
---
* dot_config/streamlink/config: `player=mpv` → `player=flatpak run
  io.mpv.Mpv`. The flatpak already pulls in our ~/.config/mpv via the
  read-only filesystem override (see
  run_onchange_after_deploy-flatpak-overrides.sh.tmpl), so behavior is
  unchanged.
* dot_local/bin/executable_linkhandler: same swap for inline video URLs.
* dot_local/bin/executable_mpv: deleted. The wrapper only existed to
  bwrap /usr/bin/mpv into _sandbox-net-parser; flatpak's own sandbox
  supersedes that.
* dot_local/bin/executable__sandbox-net-parser,
  dot_local/bin/executable_streamlink: comment refresh — mpv is no
  longer one of the tools this wraps, and the streamlink wrapper now
  forwards to the flatpak player rather than nested-bwrap caveats.
* meta/base.txt: drop `mpv` from the host package list and update the
  surrounding comment.

README.md: refresh the media row of the stack table to match.

On-host steps:

    chezmoi apply -v
    sudo pacman -Syu                          # picks up AssumeInstalled
    sudo pacman -Rns thunderbird mpv          # safe now
    flatpak install -y flathub org.mozilla.thunderbird io.mpv.Mpv
    swaymsg reload                            # pick up new tb scripts
</content>
</entry>
<entry>
<title>refactor(suspend): gate suspend on AC, drop bespoke zellij inhibit</title>
<updated>2026-05-29T10:18:15Z</updated>
<author>
<name>sommerfeld</name>
<email>sommerfeld@sommerfeld.dev</email>
</author>
<published>2026-05-29T10:18:15Z</published>
<link rel='alternate' type='text/html' href='https://git.sommerfeld.dev/dotfiles/commit/?id=ec3734c5ef9fcfe97c21cd19f198ec779ab5f052'/>
<id>urn:sha1:ec3734c5ef9fcfe97c21cd19f198ec779ab5f052</id>
<content type='text'>
New, simpler suspend policy:

  AC plugged in   -&gt; never auto-suspends (lid close ignored, idle no-op)
  On battery only -&gt; lid close suspends, swayidle suspends at 30 min idle

This replaces the SSH/zellij-aware inhibit machinery with a rule that
matches the user's mental model: if you don't want the machine to
sleep, plug it in. Long-running tasks (builds, downloads, SSH
sessions, headless services) just need AC.

Changes:

* etc/systemd/logind.conf.d/20-lid-ac.conf: set
  HandleLidSwitchExternalPower=ignore so logind itself handles the AC
  case at the source. No userspace daemon, no race, no rate-limit risk.
* dot_local/bin/on-battery-suspend: tiny POSIX wrapper that exits 0
  when any /sys/class/power_supply/{AC,ADP}*/online == 1, else execs
  `systemctl suspend`.
* dot_config/systemd/user/swayidle.service: add
  `timeout 1800 on-battery-suspend`. Idle suspend now exists, but only
  when on battery.
* Delete zellij-inhibit-suspend.{path,service} + watcher script and
  remove the entry from systemd-units/user.txt. The .path
  re-trigger storm bug is moot because the whole mechanism is gone.

Manual suspends (sway XF86Sleep keybind, sway power submode `s`,
`systemctl suspend` over SSH) still always work regardless of AC --
explicit user intent wins.

Also drop /migrate-podman-to-btrfs.sh from .gitignore; the one-off
migration script has been deleted now that the user has switched their
podman storage to the btrfs driver.

On-host steps to apply:

  chezmoi apply -v
  systemctl --user daemon-reload
  systemctl --user reset-failed zellij-inhibit-suspend.service zellij-inhibit-suspend.path || true
  systemctl --user stop zellij-inhibit-suspend.path zellij-inhibit-suspend.service || true
  systemctl --user disable zellij-inhibit-suspend.path || true
  systemctl --user restart swayidle.service
  # logind drop-in is reloaded automatically by the etc deploy script.

Verify:

  systemctl status systemd-logind | grep -i lid
  loginctl show-session $XDG_SESSION_ID | grep -i lid
  # Unplug AC -&gt; close lid -&gt; should suspend.
  # Plug AC   -&gt; close lid -&gt; nothing happens.
</content>
</entry>
</feed>
