diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-29 11:18:13 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-29 11:18:13 +0100 |
| commit | 7ad6f474634f7c359264053bf0f8e93a9bdd37b1 (patch) | |
| tree | 56b94c94a40a118e12ba5e4bedf975224e4754a0 /dot_config/gtk-3.0 | |
| parent | aabcdc206246aa935790908f2ab7e7edcc88b3b9 (diff) | |
| download | dotfiles-7ad6f474634f7c359264053bf0f8e93a9bdd37b1.tar.gz dotfiles-7ad6f474634f7c359264053bf0f8e93a9bdd37b1.tar.bz2 dotfiles-7ad6f474634f7c359264053bf0f8e93a9bdd37b1.zip | |
feat(suspend): bounce snx-rs around system sleep
snx-rs (Check Point VPN) doesn't notice that its tunnel died during
suspend: the IKE keepalive is interrupted and the SAML cookie may
expire, but the daemon happily sits on dead sockets after resume.
`snxctl status` keeps reporting "Connected" while no traffic
actually flows, so the user has to manually disconnect+reconnect.
Install an /etc/systemd/system-sleep/ hook that stops the user-scope
snx-rs.service before suspend and starts it on resume. The tunnel is
left disconnected after resume; the waybar toggle (or any
`snxctl connect`) re-establishes it, going through SAML only if the
cached cookie has actually expired.
The hook enumerates logged-in users via loginctl and skips any that
don't have snx-rs.service enabled, so it's a no-op on machines that
don't use the VPN.
Also teach run_onchange_after_deploy-etc.sh.tmpl to install files
under etc/systemd/system-sleep/ with mode 0755 (systemd ignores
sleep hooks that aren't executable).
Diffstat (limited to 'dot_config/gtk-3.0')
0 files changed, 0 insertions, 0 deletions