diff options
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/pacman.d/hooks/pacman-cache-cleanup.hook | 11 | ||||
| -rwxr-xr-x | etc/systemd/system-sleep/50-snx-rs | 25 | ||||
| -rw-r--r-- | etc/systemd/system/snx-rs.service | 13 |
3 files changed, 30 insertions, 19 deletions
diff --git a/etc/pacman.d/hooks/pacman-cache-cleanup.hook b/etc/pacman.d/hooks/pacman-cache-cleanup.hook new file mode 100644 index 0000000..a22ff15 --- /dev/null +++ b/etc/pacman.d/hooks/pacman-cache-cleanup.hook @@ -0,0 +1,11 @@ +[Trigger] +Type = Package +Operation = Remove +Operation = Install +Operation = Upgrade +Target = * + +[Action] +Description = Removing obsolete cached package files (keeping the latest two)... +When = PostTransaction +Exec = /usr/bin/paccache -rvk2 diff --git a/etc/systemd/system-sleep/50-snx-rs b/etc/systemd/system-sleep/50-snx-rs index 5241126..3738f72 100755 --- a/etc/systemd/system-sleep/50-snx-rs +++ b/etc/systemd/system-sleep/50-snx-rs @@ -1,5 +1,5 @@ #!/bin/sh -# Bounce the user-scope snx-rs (Check Point) tunnel around suspend/hibernate. +# Bounce the system-scope snx-rs (Check Point) tunnel around suspend/hibernate. # # Problem: during suspend the IKE SA keepalive is interrupted and the SAML # session cookie may expire. snx-rs doesn't detect this — the daemon @@ -25,21 +25,8 @@ case "$1" in *) exit 0 ;; esac -# Iterate over every logged-in user that has the snx-rs.service enabled. -# loginctl list-users gives us "UID USER" pairs. -loginctl list-users --no-legend 2>/dev/null | - awk '{print $1, $2}' | - while read -r uid user; do - [ -n "$uid" ] && [ -n "$user" ] || continue - runtime="/run/user/$uid" - [ -d "$runtime" ] || continue - # Skip users without snx-rs enabled to avoid spurious "Unit not found". - runuser -u "$user" -- env \ - "XDG_RUNTIME_DIR=$runtime" \ - "DBUS_SESSION_BUS_ADDRESS=unix:path=$runtime/bus" \ - systemctl --user is-enabled snx-rs.service >/dev/null 2>&1 || continue - runuser -u "$user" -- env \ - "XDG_RUNTIME_DIR=$runtime" \ - "DBUS_SESSION_BUS_ADDRESS=unix:path=$runtime/bus" \ - systemctl --user "$action" snx-rs.service || true - done +# The command-mode daemon runs as a system service because it configures +# routes, DNS, and tunnel interfaces. Ignore missing/disabled states so this +# hook remains harmless on non-work profiles. +systemctl is-enabled snx-rs.service >/dev/null 2>&1 || exit 0 +systemctl "$action" snx-rs.service || true diff --git a/etc/systemd/system/snx-rs.service b/etc/systemd/system/snx-rs.service new file mode 100644 index 0000000..6e8953c --- /dev/null +++ b/etc/systemd/system/snx-rs.service @@ -0,0 +1,13 @@ +[Unit] +Description=SNX-RS VPN client +After=network.target network-online.target +Wants=network-online.target + +[Service] +Type=simple +ExecStart=/home/sommerfeld/.nix-profile/bin/snx-rs -m command -l info +Restart=on-failure +RestartPreventExitStatus=1 2 255 + +[Install] +WantedBy=multi-user.target |