| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
doas matches the 'cmd' rule literally against argv[0], not against
the resolved PATH lookup. With 'cmd /usr/bin/poweroff' in doas.conf,
'doas poweroff' is denied silently — works only as 'doas /usr/bin/poweroff'.
The interactive shell aliases sudo->doas and was hiding the issue
when typing the bare command in a terminal (PATH expansion happens
in the shell before doas sees argv[0]... only when explicitly typed
with absolute path).
|
| |
|
|
|
|
|
|
|
|
|
| |
listing
- Mod+Shift+e: swaynag now offers Lock / Logout / Reboot / Poweroff
instead of just 'Exit sway? Yes'. Reboot+Poweroff use doas; that's
already nopass-permitted for wheel in etc/doas.conf
- fuzzel.ini: drop list-executables-in-path=yes (back to upstream
default). The launcher now shows only .desktop entries; power
actions live in the Mod+Shift+e menu
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- systemd-units/system/bt.txt: new file pairing the meta/bt.txt group;
enables bluetooth.service via 'just unit-apply'
- waybar: add the built-in bluetooth module; on-click runs the same
bt-toggle.sh that XF86Bluetooth has always invoked. Status colors:
blue when adapter is up, green when a device is connected, gray off
- sway: XF86WLAN now runs wifi-toggle.sh (iwd D-Bus) instead of
'rfkill toggle wifi'. The latter required rfkill group membership
(user is in wheel only), and aligning on the busctl path means the
keybind and the waybar click drive the same code
XF86RFKill (panic-disable all radios) keeps using 'rfkill toggle all' —
that scope is genuinely rfkill-shaped.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
MEM, drop LOAD label
- modules-right: tray moved past clock to the rightmost slot;
disk dropped (used% on btrfs is ambiguous and the value rarely moves)
- custom/memory: drop the available-side readout, output 'MEM 3.2G 40%'
instead of 'MEM 3.2G (40%) / 4.5G (56%)'
- cpu: drop the 'LOAD' literal — bare '{load:0.2f}' next to the usage%
is unambiguous in context
The disk module config block is left intact for easy reactivation.
|
| |
|
|
|
|
|
| |
Read-only stats (cpu, temp, memory, disk, network, battery, privacy)
on the left half of modules-right; interactive ones (pulseaudio mute,
wifi toggle, idle_inhibitor, mako history, thunderbird, tray, clock)
clustered on the right.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- cpu: append 'LOAD {load:0.2f}' (1-min load average) to every state
- custom/wifi: left click toggles iwd Powered via D-Bus (new wifi-toggle.sh)
- custom/notifications: left click opens fuzzel history picker
(mako-history.sh, previously bound to middle-click); the awkward
per-click 'makoctl dismiss' is dropped — dismiss-all stays on right,
restore stays on middle
- clock: left click runs tb-toggle.sh (closest practical proxy for
'open Calendar tab' — Thunderbird hasn't shipped a -calendar CLI flag
since Lightning was integrated, so the user lands on whatever tab TB
was last on)
|
| |
|
|
|
| |
5s still wasn't enough on cold boot — Thunderbird kept racing the SMTP
listener and showing the connection-failure dialog.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
zprofile sets PASSWORD_STORE_DIR to $XDG_DATA_HOME/password-store, but
systemd-user-launched services (notably waybar's tb-unread.sh, which
calls 'pass show') don't inherit it. Sway is started from the login
shell so the var is in its environment — propagate it to the user
manager and dbus activation env, same pattern as the XDG_SESSION_*
vars.
Resolves the same problem already worked around for
protonmail-bridge.service via a drop-in override; that override is
now redundant but kept as belt-and-braces.
|
| |
|
|
|
|
|
|
|
|
|
| |
Polls the protonmail-bridge IMAP socket every 60s with STATUS INBOX
(UNSEEN), displays the count next to the tray, and clicking the badge
runs tb-toggle.sh to bring TB out of the scratchpad (or launch it).
Setup: store bridge credentials in pass at email/protonmail-bridge/{user,
pass}. The bridge surfaces them via 'protonmail-bridge --cli' -> 'info'.
With no entries (or with the bridge unreachable) the module shows
'MAIL ?' in red and is otherwise inert.
|
| |
|
|
|
|
| |
The IMAP '* OK' banner arrives before the SMTP listener on 1025 is
fully ready. 1s wasn't always enough — Thunderbird would still race
into a 'failed to connect to 127.0.0.1, please retry' dialog.
|
| |
|
|
| |
This reverts commit 8b6d81742fa71aff76e602edc023c45ca4b38066.
|
| |
|
|
|
|
|
| |
ProtonMail Bridge cold-start (keyring unlock + account decryption)
occasionally exceeds 60s, so the IMAP '* OK' banner never arrives in
time and Thunderbird launches into a 'failed to connect to 127.0.0.1,
please retry' dialog. Triple the budget to 180s.
|
| |
|
|
| |
This reverts commit 9c051b2cb47ca6e60b6c76877be78cc529d9f4da.
|
| |
|
|
|
|
|
|
| |
Flatpak Thunderbird has a slower cold start than the native package
used to. On a busy session start, the main window with the tb-main
mark sometimes appears after the existing 20s budget, and the script
exits without moving it to the scratchpad — leaving TB tiled on the
current workspace.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two issues with the sway autostart of signal.service:
1. Electron picks its tray backend from XDG_SESSION_TYPE and
XDG_SESSION_DESKTOP. The sway config only imported DISPLAY,
WAYLAND_DISPLAY, SWAYSOCK and XDG_CURRENT_DESKTOP into the systemd
user manager, so services launched there got a partial env and
Electron registered no SNI tray icon. Worked when launched from a
terminal (which inherits sway's full env, including the bits set by
pam_systemd). Add the two missing variables to both
systemctl import-environment and dbus-update-activation-environment.
2. With minimize-to-tray on, Electron treats SIGTERM as a window-close
and just hides the window, so 'systemctl --user stop signal' did
nothing visible until the 90s default timeout SIGKILLed. Switch to
ExecStop=flatpak kill org.signal.Signal, which uses flatpak's own
instance manager to actually terminate the sandboxed app, plus a
short TimeoutStopSec as a safety net.
|
| |
|
|
| |
This reverts commit 6eafc884f77a367f04dc4e7b35ca999de5bea271.
|
| |
|
|
|
|
|
|
| |
Without this, signal.service races with waybar at session start: if
Signal asks for the SNI watcher before waybar has registered it on
the bus, it launches with no tray icon and --start-in-tray hides the
main window with no way to bring it back. Add Requires/After=waybar
and an ExecStartPre that polls busctl for the watcher (up to 30s).
|
| |
|
|
|
|
|
| |
Sway does not honour XDG $HOME/.config/autostart/, so the in-app
'start at login' toggle is a no-op. Use a user unit wired into
sway-session.target with --start-in-tray, matching the existing
waybar/swayidle/cliphist/etc. pattern.
|
| | |
|
| |
|
|
|
|
|
|
| |
Same sandbox model, but the Google-phone-home bits (Safe Browsing
pings, sync, FLoC/topics, variation seed, etc.) are patched out at
build time. Better aligned with the LibreWolf+arkenfox philosophy
applied to the primary browser. Update lag vs upstream Chromium is
acceptable since this is only the fallback browser.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Defense-in-depth for the cross-sandbox handoff vector: when the
LibreWolf/Thunderbird flatpaks open a downloaded PDF or video via the
OpenURI portal, the receiving app currently runs natively with full
$HOME access — defeating part of the browser/mail isolation.
- meta/flatpak.txt: add org.pwmt.zathura, io.mpv.Mpv
- meta/wayland.txt: drop native zathura + zathura-pdf-mupdf
- meta/media.txt: keep native mpv (streamlink, /tmp/mpvsocket IPC,
fast yt-dlp) — flatpak mpv is *additional*, only as the mimeapps
default for video/audio to receive sandboxed handoffs
- dot_config/mimeapps.list: rewrite mpv.desktop -> io.mpv.Mpv.desktop,
zathura-pdf-mupdf.desktop -> org.pwmt.zathura.desktop, and replace
stale userapp-Thunderbird-* entries with org.mozilla.Thunderbird.desktop
- run_onchange_after_deploy-flatpak-overrides.sh.tmpl (new):
--filesystem=xdg-config/{zathura,mpv}:ro so the flatpaks read our
chezmoi-managed configs as a single source of truth
- README: media row + new deploy-script row
Manual one-shot on host: chezmoi apply -v.
The pteid bridge already iterates a flatpak app list, so cartão de
cidadão remains correctly registered for the Mozilla flatpaks. Native
mpv config (input-ipc-server) keeps working since each flatpak has its
own /tmp; no socket collision.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Both apps support digital signatures via NSS — Okular through Poppler,
LibreOffice natively. Extend the pteid bridge to also register
libpteidpkcs11.so in their per-flatpak ~/.pki/nssdb (single shared DB,
unlike Mozilla's per-profile model).
Refactored the script around two helpers (apply_override, register_in_profile)
and two app tables (MOZILLA_APPS for per-profile, SHARED_NSS_APPS for
single-DB). register_in_profile auto-creates the NSS DB with certutil -N
if missing, since neither Okular nor LibreOffice initialise it on first run.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move Thunderbird from native pacman to org.mozilla.Thunderbird flatpak,
mirroring the LibreWolf migration. Bubblewrap isolates the mail client from
the rest of $HOME (ssh keys, password store, gpg sockets); intra-process
isolation regression is real but minor (same tradeoff as the browser).
Three cross-sandbox glue points handled in repo:
- run_onchange_after_deploy-thunderbird.sh.tmpl: profile path moves from
~/.thunderbird to ~/.var/app/org.mozilla.Thunderbird/.thunderbird
- run_onchange_after_deploy-pteid-pkcs11.sh.tmpl: refactored to iterate
over (LibreWolf, Thunderbird) instead of hard-coding LibreWolf, so
cartão de cidadão signing/encryption works for S/MIME in TB
- run_onchange_after_deploy-tb-eer.sh.tmpl (new): bridges
external-editor-revived's native messaging host into the sandbox via
a flatpak-spawn --host wrapper + relocated manifest
Other surfaces (Bridge, Radicale, libsecret, mako, OpenPGP) are covered
by Flathub default permissions.
Manual one-shot migration on host (after pulling + just sync): close TB,
copy ~/.thunderbird/. into ~/.var/app/org.mozilla.Thunderbird/.thunderbird/,
chezmoi apply -v, then xdg-mime default org.mozilla.Thunderbird.desktop
x-scheme-handler/mailto. Once verified working, archive the old profile
via mv ~/.thunderbird ~/.thunderbird.pre-flatpak.bak.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cartão de cidadão web authentication needs the libpteidpkcs11.so module
loaded into LibreWolf's NSS database. With both apps now sandboxed in
separate flatpaks, neither can see the other by default.
Add a chezmoi onchange script that, when both flatpaks are installed:
- Resolves the pt.gov.autenticacao install dir + .so path on the host
- Grants LibreWolf flatpak read-only filesystem access to that dir,
--socket=pcsc, and an LD_LIBRARY_PATH so the bundled deps (libxerces,
libcjose, etc.) resolve at dlopen time
- Registers the module in each LibreWolf NSS profile via modutil, with
the path rewritten to /run/host/... as seen from inside the sandbox
- Skips silently when LibreWolf is running (modutil would corrupt the DB)
Hash gate includes the pt.gov.autenticacao line from meta/flatpak.txt so
the override + registration auto-refresh on bundle bumps. Idempotent.
Also explicit pcsc-lite + ccid in meta/extra.txt — they were transitive
deps of the removed autenticacao-gov-pt-bin AUR package; pcscd.socket
in systemd-units/system/base.txt would otherwise fail to activate.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extend meta/flatpak.txt format to allow per-line URL for non-Flathub
.flatpak bundles. Lines are now either '<id>' (Flathub) or '<id> <url>'
(downloaded + installed via 'flatpak install <file>'). Bundle entries
are skipped on pkg-apply/pkg-fix when already installed, and re-fetched
on flatpak-update only when the version embedded in the URL differs
from the installed version.
Use this to migrate Portuguese Citizen Card (pteid-mw) off the AUR
'autenticacao-gov-pt-bin' pseudo-flatpak unpack to the upstream-shipped
flatpak bundle from amagovpt/autenticacao.gov GitHub releases — same
codebase the AUR PKGBUILD already vendors, but properly sandboxed.
Refactors duplicated install logic in pkg-apply/pkg-fix into a private
_flatpak-install helper. ID-only contexts (pkg-status, undeclared,
pkg-list) now extract the first whitespace-separated token instead of
treating each line as a single ID.
Caveat: PKCS#11-based Citizen Card web auth in the LibreWolf flatpak
remains unsolved — the .so lives inside the autenticacao-gov sandbox
and would need a 'flatpak override' + 'modutil' bridge to be loaded
across sandboxes. The CLI/GUI eID app works as expected.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move LibreWolf from native librewolf-bin to Flathub
io.gitlab.librewolf-community. Bubblewrap isolates the browser from
$HOME (\\.ssh, password-store, gnupg, ssh-agent socket) at the cost
of namespace chroot + IPC/network namespace isolation between content
processes (mozilla bug 1756236, P3, considered defense-in-depth).
seccomp-bpf — the dominant sandbox layer — is preserved.
- meta/flatpak.txt: + io.gitlab.librewolf-community
- meta/browser.txt: - librewolf-bin
- run_onchange_after_deploy-firefox.sh.tmpl: profile path moves to
~/.var/app/io.gitlab.librewolf-community/.librewolf
- dot_config/mimeapps.list: librewolf.desktop -> flatpak app id
- dot_local/bin/executable_linkhandler: flatpak run wrapper
- README.md: blurb + new profile path
arkenfox-user.js + chezmoi user-overrides.js deploy keep working
unchanged because the flatpak profile is still on the host fs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Delete meta/gaming.txt entirely (no longer used; takes discord with it)
- Delete now-empty meta/office.txt; LibreOffice and Okular move to flatpak
- Trim meta/browser.txt: chromium and torbrowser-launcher now flatpaks
- New meta/flatpak.txt: 4 Flathub app IDs (chromium, okular, libreoffice,
torbrowser-launcher), under --user scope
- Add flatpak runtime to meta/extra.txt
- Teach pkg-apply / pkg-list / pkg-fix / pkg-add / pkg-status / undeclared
to branch on the magic 'flatpak' group name (no parallel recipe namespace)
- New flatpak-update recipe; update aggregate now refreshes flatpaks too
- _active-packages now skips flatpak.txt (it remains pacman-only)
- pkg-apply (no args) installs pacman groups together, then flatpaks
- First flatpak install auto-adds the flathub --user remote
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Install Nix (multi-user daemon) on Arch and wire up direnv so any project
can declare its toolchain in a flake.nix and get a hermetic dev shell on
cd. No NixOS, no home-manager, no migration off paru/chezmoi — just one
new package manager scoped to project dev shells.
- meta/nix.txt: nix from extra repo
- meta/dev.txt: direnv (general-purpose, not nix-specific)
- systemd-units/system/nix.txt: nix-daemon.socket (socket-activated)
- etc/nix/nix.conf: enable flakes + nix-command, trusted-users=@wheel,
auto-optimise-store, keep-outputs/derivations so direnv envs survive GC
- dot_config/direnv/direnvrc: load nix-direnv 3.1.1 via source_url with
pinned sha256 (not packaged for Arch; refusing -git AUR)
- dot_config/nix/templates/{flake.nix,dev/}: flake template usable via
'nix flake init -t ~/.config/nix/templates'
- dot_config/zsh/dot_zshrc: 'eval "$(direnv hook zsh)"'
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds the AUR package which deploys both the Thunderbird XPI (as a
system extension under /usr/lib/thunderbird/extensions) and the
native messaging host. After restart, TB picks up the extension
automatically.
Use case: review kernel-style patches received by email and reply
with inline review comments without TB mangling tabs/spaces or
auto-wrapping. The addon bypasses TB's compose editor entirely, so
the existing format=flowed/wraplength=72/reply_on_top prefs don't
apply to messages composed through it.
A pointer comment in thunderbird/user.js explains the relationship.
|
| |
|
|
|
|
|
|
|
| |
The Bridge presents a self-signed cert on its 127.0.0.1:1025 STARTTLS
listener, so git send-email's default cert verification fails with
SSL_verify_cert. Setting smtpSslCertPath to empty disables chain
verification for this single, loopback-only endpoint.
Per https://git-send-email.io/#step-2 (Proton Bridge note).
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a [sendemail] block targeting the local Bridge SMTP listener
(127.0.0.1:1025, STARTTLS) and a credential helper scoped to that URL
that fetches the password from pass (proton/bridge-smtp). The helper
command is public; the secret stays in the password store. The bridge
SMTP username (sensitive but not secret) goes in the per-identity
private overlay (~/doxfiles), not here.
Also pull in the Perl SMTP modules git send-email needs at runtime.
|
| |
|
|
|
|
| |
Drops the libggml-git transitive dependency in favor of llama.cpp-vulkan
(versioned release). Vulkan acceleration on UHD 620 is unlikely to help
with the base model, but this gets us off a rolling -git package.
|
| |
|
|
|
|
|
|
|
|
| |
large-v3-turbo-q5_0 ran ~1-2x realtime on the T490's CPU, making
push-to-talk feel sluggish. The base multilingual model is ~142 MB
(vs 547 MB) and runs ~7-10x realtime, dropping perceived latency on
short utterances from a few seconds to near-instant.
Quality on short EN/PT dictation remains usable; bump WHISPER_MODEL
to small or large-v3-turbo if accuracy matters more than latency.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Push-to-talk dictation toggle on Super+i: parecord captures 16 kHz mono
WAV, whisper-cli transcribes (auto language), output is typed via wtype
and copied to the clipboard.
Region OCR on Super+Shift+o: slurp + grim feed tesseract (eng+por),
result lands in the clipboard with a notification preview.
Adds wtype to wayland.txt; tesseract (+eng/por data) and whisper.cpp +
the large-v3-turbo-q5_0 model package to extra.txt.
|
| |
|
|
|
|
| |
Removing a user_pref line does not reset prefs.js — the previously-written
false value persists. Explicitly set both show_alert and use_system_alert
to true so the notification path is guaranteed on every startup.
|
| |
|
|
|
|
|
|
|
| |
- xkb variant altgr-intl: AltGr dead keys + direct Euro on AltGr+5.
Preserves bare ' " ` ~ ^ for code/shell.
- Compose on Right Ctrl (compose:rctrl). Leaves Right Alt for AltGr.
- New dot_XCompose with %L include + PT-PT guillemets, Euro, ordinals,
em/en dashes, ellipsis.
- KEYBINDS.md: new Typing / Input section with AltGr + Compose cheatsheet.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previous 'suppress the annoying Reminders dialog' change was too
aggressive — it disabled the master prefs that produce libnotify
toasts, not just the in-app dialogs.
- mail.biff.show_alert: false -> default (true). This is the pref
that fires the libnotify/mako notification on new mail.
- calendar.alarms.show: false -> default (true). Master alarm
switch; when false, no event notifications fire at all.
- Keep calendar.alarms.playsound=false for silence.
TB has no libnotify-only path for calendar; the Reminders dialog
is the alarm UI. Trade-off accepted.
|
| |
|
|
|
|
|
|
|
|
| |
- XF86Display replaces F7 for display-toggle.sh (dedicated HW key)
- XF86Tools opens floating pulsemixer (audio mixer TUI)
- XF86Keyboard opens KEYBINDS.md in glow (floating pager)
- XF86Favorites takes over mako history picker (from Super+Alt+n)
Adds generic [app_id="floating"] window rule so ghostty --class=floating
windows open floating. Adds glow to meta/base.txt.
|
| |
|
|
|
| |
tmux-style mnemonics. Bypasses NewPane's aspect-ratio auto-direction
which misfires on widescreens with pane_frames disabled.
|
| |
|
|
|
|
|
| |
Pair with the existing '$mod+w layout tabbed' to get a bspwm-like
monocle experience: one window visible, tabs along the top, status
bar intact. Cycle with Super+[ and Super+] (mimics browser tab
shortcuts).
|
| |
|
|
|
|
| |
The floating 'dismiss/snooze' window doesn't tile cleanly under sway.
Turn it off and rely on TB's libnotify-backed desktop notifications,
which mako renders like any other notification.
|
| |
|
|
|
|
|
|
| |
The bridge opens the IMAP listener before the keyring is unlocked, so a
port-open check returns true while the server would still reject logins.
Probe for the '* OK' IMAP greeting (the bridge only sends it once it can
actually service logins) and add a 1s grace period for SMTP (1025) to
catch up.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Default-deny inbound, allow outbound. Scoped to 'inet filter' with
'destroy table' on reload so podman/netavark tables are preserved.
- meta/base.txt: add nftables
- systemd-units/system/base.txt: enable nftables.service
- etc/nftables.conf: laptop ruleset (loopback, ct state, ICMP/ICMPv6
essentials, DHCPv6 client, default-drop input/forward, accept output)
- etc/sysctl.d/99-sysctl.conf: rp_filter=2, no redirects, no source-route,
log_martians
- README.md: firewall section with reload caveat
|
| |
|
|
|
|
|
|
| |
Going through xdg-open relied on mimeapps propagation and
update-desktop-database cache. Add a dedicated `view-md` opener
that invokes okular directly and route *.md, *.markdown, and
text/markdown files to it. Still orphan=true to avoid the
unfinished-tasks prompt.
|
| |
|
|
|
|
|
| |
Default yazi rule treats .md as text and hands it to $EDITOR.
Prepend a rule that uses the `open` opener (xdg-open, now pointed
at okular) so pressing Enter on a markdown file in yazi opens the
rendered view instead of nvim.
|
| |
|
|
|
|
|
| |
xdg-open was handing .md files to nvim, which is an editor — not
what we want for casual reading. okular (with discount installed)
renders markdown as a paged document, similar to how zathura
handles pdfs.
|
| |
|
|
|
|
|
|
|
| |
yazi tracks child processes as running tasks. Default `open`
opener runs `xdg-open` synchronously, so opening a pdf (or any
file handed off to an external viewer) leaves yazi convinced a task
is still running and it prompts 'unfinished tasks, quit anyway?' on
exit. orphan = true detaches the spawned process from yazi so the
quit is clean.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old etc-status scanned all of /etc (pacman -Qkk for modified
backup configs, then 'find /etc | xargs pacman -Qo' for unowned
files), producing a discovery report of things we might want to
track. That was useful when seeding the repo but is slow and
misaligned with dotfiles-status, which only reports drift on files
chezmoi already manages.
Rewrite etc-status to mirror that model: iterate etc/, render .tmpl
sources, and cmp against the live /etc file. Report 'modified' or
'missing' per tracked path. Runs in under a second and matches the
semantics of 'just status'.
Drop the now-unused etc/.ignore and update README.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Curate the user units whose definitions or overrides we manage under
dot_config/systemd/user/:
- graphical.txt: cliphist-{image,text}, display-watcher, swayidle,
waybar — all WantedBy=sway-session.target.
- mail.txt: protonmail-bridge.service — managed via a drop-in override.
Also extend user/.ignore with the socket-activated pipewire/wireplumber
stack and a handful of distro defaults so 'just unit-status' stays
quiet on a clean system.
|
sommerfeld