| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
| |
New custom/snx-vpn module sits next to custom/vpn (the wireguard one):
- snx-vpn-status.sh shells out to `snxctl status` (timeout 2s) and maps
the output to three states: down (grey strikethrough), connecting/MFA
(amber), up (green). Tooltip shows the full status block when up.
- snx-vpn-toggle.sh disconnects when up, runs snxctl-chromium detached
when down (so SAML lands in the flatpak ungoogled-chromium without
blocking waybar). Both paths refresh the module via SIGRTMIN+9.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
snx-rs.service is a system unit, not --user, so the prior approach of
overriding the daemon's PATH via a systemd drop-in could never apply.
And it wasn't needed anyway: snxctl itself runs opener::open(url)
in-process, so prepending the shim dir to snxctl's PATH is enough.
- Drop dot_config/systemd/user/snx-rs.service.d/10-chromium-saml.conf.
- snxctl-chromium now just sets PATH and exec's snxctl connect.
- xdg-open shim no longer forces --new-window so chromium can reuse a
warm window (faster SAML round-trip).
|
| |
|
|
|
| |
Drop --hide-search and enable --matching=fuzzy --insensitive so typing
'po' jumps to Poweroff, 'su' to Suspend, etc.
|
| |
|
|
|
|
|
| |
Fetches the current code from pass-otp's vpn/totp entry and types it
into the focused surface with wtype. Falls back to wl-copy + a
notification when wtype isn't available or the focused surface lacks
virtual-keyboard support (e.g. an Xwayland window).
|
| |
|
|
|
| |
Enables `pass otp insert/show` for TOTP secrets, used as the source
for the ungoogled-chromium VPN OTP autofill keybind.
|
| | |
|
| |
|
|
|
|
|
| |
Rebases onto @{u} re-signing each commit with the current author
identity and key, while stripping any Co-authored-by lines. Hooks are
disabled (core.hooksPath=/dev/null) so chezmoi's post-commit hook
doesn't fire once per replayed commit.
|
| |
|
|
|
|
| |
teams-for-linux --minimized=true makes the app honor systemd autostart
without popping a window on every login (parity with Signal's
--start-in-tray).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
systemd/user/teams-{sii,xsight}.service: autostart both Teams flatpak
profiles on sway-session.target login. KillMode=mixed so SIGTERM hits
only the wrapper process — both instances share the same flatpak app
id, so killing by app id would take down the sibling instance. A 15s
SIGKILL fallback covers the case where Electron tray-hides instead of
quitting. Both units listed in systemd-units/user.txt.
etc/pacman.conf: IgnorePkg = llama-cpp-vulkan. The AUR package rebuilds
on every llama.cpp commit (multi-hour build). Update manually with
`paru -S llama-cpp-vulkan` when intended.
snxctl-chromium wrapper:
- dot_local/share/snx-rs/bin/xdg-open: shim that flatpak-runs
ungoogled-chromium, used only by snx-rs.
- dot_config/systemd/user/snx-rs.service.d/10-chromium-saml.conf:
drop-in prepending that dir to the daemon's PATH so snx-rs's
opener-crate call to xdg-open lands in chromium, without affecting
xdg-open for any other process.
- dot_local/bin/snxctl-chromium: convenience wrapper that
daemon-reloads and restarts snx-rs.service if the drop-in isn't yet
applied, then execs `snxctl connect`.
firefox/user-overrides.js: revert the dom.security.https_only_mode.
upgrade_local and network.lna.local-network-to-localhost.skip-checks
prefs — they didn't actually fix the SAML flow. Replaced with a
comment pointing to the wrapper instead.
|
| |
|
|
|
|
| |
Pure formatter output from shfmt (2-space indent, '|' line breaks),
prettier (KEYBINDS.md), and 'just fmt' (justfile blank line).
No behavior change.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSH-format signing
home.nix:
- Add zoxide (fixes 'command not found' on shell start), clang-tools
(no compiler driver), nodejs (Mason npm LSPs), uv (Mason python LSPs;
does not install python3 in PATH, so Ubuntu's /usr/bin/python3 stays
the system default), claude-code, github-copilot-cli.
- Refine the leaf-tools policy comment: explicit denylist of build-
toolchain binaries that would shadow Ubuntu's via PATH, plus a
carve-out for editor/AI runtimes (node, uv, clang-tools).
- Symlink ~/.config/git/{config,attributes,ignore} and ~/.ssh/config
from the dotfiles tree.
dot_config/zsh/dot_zshrc: guard direnv/zoxide/fzf inits with
'command -v X >/dev/null &&' so a fresh machine without one of them
no longer prints a stderr error on every shell start.
dot_config/git/config: append unconditional '[include] path =
~/.config/git/config.local' for machine-local overrides (used on the
remote-dev VM to switch to SSH-format signing via the forwarded
agent). Git silently skips missing include files.
remote-dev/README.md: document the update flow (config-only vs HM
rebuild), the single-shell leaf-tools policy, and the one-time VM
setup for SSH-format commit signing (allowed_signers + config.local,
ForwardAgent yes on the host).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set mako default-timeout=0 so notifications stay until acted upon. With
auto-timeout off, mako's list IS the pending set, so the
$XDG_RUNTIME_DIR/mako-dismissed bridge becomes dead weight.
- mako/config: default-timeout=0; drop redundant [urgency=critical]
default-timeout=0 override.
- Delete dismiss-visible.sh and restore-pending.sh; sway calls makoctl
directly (Mod+n=dismiss, Mod+Shift+n=dismiss --all,
Mod+Ctrl+n=restore as undo).
- Shrink mako-status.sh to a 20-line counter of makoctl list.
- Rename mako-history.py -> notification-picker.py; lists only
visible, dismisses via makoctl dismiss -n <id>.
- Update waybar config.jsonc on-click path.
- Update KEYBINDS.md wording (no more 'marks seen' / 'pending set').
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New remote-dev/ subdir with a Home-Manager flake that provisions a
headless dev environment on a remote Ubuntu 22.04 VM accessed via SSH.
Shares nvim, zellij, zsh, direnv, and ghostty configs from the same
dotfiles repo via mkOutOfStoreSymlink (no rebuilds on config edits).
CLI tool set mirrors the dev-tool subset of meta/base.txt; sysadmin
tools (procs, gdu, duf), lazygit, and node/yarn (only needed for
markdown-preview on GUI hosts) are excluded.
bootstrap.sh is one-shot: installs Nix via Determinate Systems
installer, clones the repo to ~/.local/share/dotfiles, runs
home-manager switch, and chshes to the nix-store zsh.
dot_config/zsh/dot_zshrc loses its hardcoded Arch plugin/git-prompt
paths in favour of a fallback search: Arch path first, then
$HOME/.nix-profile/share/. Same file works on host and VM.
.chezmoiignore: exclude remote-dev/ from chezmoi deploy on the host.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remote hosts without xterm-ghostty terminfo print 'xterm-ghostty: unknown
terminal type' on connect. Ghostty's shell integration ships two features
for this:
- ssh-terminfo: pipes `infocmp -x xterm-ghostty` to the remote and
installs it under ~/.terminfo on first connect, permanently fixing TERM
recognition on hosts where you have a writable home.
- ssh-env: falls back to TERM=xterm-256color (plus COLORTERM=truecolor and
TERM_PROGRAM=ghostty) for the ssh subprocess, so hosts where terminfo
install fails or home is read-only still get sane defaults.
Both required shell-integration to be on, which it already is (zsh).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LibreWolf disables media.gmp-provider.enabled and media.gmp-gmpopenh264.enabled
and falls back to media.webrtc.hw.h264.enabled=true. On Linux this rarely
works because Mozilla's bundled FFmpeg doesn't ship H.264 encode support
(patent policy), so the SDP offers H.264 but the encoder produces no frames.
Result: local camera preview works (raw MediaStreamTrack, no encoding) but
remote participants see no video. Affects MS Teams (H.264 primary); does not
affect Google Meet (VP8/VP9 native). Same symptom in flatpak and native
LibreWolf builds, confirming sandbox is not the cause.
arkenfox 2020 deliberately leaves media.gmp-provider.enabled commented out
and does not touch the OpenH264 plugin pref. Re-enabling here brings us in
line with arkenfox. media.gmp-manager.url is restored from LibreWolf's
data:text/plain blank so the OpenH264 GMP can actually download.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
LibreWolf 149+ hardens beyond arkenfox by force-upgrading loopback to HTTPS
(dom.security.https_only_mode.upgrade_local=true) and enabling LNA blocking
of public->loopback redirects. Both break snx-rs / Forticlient / generic
VPN SAML callbacks that land on http://127.0.0.1:<port>/<token>.
Restore stock Firefox / arkenfox loopback behaviour. arkenfox 1245 leaves
upgrade_local intentionally commented out and does not touch network.lna.*,
so this brings us in line with arkenfox rather than weaker than it.
Refs: LibreWolf issues #2954 (Forticlient SSO broken in 149), #2962
(HTTPS-Only Mode locked in 149.0.2-1, reverted in 149.0.2-2).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vanilla sway only has splith/splitv with no auto-orientation, so new
windows always split along whatever axis the parent container is set
to (default splith). The result: opening a third window in a workspace
that's already split horizontally just keeps stacking horizontally,
even when each pane is now narrower than it is tall.
swayr's daemon (swayrd) subscribes to sway IPC and, with
[layout].auto_tile = true, issues splith or splitv on the focused
container based on its width-vs-height before sway places the next
window. The result is the i3/awesome-style spiral tiling: each new
window splits the focused pane along its longest side.
Run swayrd as a systemd user service bound to sway-session.target so
it starts/stops with the session (matching the pattern used by
waybar, swayidle, mako, etc.). No keybind changes; only the placement
algorithm.
|
| |
|
|
|
|
|
| |
librewolf was migrated from a native package to the flatpak
io.gitlab.librewolf-community in commit f5796c7; the $mod+Shift+b
binding still called the native binary, so the keybind silently did
nothing. Use 'flatpak run' instead.
|
| |
|
|
|
|
|
|
|
| |
nftables.service starts at boot before libvirtd creates the virbr0 NAT
bridge. 'iif'/'oif' resolve to a kernel ifindex at rule-load time and
fail with 'Interface does not exist' when virbr0 isn't up yet.
'iifname'/'oifname' do a string match per packet and tolerate a missing
interface, so the ruleset loads cleanly at boot and starts matching
once libvirtd brings virbr0 up.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Adds two generated 256x256 hicolor PNG icons under
~/.local/share/icons/hicolor/256x256/apps/ and wires them up:
* Icon=teams-{sii,xsight} -> launcher / waybar / sway use them
* --appIcon=<absolute path> -> electron tray icon picks them up
(teams-for-linux respects this flag)
The flatpak override script gains a --filesystem=xdg-data/icons:ro
binding for com.github.IsmaelMartinez.teams_for_linux so the absolute
icon path is reachable from inside the sandbox.
|
| |
|
|
|
|
|
|
|
|
|
| |
Two flatpak-tailored .desktop entries that run separate isolated instances
of teams-for-linux via --class / --user-data-dir / --appTitle. Profile
data lives under $HOME/.var/app/<id>/config/profile-{sii,xsight}/ which
is always sandbox-writable.
The upstream flatpak .desktop is shadowed by an XDG_DATA_HOME entry of
the same basename with NoDisplay=Hidden=true so only the two profile
launchers appear in fuzzel.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The host firewall has policy=drop on both input and forward chains.
libvirt creates its own nftables table for virbr0 NAT, but:
1. It does not touch the input chain at all, so DHCP packets from
guests (UDP/67) are dropped before reaching dnsmasq. Result:
Windows guest stuck on 169.254.x APIPA forever.
2. Its forward-chain accepts have the same hook+priority as ours.
In nftables, all chains at a hook+priority must accept (any drop
wins), so our policy=drop would block guest egress and return
traffic even though libvirt's chain explicitly accepts.
Add minimal carve-outs for virbr0: DHCP+DNS in input, guest egress
and return traffic in forward.
|
| |
|
|
|
|
|
|
|
|
| |
Type=ether matches ALL L2 ethernet interfaces, including libvirt-created
vnet* tap devices. Without Name= negations, when a VM starts its tap is
pulled into bond0 instead of staying with virbr0, killing DHCP/NAT for
the guest (Windows ends up with a 169.254.x APIPA address).
Add Name= negations to skip libvirt taps/bridges, generic taps, and
common container engine virtual interfaces.
|
| |
|
|
|
|
| |
Unofficial Microsoft Teams client for Linux. Needed for Sii work
communications inside the Win11 VM is overkill for chat; running it
natively on the host keeps Teams notifications visible outside the VM.
|
| |
|
|
|
|
|
|
|
| |
Spice/virt-viewer ask sway for keyboard-shortcuts-inhibit so they can
forward the Super key to the guest. That swallows all $mod+... binds
on the host while the VM window is focused. Refuse the inhibit for
those three app_ids; sway forwards Super to the guest only when the
keyboard is explicitly grabbed (click-into-VM + virt-viewer's own
Ctrl+Alt toggle), not via the wm-bind shortcut.
|
| |
|
|
|
|
|
| |
virt-install and other libvirt CLI tools default to qemu:///session
even when the user is in the libvirt group, where the default NAT
network does not exist. Pin uri_default so virt-install, virsh, etc.
agree with virt-manager's system view.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sii requires Intune enrollment with TPM + BitLocker + Azure AD join. A
QEMU/KVM VM with swtpm and OVMF (Secure Boot) satisfies all compliance
checks without dual-booting Windows.
- meta/work.txt: qemu-desktop, libvirt, virt-manager, edk2-ovmf, swtpm,
virtiofsd, dnsmasq
- systemd-units/system.txt: libvirtd.socket (socket-activated)
- etc/polkit-1/rules.d/50-libvirt-wheel.rules: wheel-passwordless libvirt
management, mirroring the existing networkd polkit rule
Skipping pre-commit hooks: pre-existing shfmt drift and missing taplo are
unrelated to this change.
|
| |
|
|
|
|
|
|
| |
snx-rs: Rust reimplementation of Check Point SNX VPN client; needed
for work VPN access. AUR package.
com.nomachine.nxplayer: NoMachine remote desktop client; needed for
work remote access.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Drop auto-optimise-store: slows every build for modest disk savings.
Run 'nix store optimise' manually if disk pressure ever shows up.
- max-jobs=auto, cores=0: defaults are 1/1, which left most of the box
idle during large closures (LLVM, protobuf, …).
- Add nix-community.cachix.org as an extra substituter with its public
key. Big hit-rate boost against nixos-unstable, which is what the new
user registry points 'nixpkgs' at.
- dot_config/nix/registry.json pins 'nixpkgs' indirect ref to
github:NixOS/nixpkgs/nixos-unstable, so 'nix shell nixpkgs#foo' is
fast + reproducible. Project flakes are unaffected — they pin their
own inputs via flake.lock.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
copilot-language-server emits 'HTTP 200 response does not appear to
originate from GitHub' under Node 26 (the current Arch nodejs). Upstream
tracking:
https://github.com/zbirenbaum/copilot.lua/issues/695
https://github.com/github/copilot.vim/issues/282
https://github.com/github/copilot-language-server-release/issues/45
Workaround universally confirmed in those threads is to run the
language-server under Node 24. Rather than downgrade system nodejs (used
by lots of other tooling) install a private Node 24 under
~/.local/share/copilot-node/ via a chezmoi run_onchange script that
verifies the official sha256, and point copilot.lua at it via
copilot_node_command. Drop in once, bump NODE_VERSION when the upstream
incompatibility is resolved.
|
| |
|
|
|
|
|
|
|
|
|
| |
lostfiles flags directories whose parent is pacman-owned but the dir
itself is not (drop-in dirs like /etc/systemd/{logind,system,user}.conf.d,
/etc/systemd/system/getty@.service.d, /etc/pacman.d/hooks). Previous
template only emitted tracked files, missing these.
Walk each tracked path emitting every ancestor up to /etc, then sort -u.
Over-emission of pacman-owned parents (e.g. /etc, /etc/systemd) is
harmless: grep -vFx simply finds no match for those lines.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream lostfiles has no extension mechanism; the weekly report ends
up dominated by files this repo intentionally deploys plus host-private
files we deliberately don't track plus regenerated GTK caches.
Add etc/lostfiles.ignore.tmpl which renders /etc/lostfiles.ignore from
two sources:
1. Every file under etc/ in the repo (auto-enumerated at chezmoi-apply
time, same find-sort pattern the etc deploy script uses). This
keeps the ignore list in sync with what we actually deploy with
zero manual maintenance.
2. A static block for: the sudo-i symlink, host-private
systemd-networkd units (99-hodor*, 99-mandibles*) which contain
WireGuard secrets, the getty@tty1 autologin override which
contains the username, and known pacman-hook-generated caches
under /usr/lib/{gdk-pixbuf-2.0,gtk-4.0}/.
Wrap /usr/bin/lostfiles in lostfiles.service via grep -vFxf, with a
fallback when /etc/lostfiles.ignore doesn't yet exist (first deploy).
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Inspecting upstream qmk_udev's 50-qmk.rules: the access-granting
line (`SUBSYSTEM=="hidraw" ... ENV{ID_QMK}="1"` paired with a
MODE/TAG) is *commented out*. The package only sets ID_QMK=1 via a
helper to mark devices for ModemManager to ignore during flashing. It
does not in fact tag hidraw nodes with uaccess for runtime apps like
VIA/usevia.
zsa-udev (AUR) ships ZSA's upstream 50-oryx.rules and 50-wally.rules
which do exactly the right TAG+=uaccess on VID 3297. Same package
zsa-keymapp-bin already depends on, so this is the canonical path.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The qmk Arch package ships /usr/lib/udev/rules.d/50-qmk.rules covering
all major mech-keyboard vendors including ZSA's VID 3297, with the
same TAG+=uaccess semantics. Prefer that over maintaining our own
rules file.
- meta/base.txt: + qmk
- etc/udev/rules.d/50-zsa.rules: removed
- etc deploy script: drop the udevadm reload (only existed to support
our custom rule; pacman handles reloads for package-shipped rules).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
usevia.app uses WebHID to talk to /dev/hidraw* directly. Two layers
were blocking it:
1. Host: no udev rule existed for ZSA boards, so /dev/hidraw nodes
were root-only. Add etc/udev/rules.d/50-zsa.rules covering the ZSA
VID 3297 (ErgoDox EZ / Moonlander / Voyager) with TAG+=uaccess so
logind grants the active session user access. Also include the two
bootloader VIDs used during firmware flashing for completeness.
2. Sandbox: the chromium flatpak only sees /dev/dri by default. Add a
--device=all override (flatpak has no finer-grained device knob).
The host udev rule still gates which hidraw nodes the user can
actually open, so this isn't a meaningful escalation.
Also wire `udevadm control --reload && udevadm trigger` into the etc
deploy script so rule changes apply without a reboot or replug.
|
| |
|
|
|
|
|
|
| |
The exec_always change was only justified by a one-off migration: on
the first reload after the include-file refactor, outputs.conf didn't
exist yet. After that bootstrap, plain `exec` is sufficient -- the
include file persists across reloads and only needs to be (re)written
when the user actually toggles modes or hotplugs.
|
| |
|
|
|
|
|
| |
Plain `exec` doesn't re-run on reload. If outputs.conf is missing
(fresh deploy, never toggled) reload falls back to sway's
side-by-side defaults. `exec_always` regenerates the include on
every reload, so the next reload after that is already flash-free.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Persist the layout as a sway-include file (~/.config/sway/outputs.conf)
so sway's own parser applies output directives natively on every
reload. Eliminates the side-by-side flash that came from sway's
default "enable everything side-by-side" before exec_always could
override it.
- display-toggle.sh: write outputs.conf alongside the live swaymsg
commands, mirroring the same enable/disable/pos directives.
- sway/config: `include ~/.config/sway/outputs.conf` next to the
background line; downgrade exec_always back to plain exec since the
include handles reloads now (script only needs to run once at
startup to bootstrap the include file on first boot).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Real cause of the silent switch back to side-by-side: sway reload
(Super+Shift+c or swaymsg reload) re-evaluates output config and
defaults to all-outputs-enabled-side-by-side, dropping the runtime
positions set by display-toggle.sh.
- sway config: `exec` -> `exec_always` so the saved layout is
re-applied on every reload, and use `apply` instead of `init` so
user-chosen layouts (e.g. side-by-side picked deliberately) survive
reloads. First boot still defaults to laptop-off via the script's
state-file fallback.
- swayidle.service: drop the after-resume hook -- DPMS resume isn't
what was breaking the layout, reload was. Less surface area.
|
| |
|
|
|
| |
Move OSD to top, increase height/width, thicker border and padding.
Colors were already fully opaque (ff alpha) -- no change needed there.
|
| |
|
|
|
|
|
| |
Reading directly from the fifo (`wob <fifo`) makes wob exit as soon
as the first wrapper closes its write end (EOF after one printf). The
upstream pattern is to pipe `tail -f` into wob so there's always a
writer holding the fifo open.
|
| |
|
|
|
|
|
|
| |
The python pass-secret-service AUR package is unmaintained. Switch to
grimsteel's actively-maintained Rust implementation (-bin variant for
faster install) and enable the shipped user systemd unit so the
service is visible to systemctl --user status, not just lazily
D-Bus-activated.
|
| |
|
|
|
|
|
|
|
| |
Signal Desktop (and any libsecret consumer) wants to talk to the
org.freedesktop.secrets D-Bus service. pass-secret-service implements
that API on top of the existing pass store -- secrets land under
~/.password-store/secret-service/ encrypted with the same GPG key, so
no separate keyring to manage. The service is D-Bus activated, no
systemd unit needed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- xdg-desktop-portal: pin wlr for ScreenCast/Screenshot, gtk for the
rest, so flatpak browsers (Meet, Slack, Discord) get a working
screen-share path instead of whatever the portal frontend happens to
pick first.
- wob: small wayland overlay bar fed via a fifo. New vol-osd.sh /
brightness-osd.sh wrappers replace the bare pactl/brightnessctl
invocations in keybinds so adjusting volume or backlight flashes a
bar at the bottom of the screen. wob.service owns the fifo lifecycle
(mkfifo before, rm after).
- mako: add a [mode=do-not-disturb] section that hides notifications
while the mode is active, plus a Super+x n submode binding to toggle
it. Notifications still accumulate in history; just no popups.
|
| |
|
|
|
|
|
|
| |
dismiss-visible.sh's 'all' mode previously only recorded visible
notification ids and ran 'makoctl dismiss --all'. Notifications already
in mako's history (auto-expired) still counted as pending in waybar's
mako-status. Now also append history ids to the dismissed state file so
the pending counter actually drops to zero.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
After resume from suspend sway resets output config to defaults (both
monitors enabled side-by-side), so a laptop-off mode set before suspend
silently snapped back to side-by-side on wake. The display-watcher
script only reacts to changes in the count of connected externals, so
it doesn't notice this.
- Add an 'apply' mode to display-toggle.sh that reads the saved state
and applies it (no toggle, no notification).
- Wire it into swayidle's after-resume directive.
|
| |
|
|
|
|
| |
systemctl {poweroff,reboot,suspend} are authorized by polkit for the
active seat's user without a password, so the bespoke sudo rule is no
longer needed now that the power menu uses systemctl directly.
|
| |
|
|
|
|
|
|
|
| |
- wofi --dmenu --hide-search: pure j/k arrow-key picker, no fuzzy
search field. Matches existing wofi config (key_up/key_down already
include j/k).
- systemctl reboot/poweroff/suspend instead of sudo: rely on polkit,
which permits these for active session users by default — no
passwordless sudo required.
|
| |
|
|
|
|
| |
swaynag buttons require a mouse click. Replace the Mod+Shift+e session
prompt with a fuzzel --dmenu picker so the whole menu is keyboard
navigable. Adds Suspend as a new entry while we're here.
|
sommerfeld