| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set mako default-timeout=0 so notifications stay until acted upon. With
auto-timeout off, mako's list IS the pending set, so the
$XDG_RUNTIME_DIR/mako-dismissed bridge becomes dead weight.
- mako/config: default-timeout=0; drop redundant [urgency=critical]
default-timeout=0 override.
- Delete dismiss-visible.sh and restore-pending.sh; sway calls makoctl
directly (Mod+n=dismiss, Mod+Shift+n=dismiss --all,
Mod+Ctrl+n=restore as undo).
- Shrink mako-status.sh to a 20-line counter of makoctl list.
- Rename mako-history.py -> notification-picker.py; lists only
visible, dismisses via makoctl dismiss -n <id>.
- Update waybar config.jsonc on-click path.
- Update KEYBINDS.md wording (no more 'marks seen' / 'pending set').
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous fix sidestepped sudo-rs's env scrubbing by setting
DIFFPROG inside a nested root shell. That works but it's the wrong
shape — every command that wants to honour a user UX env var would
have to do the same dance. Configure the policy once instead.
etc/sudoers-rs:
Defaults env_keep += "DIFFPROG"
Defaults env_keep += "EDITOR VISUAL SUDO_EDITOR GIT_EDITOR"
Defaults env_keep += "PAGER MANPAGER GIT_PAGER SYSTEMD_PAGER"
Defaults env_keep += "LESS LESSOPEN SYSTEMD_LESS"
env_keep is the unconditional pass-through list, so no '-E' is needed
on the call site — `DIFFPROG='nvim -d' sudo pacdiff` Just Works, same
as it does for `EDITOR=nvim sudo systemctl edit foo`,
`PAGER=less sudo journalctl …`, etc. None of these vars influence
privilege boundaries; they only configure user-facing program
behaviour, so widening env_keep to cover them carries no security
trade-off worth accounting for. The existing per-visudo env_keep
lines are kept for documentation value (they're now subsumed by the
global rule but make the intent explicit at the visudo call sites).
The waybar pacdiff click handler reverts to the canonical form
`DIFFPROG='nvim -d' sudo pacdiff`, matching the recipe pacman.git
ships in /usr/share/doc/pacman/.
Will take effect after the next `chezmoi apply` redeploys
/etc/sudoers-rs (the run_onchange_after_deploy-etc.sh.tmpl script
re-installs it with mode 0440 whenever its hash changes).
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
sudo-rs scrubs the env by default, so neither `DIFFPROG=… sudo pacdiff`
nor `sudo DIFFPROG=… pacdiff` reaches pacdiff with the variable set.
Sidestep the env-policy question entirely by running
sudo sh -c 'DIFFPROG="nvim -d" pacdiff'
so the assignment happens inside the privileged shell, after the
env-scrubbing boundary. No sudoers-rs change required, and the same
form works identically under stock sudo if the user ever switches
back.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bar layout: insert the four new modules between custom/update and
custom/thunderbird so that all 'something needs your attention'
indicators live as a contiguous group on the right side, in roughly
escalating actionability:
custom/notifications -- mako history (always present, gray baseline)
custom/update -- '`just update` was N hours/days ago'
custom/pacdiff -- '.pacnew/.pacsave waiting'
custom/arch-audit -- 'fixable CVE in installed package'
custom/failed-units -- 'systemd unit failed'
custom/lostfiles -- 'unowned files under tracked dirs'
custom/thunderbird -- 'unread mail'
Click handlers all use the floating-ghostty + 'press enter to close'
idiom established by the existing update module so output stays
inspectable. arch-audit and lostfiles open their /run report in
`nvim -R` (read-only) since the source of truth lives in those files.
style.css: extend the shared 6px-padding selector list, the .fresh
zero-padding rule (so empty-state modules disappear cleanly), and add
.warn/.critical color rules consistent with the rest of the palette
(yellow #fabd2f for 'review when convenient', red #fb4934 for 'review
soon').
systemd-units/system.txt: enable the three new system timers
- btrfs-balance@-.timer (monthly partial balance on /)
- arch-audit.timer (daily CVE report refresh)
- lostfiles.timer (weekly unowned-files report refresh)
Picked up automatically on the next `just unit-apply`.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two related changes around the 'just update' UX:
1. nvim-update no longer runs --headless. The diff buffer that
vim.pack.update opens *is* the per-plugin changelog, and that was
being thrown away under headless. Drop --headless from the justfile
recipe and the trailing :qa! from config.update.run() so the buffer
stays open until the user reviews and quits manually. Mason output
was already visible because mason-tool-installer print()s.
2. New waybar 'custom/update' module + matching mako notification as a
gentle staleness reminder, replacing any temptation to run
unattended pacman -Syu (a bad idea on Arch: rolling, news-driven
manual interventions, AUR rebuilds, partial-upgrade hazards).
Source of truth: /var/log/pacman.log — last '[PACMAN] starting full
system upgrade'. No daemon, no -Sy poll, no extra state file beyond
a per-session notify-throttle stamp in $XDG_RUNTIME_DIR.
Tiers (hours since last full upgrade):
< 24h hidden (":empty" via #custom-update.fresh padding 0)
24-168h yellow + normal-urgency mako, throttled to 1/24h
>= 168h red + critical-urgency mako, throttled to 1/24h
Click runs 'just update' in a floating ghostty.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
waybar:
- cpu / custom/memory: on-click opens floating ghostty with htop
- new custom/vpn module between custom/memory and network#bond:
shows 'VPN' coloured by interface UP flag (green up, dim down);
on-click toggles networkctl up/down hodor; SIGRTMIN+8 used for
instant refresh after toggle
sway:
- Super+Shift+Return -> ghostty -e yazi
- Super+Shift+b -> librewolf
vpn-toggle.sh runs networkctl (no sudo) thanks to a new polkit rule
allowing wheel-group members to invoke org.freedesktop.network1.*
without a password prompt. systemd-networkd's polkit gate is a
separate path from sudoers, so this is the idiomatic fix.
KEYBINDS.md updated for both new sway bindings.
|
| |
|
|
|
|
|
|
|
|
| |
Detects the ThinkPad USB-C Dock Gen2 by its built-in ethernet adapter
(USB 17ef:a387) — the dock's USB hubs share product IDs with internal
ThinkPad hubs but the ethernet only exists when the dock is attached.
The custom/dock module sits to the left of battery; collapses to empty
text when undocked so the bar stays clean on the go. Green dock glyph
when docked.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Notifications now behave like a phone: pop briefly, auto-disappear, and
remain "pending" until the user explicitly acknowledges them. The waybar
count reflects pending only; idle uses a quieter glyph.
State model:
pending = ids in mako history/list MINUS dismissed-set
state file: $XDG_RUNTIME_DIR/mako-dismissed (per-session id list)
Glyph change:
idle (0 pending) bell_outline U+F009C
has pending bell_ring U+F009E
(the previous bell_check_outline U+F11E8 "history present but nothing
pending" branch is gone — there is no separate history concept now)
Bindings (all now go through wrappers that maintain the dismissed-set):
Super+n dismiss top visible + mark seen
Super+Shift+n dismiss all visible + mark seen
Super+Ctrl+n restore most recent + pop it from dismissed-set
XF86Favorites history picker (rewritten on wofi)
History picker (dot_config/waybar/executable_mako-history.py):
- wofi --hide-search: arrow-only navigation, no fuzzy input
- lines tagged [pending] / [seen] with app + summary + body
- Enter re-emit via notify-send (re-shows the bubble) + mark seen
- Alt-c copy "summary\nbody" to clipboard via wl-copy
- Alt-d mark seen without re-showing
- empty history shows a sentinel, no-op on Enter
New scripts:
executable_dismiss-visible.sh capture id(s) then makoctl dismiss
executable_restore-pending.sh capture top-of-history id, restore,
then drop that id from dismissed-set
executable_mako-history.py Python rewrite (parses makoctl text
output, drives wofi)
Other:
meta/wayland.txt add wofi (only used by this picker)
dot_config/wofi/style.css minimal gruvbox style; hides input row
as belt-and-suspenders even though
--hide-search already does it
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Numeric/identity labels stay (CPU, MEM, °C, network arrows, clock).
Iconic labels are replaced with codepoints from ttf-noto-nerd:
battery BAT/CHR/PLG -> nf-md-battery_*, _charging, power_plug
(U+F0079..F0084, U+F06A5)
pulseaudio VOL/MUTE -> nf-md-volume_low/medium/high/off
(U+F057E..F0581)
bluetooth BT on/off -> nf-md-bluetooth/_off/_connect
(U+F00AF/B0/B2)
idle_inhib. INH/IDL -> nf-md-eye_off_outline/_outline
(U+F06D1, F06D0)
custom/wifi text only -> prefix nf-md-wifi/_off
(U+F05A9, F05AA)
custom/webcam CAM -> nf-md-camera (U+F0D5D)
custom/notif. NTF -> nf-md-bell_outline/_check_outline/_ring
(U+F009C, F11E8, F009E)
custom/tb MAIL -> nf-md-email/_alert (U+F01EE, F0D42)
style.css font-family widened from 'mono' to a declarative fallback
chain so glyph rendering doesn't depend on fontconfig auto-fallback.
|
| |
|
|
|
|
|
|
|
|
| |
V4L2 capture goes directly through /dev/videoN and never traverses
the PipeWire portal, so the built-in privacy module misses it. New
custom/webcam module polls fuser on /dev/video* every 2s and shows
a red 'CAM' badge when any device is held open.
Empty text when idle, so the slot collapses and stays out of the way
when the webcam is unused (i.e. always, on a usual day).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- systemd-units/system/bt.txt: new file pairing the meta/bt.txt group;
enables bluetooth.service via 'just unit-apply'
- waybar: add the built-in bluetooth module; on-click runs the same
bt-toggle.sh that XF86Bluetooth has always invoked. Status colors:
blue when adapter is up, green when a device is connected, gray off
- sway: XF86WLAN now runs wifi-toggle.sh (iwd D-Bus) instead of
'rfkill toggle wifi'. The latter required rfkill group membership
(user is in wheel only), and aligning on the busctl path means the
keybind and the waybar click drive the same code
XF86RFKill (panic-disable all radios) keeps using 'rfkill toggle all' —
that scope is genuinely rfkill-shaped.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
MEM, drop LOAD label
- modules-right: tray moved past clock to the rightmost slot;
disk dropped (used% on btrfs is ambiguous and the value rarely moves)
- custom/memory: drop the available-side readout, output 'MEM 3.2G 40%'
instead of 'MEM 3.2G (40%) / 4.5G (56%)'
- cpu: drop the 'LOAD' literal — bare '{load:0.2f}' next to the usage%
is unambiguous in context
The disk module config block is left intact for easy reactivation.
|
| |
|
|
|
|
|
| |
Read-only stats (cpu, temp, memory, disk, network, battery, privacy)
on the left half of modules-right; interactive ones (pulseaudio mute,
wifi toggle, idle_inhibitor, mako history, thunderbird, tray, clock)
clustered on the right.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- cpu: append 'LOAD {load:0.2f}' (1-min load average) to every state
- custom/wifi: left click toggles iwd Powered via D-Bus (new wifi-toggle.sh)
- custom/notifications: left click opens fuzzel history picker
(mako-history.sh, previously bound to middle-click); the awkward
per-click 'makoctl dismiss' is dropped — dismiss-all stays on right,
restore stays on middle
- clock: left click runs tb-toggle.sh (closest practical proxy for
'open Calendar tab' — Thunderbird hasn't shipped a -calendar CLI flag
since Lightning was integrated, so the user lands on whatever tab TB
was last on)
|
| |
|
|
|
|
|
|
|
|
|
| |
Polls the protonmail-bridge IMAP socket every 60s with STATUS INBOX
(UNSEEN), displays the count next to the tray, and clicking the badge
runs tb-toggle.sh to bring TB out of the scratchpad (or launch it).
Setup: store bridge credentials in pass at email/protonmail-bridge/{user,
pass}. The bridge surfaces them via 'protonmail-bridge --cli' -> 'info'.
With no entries (or with the bridge unreachable) the module shows
'MAIL ?' in red and is otherwise inert.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The idle_inhibitor em-dash and bare mako '0' blended with the clock.
- mako counter: prefix 'NTF', gray when empty, aqua for history, orange
for pending.
- idle_inhibitor: 'IDL'/'INH' with gray/yellow.
- privacy: red (only visible when screensharing or mic-active).
- Add padding rules so the new modules line up with the rest.
|
| |
|
|
|
|
| |
New mako-status.sh emits JSON with pending / history counts. Click to
dismiss latest, right-click to dismiss all, middle-click to restore the
last dismissed notification.
|
| |
|
|
|
| |
Shows icons while any app holds the microphone or a screen-share source
via PipeWire. No new deps on a PipeWire system.
|
| |
|
|
|
| |
Click to toggle an inhibit lock that prevents swayidle from firing.
Useful for long reads, video playback without fullscreen, etc.
|
| |
|
|
|
|
|
|
|
| |
waybar's sway/workspaces has no ignore-list (that option is hyprland-only),
so the _tb workspace always leaked into the bar and into super+tab cycling.
Using sway's native scratchpad solves both: the __i3_scratch workspace is
filtered automatically. We run 'floating disable' right after 'scratchpad
show' so the window lands tiled on the current workspace, preserving the
intended UX.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Scratchpad is inherently floating; the user wants the main TB window to
tile normally when shown and disappear completely when hidden. Park the
main window on a hidden workspace _tb via for_window, then toggle it
with a small swaymsg+jq script that moves it between _tb and the
currently focused workspace. Child windows (compose, viewer, calendar,
prefs) are unaffected and tile wherever they spawn.
- Autostart thunderbird so the window exists on login, parked on _tb.
- Hide _tb from waybar's workspace list.
- Update KEYBINDS.md.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|
|
Rename home/ contents to chezmoi naming conventions:
- dot_ prefix for dotfiles and dot-dirs
- private_dot_ for .gnupg and .ssh directories
- private_ for 0600 files (nym.pub)
- executable_ for scripts in .local/bin and display-toggle.sh
- symlink_ for mimeapps.list symlink
|
sommerfeld