| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Numeric/identity labels stay (CPU, MEM, °C, network arrows, clock).
Iconic labels are replaced with codepoints from ttf-noto-nerd:
battery BAT/CHR/PLG -> nf-md-battery_*, _charging, power_plug
(U+F0079..F0084, U+F06A5)
pulseaudio VOL/MUTE -> nf-md-volume_low/medium/high/off
(U+F057E..F0581)
bluetooth BT on/off -> nf-md-bluetooth/_off/_connect
(U+F00AF/B0/B2)
idle_inhib. INH/IDL -> nf-md-eye_off_outline/_outline
(U+F06D1, F06D0)
custom/wifi text only -> prefix nf-md-wifi/_off
(U+F05A9, F05AA)
custom/webcam CAM -> nf-md-camera (U+F0D5D)
custom/notif. NTF -> nf-md-bell_outline/_check_outline/_ring
(U+F009C, F11E8, F009E)
custom/tb MAIL -> nf-md-email/_alert (U+F01EE, F0D42)
style.css font-family widened from 'mono' to a declarative fallback
chain so glyph rendering doesn't depend on fontconfig auto-fallback.
|
| |
|
|
|
|
|
|
|
|
| |
V4L2 capture goes directly through /dev/videoN and never traverses
the PipeWire portal, so the built-in privacy module misses it. New
custom/webcam module polls fuser on /dev/video* every 2s and shows
a red 'CAM' badge when any device is held open.
Empty text when idle, so the slot collapses and stays out of the way
when the webcam is unused (i.e. always, on a usual day).
|
| |
|
|
|
|
|
|
|
|
|
| |
doas matches the 'cmd' rule literally against argv[0], not against
the resolved PATH lookup. With 'cmd /usr/bin/poweroff' in doas.conf,
'doas poweroff' is denied silently — works only as 'doas /usr/bin/poweroff'.
The interactive shell aliases sudo->doas and was hiding the issue
when typing the bare command in a terminal (PATH expansion happens
in the shell before doas sees argv[0]... only when explicitly typed
with absolute path).
|
| |
|
|
|
|
|
|
|
|
|
| |
listing
- Mod+Shift+e: swaynag now offers Lock / Logout / Reboot / Poweroff
instead of just 'Exit sway? Yes'. Reboot+Poweroff use doas; that's
already nopass-permitted for wheel in etc/doas.conf
- fuzzel.ini: drop list-executables-in-path=yes (back to upstream
default). The launcher now shows only .desktop entries; power
actions live in the Mod+Shift+e menu
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- systemd-units/system/bt.txt: new file pairing the meta/bt.txt group;
enables bluetooth.service via 'just unit-apply'
- waybar: add the built-in bluetooth module; on-click runs the same
bt-toggle.sh that XF86Bluetooth has always invoked. Status colors:
blue when adapter is up, green when a device is connected, gray off
- sway: XF86WLAN now runs wifi-toggle.sh (iwd D-Bus) instead of
'rfkill toggle wifi'. The latter required rfkill group membership
(user is in wheel only), and aligning on the busctl path means the
keybind and the waybar click drive the same code
XF86RFKill (panic-disable all radios) keeps using 'rfkill toggle all' —
that scope is genuinely rfkill-shaped.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
MEM, drop LOAD label
- modules-right: tray moved past clock to the rightmost slot;
disk dropped (used% on btrfs is ambiguous and the value rarely moves)
- custom/memory: drop the available-side readout, output 'MEM 3.2G 40%'
instead of 'MEM 3.2G (40%) / 4.5G (56%)'
- cpu: drop the 'LOAD' literal — bare '{load:0.2f}' next to the usage%
is unambiguous in context
The disk module config block is left intact for easy reactivation.
|
| |
|
|
|
|
|
| |
Read-only stats (cpu, temp, memory, disk, network, battery, privacy)
on the left half of modules-right; interactive ones (pulseaudio mute,
wifi toggle, idle_inhibitor, mako history, thunderbird, tray, clock)
clustered on the right.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- cpu: append 'LOAD {load:0.2f}' (1-min load average) to every state
- custom/wifi: left click toggles iwd Powered via D-Bus (new wifi-toggle.sh)
- custom/notifications: left click opens fuzzel history picker
(mako-history.sh, previously bound to middle-click); the awkward
per-click 'makoctl dismiss' is dropped — dismiss-all stays on right,
restore stays on middle
- clock: left click runs tb-toggle.sh (closest practical proxy for
'open Calendar tab' — Thunderbird hasn't shipped a -calendar CLI flag
since Lightning was integrated, so the user lands on whatever tab TB
was last on)
|
| |
|
|
|
| |
5s still wasn't enough on cold boot — Thunderbird kept racing the SMTP
listener and showing the connection-failure dialog.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
zprofile sets PASSWORD_STORE_DIR to $XDG_DATA_HOME/password-store, but
systemd-user-launched services (notably waybar's tb-unread.sh, which
calls 'pass show') don't inherit it. Sway is started from the login
shell so the var is in its environment — propagate it to the user
manager and dbus activation env, same pattern as the XDG_SESSION_*
vars.
Resolves the same problem already worked around for
protonmail-bridge.service via a drop-in override; that override is
now redundant but kept as belt-and-braces.
|
| |
|
|
|
|
|
|
|
|
|
| |
Polls the protonmail-bridge IMAP socket every 60s with STATUS INBOX
(UNSEEN), displays the count next to the tray, and clicking the badge
runs tb-toggle.sh to bring TB out of the scratchpad (or launch it).
Setup: store bridge credentials in pass at email/protonmail-bridge/{user,
pass}. The bridge surfaces them via 'protonmail-bridge --cli' -> 'info'.
With no entries (or with the bridge unreachable) the module shows
'MAIL ?' in red and is otherwise inert.
|
| |
|
|
|
|
| |
The IMAP '* OK' banner arrives before the SMTP listener on 1025 is
fully ready. 1s wasn't always enough — Thunderbird would still race
into a 'failed to connect to 127.0.0.1, please retry' dialog.
|
| |
|
|
| |
This reverts commit 8b6d81742fa71aff76e602edc023c45ca4b38066.
|
| |
|
|
|
|
|
| |
ProtonMail Bridge cold-start (keyring unlock + account decryption)
occasionally exceeds 60s, so the IMAP '* OK' banner never arrives in
time and Thunderbird launches into a 'failed to connect to 127.0.0.1,
please retry' dialog. Triple the budget to 180s.
|
| |
|
|
| |
This reverts commit 9c051b2cb47ca6e60b6c76877be78cc529d9f4da.
|
| |
|
|
|
|
|
|
| |
Flatpak Thunderbird has a slower cold start than the native package
used to. On a busy session start, the main window with the tb-main
mark sometimes appears after the existing 20s budget, and the script
exits without moving it to the scratchpad — leaving TB tiled on the
current workspace.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two issues with the sway autostart of signal.service:
1. Electron picks its tray backend from XDG_SESSION_TYPE and
XDG_SESSION_DESKTOP. The sway config only imported DISPLAY,
WAYLAND_DISPLAY, SWAYSOCK and XDG_CURRENT_DESKTOP into the systemd
user manager, so services launched there got a partial env and
Electron registered no SNI tray icon. Worked when launched from a
terminal (which inherits sway's full env, including the bits set by
pam_systemd). Add the two missing variables to both
systemctl import-environment and dbus-update-activation-environment.
2. With minimize-to-tray on, Electron treats SIGTERM as a window-close
and just hides the window, so 'systemctl --user stop signal' did
nothing visible until the 90s default timeout SIGKILLed. Switch to
ExecStop=flatpak kill org.signal.Signal, which uses flatpak's own
instance manager to actually terminate the sandboxed app, plus a
short TimeoutStopSec as a safety net.
|
| |
|
|
| |
This reverts commit 6eafc884f77a367f04dc4e7b35ca999de5bea271.
|
| |
|
|
|
|
|
|
| |
Without this, signal.service races with waybar at session start: if
Signal asks for the SNI watcher before waybar has registered it on
the bus, it launches with no tray icon and --start-in-tray hides the
main window with no way to bring it back. Add Requires/After=waybar
and an ExecStartPre that polls busctl for the watcher (up to 30s).
|
| |
|
|
|
|
|
| |
Sway does not honour XDG $HOME/.config/autostart/, so the in-app
'start at login' toggle is a no-op. Use a user unit wired into
sway-session.target with --start-in-tray, matching the existing
waybar/swayidle/cliphist/etc. pattern.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Defense-in-depth for the cross-sandbox handoff vector: when the
LibreWolf/Thunderbird flatpaks open a downloaded PDF or video via the
OpenURI portal, the receiving app currently runs natively with full
$HOME access — defeating part of the browser/mail isolation.
- meta/flatpak.txt: add org.pwmt.zathura, io.mpv.Mpv
- meta/wayland.txt: drop native zathura + zathura-pdf-mupdf
- meta/media.txt: keep native mpv (streamlink, /tmp/mpvsocket IPC,
fast yt-dlp) — flatpak mpv is *additional*, only as the mimeapps
default for video/audio to receive sandboxed handoffs
- dot_config/mimeapps.list: rewrite mpv.desktop -> io.mpv.Mpv.desktop,
zathura-pdf-mupdf.desktop -> org.pwmt.zathura.desktop, and replace
stale userapp-Thunderbird-* entries with org.mozilla.Thunderbird.desktop
- run_onchange_after_deploy-flatpak-overrides.sh.tmpl (new):
--filesystem=xdg-config/{zathura,mpv}:ro so the flatpaks read our
chezmoi-managed configs as a single source of truth
- README: media row + new deploy-script row
Manual one-shot on host: chezmoi apply -v.
The pteid bridge already iterates a flatpak app list, so cartão de
cidadão remains correctly registered for the Mozilla flatpaks. Native
mpv config (input-ipc-server) keeps working since each flatpak has its
own /tmp; no socket collision.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move LibreWolf from native librewolf-bin to Flathub
io.gitlab.librewolf-community. Bubblewrap isolates the browser from
$HOME (\\.ssh, password-store, gnupg, ssh-agent socket) at the cost
of namespace chroot + IPC/network namespace isolation between content
processes (mozilla bug 1756236, P3, considered defense-in-depth).
seccomp-bpf — the dominant sandbox layer — is preserved.
- meta/flatpak.txt: + io.gitlab.librewolf-community
- meta/browser.txt: - librewolf-bin
- run_onchange_after_deploy-firefox.sh.tmpl: profile path moves to
~/.var/app/io.gitlab.librewolf-community/.librewolf
- dot_config/mimeapps.list: librewolf.desktop -> flatpak app id
- dot_local/bin/executable_linkhandler: flatpak run wrapper
- README.md: blurb + new profile path
arkenfox-user.js + chezmoi user-overrides.js deploy keep working
unchanged because the flatpak profile is still on the host fs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Install Nix (multi-user daemon) on Arch and wire up direnv so any project
can declare its toolchain in a flake.nix and get a hermetic dev shell on
cd. No NixOS, no home-manager, no migration off paru/chezmoi — just one
new package manager scoped to project dev shells.
- meta/nix.txt: nix from extra repo
- meta/dev.txt: direnv (general-purpose, not nix-specific)
- systemd-units/system/nix.txt: nix-daemon.socket (socket-activated)
- etc/nix/nix.conf: enable flakes + nix-command, trusted-users=@wheel,
auto-optimise-store, keep-outputs/derivations so direnv envs survive GC
- dot_config/direnv/direnvrc: load nix-direnv 3.1.1 via source_url with
pinned sha256 (not packaged for Arch; refusing -git AUR)
- dot_config/nix/templates/{flake.nix,dev/}: flake template usable via
'nix flake init -t ~/.config/nix/templates'
- dot_config/zsh/dot_zshrc: 'eval "$(direnv hook zsh)"'
|
| |
|
|
|
|
|
|
|
| |
The Bridge presents a self-signed cert on its 127.0.0.1:1025 STARTTLS
listener, so git send-email's default cert verification fails with
SSL_verify_cert. Setting smtpSslCertPath to empty disables chain
verification for this single, loopback-only endpoint.
Per https://git-send-email.io/#step-2 (Proton Bridge note).
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a [sendemail] block targeting the local Bridge SMTP listener
(127.0.0.1:1025, STARTTLS) and a credential helper scoped to that URL
that fetches the password from pass (proton/bridge-smtp). The helper
command is public; the secret stays in the password store. The bridge
SMTP username (sensitive but not secret) goes in the per-identity
private overlay (~/doxfiles), not here.
Also pull in the Perl SMTP modules git send-email needs at runtime.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Push-to-talk dictation toggle on Super+i: parecord captures 16 kHz mono
WAV, whisper-cli transcribes (auto language), output is typed via wtype
and copied to the clipboard.
Region OCR on Super+Shift+o: slurp + grim feed tesseract (eng+por),
result lands in the clipboard with a notification preview.
Adds wtype to wayland.txt; tesseract (+eng/por data) and whisper.cpp +
the large-v3-turbo-q5_0 model package to extra.txt.
|
| |
|
|
|
|
|
|
|
| |
- xkb variant altgr-intl: AltGr dead keys + direct Euro on AltGr+5.
Preserves bare ' " ` ~ ^ for code/shell.
- Compose on Right Ctrl (compose:rctrl). Leaves Right Alt for AltGr.
- New dot_XCompose with %L include + PT-PT guillemets, Euro, ordinals,
em/en dashes, ellipsis.
- KEYBINDS.md: new Typing / Input section with AltGr + Compose cheatsheet.
|
| |
|
|
|
|
|
|
|
|
| |
- XF86Display replaces F7 for display-toggle.sh (dedicated HW key)
- XF86Tools opens floating pulsemixer (audio mixer TUI)
- XF86Keyboard opens KEYBINDS.md in glow (floating pager)
- XF86Favorites takes over mako history picker (from Super+Alt+n)
Adds generic [app_id="floating"] window rule so ghostty --class=floating
windows open floating. Adds glow to meta/base.txt.
|
| |
|
|
|
| |
tmux-style mnemonics. Bypasses NewPane's aspect-ratio auto-direction
which misfires on widescreens with pane_frames disabled.
|
| |
|
|
|
|
|
| |
Pair with the existing '$mod+w layout tabbed' to get a bspwm-like
monocle experience: one window visible, tabs along the top, status
bar intact. Cycle with Super+[ and Super+] (mimics browser tab
shortcuts).
|
| |
|
|
|
|
|
|
| |
The bridge opens the IMAP listener before the keyring is unlocked, so a
port-open check returns true while the server would still reject logins.
Probe for the '* OK' IMAP greeting (the bridge only sends it once it can
actually service logins) and add a 1s grace period for SMTP (1025) to
catch up.
|
| |
|
|
|
|
|
|
| |
Going through xdg-open relied on mimeapps propagation and
update-desktop-database cache. Add a dedicated `view-md` opener
that invokes okular directly and route *.md, *.markdown, and
text/markdown files to it. Still orphan=true to avoid the
unfinished-tasks prompt.
|
| |
|
|
|
|
|
| |
Default yazi rule treats .md as text and hands it to $EDITOR.
Prepend a rule that uses the `open` opener (xdg-open, now pointed
at okular) so pressing Enter on a markdown file in yazi opens the
rendered view instead of nvim.
|
| |
|
|
|
|
|
| |
xdg-open was handing .md files to nvim, which is an editor — not
what we want for casual reading. okular (with discount installed)
renders markdown as a paged document, similar to how zathura
handles pdfs.
|
| |
|
|
|
|
|
|
|
| |
yazi tracks child processes as running tasks. Default `open`
opener runs `xdg-open` synchronously, so opening a pdf (or any
file handed off to an external viewer) leaves yazi convinced a task
is still running and it prompts 'unfinished tasks, quit anyway?' on
exit. orphan = true detaches the spawned process from yazi so the
quit is clean.
|
| |
|
|
|
|
| |
--format is not supported by this mako version. Parse the native text
output (Notification N: summary / App name: X) with awk for the picker
and grep '^Notification ' for the counter.
|
| |
|
|
|
|
| |
makoctl outputs plain text by default on this version. Use --format
strings for both the history picker (%a/%s/%b) and the counter script
(%i + wc), instead of trying to parse JSON that isn't there.
|
| |
|
|
|
|
|
| |
Previous jq path (.data[0][].summary.data) only works for one nesting
shape of mako's history JSON. Recurse to find notification objects and
unwrap dbus-typed {type,data} fields defensively. Also bump
max-history from the default of 5 so more entries are retained.
|
| |
|
|
|
|
|
| |
makoctl menu only acts on currently-visible notifications, not history
(mako has no API to re-invoke arbitrary history entries). Replace with
a small script that pipes 'makoctl history' through jq and fuzzel, then
copies the selected entry to the clipboard for reference.
|
| | |
|
| |
|
|
|
|
| |
makoctl menu <cmd> expects the command to emit just the notification
id, but fuzzel --dmenu echoes the full '<id> <summary>' line. Pipe
through cut -d' ' -f1 so mako can act on the selection.
|
| |
|
|
|
| |
- Super+Ctrl+n: makoctl restore (re-show the most recent dismissed)
- Super+Alt+n: makoctl menu fuzzel --dmenu (pick any from history)
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The idle_inhibitor em-dash and bare mako '0' blended with the clock.
- mako counter: prefix 'NTF', gray when empty, aqua for history, orange
for pending.
- idle_inhibitor: 'IDL'/'INH' with gray/yellow.
- privacy: red (only visible when screensharing or mic-active).
- Add padding rules so the new modules line up with the rest.
|
| |
|
|
|
|
|
| |
On cold boot Thunderbird would race protonmail-bridge and pop up a
'failed to login to 127.0.0.1' error. Poll 127.0.0.1:1143 (bridge's
default IMAP port) for up to 15s before spawning TB. Gives up silently
if the bridge doesn't come up.
|
| |
|
|
|
|
|
|
| |
Move waybar from sway's inline bar {} block to waybar.service pulled in
by sway-session.target. Matches the pattern for mako, swayidle,
poweralertd, display-watcher, cliphist. ExecReload sends SIGUSR2 so
'systemctl --user reload waybar' picks up config changes without a
restart.
|
| |
|
|
|
| |
$mod+v is sway's default splitv; my cliphist bind was shadowing it and
emitting a warning. Move clipboard history to $mod+p / $mod+Shift+p.
|
| |
|
|
|
| |
- shfmt -i 2 -ci -s on the four updated shell scripts (tabs → 2 spaces)
- prettier --write on KEYBINDS.md and README.md
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Install brightnessctl and bind all seven ThinkPad multimedia keys:
- XF86MonBrightnessUp/Down → brightnessctl ±5%
- XF86AudioMicMute → pactl source mute
- XF86Bluetooth → bt-toggle.sh (bluetoothctl + notify-send)
- XF86ScreenSaver (Fn+F2) → same as $mod+Shift+s (pause + swaylock)
- XF86Sleep → systemctl suspend
- XF86WLAN / XF86RFKill → rfkill toggle
Note: rfkill may need a passwordless doas rule
(permit nopass :wheel cmd rfkill) or group membership to write
/dev/rfkill without privileges; not wired speculatively.
|
| |
|
|
|
|
| |
Pairs with focus_follows_mouse to prevent stale-hover focus-steal after
keyboard navigation: the cursor jumps into the new focus so subsequent
small mouse movements don't bounce focus back to where it used to be.
|
sommerfeld