| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
5s still wasn't enough on cold boot — Thunderbird kept racing the SMTP
listener and showing the connection-failure dialog.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
zprofile sets PASSWORD_STORE_DIR to $XDG_DATA_HOME/password-store, but
systemd-user-launched services (notably waybar's tb-unread.sh, which
calls 'pass show') don't inherit it. Sway is started from the login
shell so the var is in its environment — propagate it to the user
manager and dbus activation env, same pattern as the XDG_SESSION_*
vars.
Resolves the same problem already worked around for
protonmail-bridge.service via a drop-in override; that override is
now redundant but kept as belt-and-braces.
|
| |
|
|
|
|
|
|
|
|
|
| |
Polls the protonmail-bridge IMAP socket every 60s with STATUS INBOX
(UNSEEN), displays the count next to the tray, and clicking the badge
runs tb-toggle.sh to bring TB out of the scratchpad (or launch it).
Setup: store bridge credentials in pass at email/protonmail-bridge/{user,
pass}. The bridge surfaces them via 'protonmail-bridge --cli' -> 'info'.
With no entries (or with the bridge unreachable) the module shows
'MAIL ?' in red and is otherwise inert.
|
| |
|
|
|
|
| |
The IMAP '* OK' banner arrives before the SMTP listener on 1025 is
fully ready. 1s wasn't always enough — Thunderbird would still race
into a 'failed to connect to 127.0.0.1, please retry' dialog.
|
| |
|
|
| |
This reverts commit 8b6d81742fa71aff76e602edc023c45ca4b38066.
|
| |
|
|
|
|
|
| |
ProtonMail Bridge cold-start (keyring unlock + account decryption)
occasionally exceeds 60s, so the IMAP '* OK' banner never arrives in
time and Thunderbird launches into a 'failed to connect to 127.0.0.1,
please retry' dialog. Triple the budget to 180s.
|
| |
|
|
| |
This reverts commit 9c051b2cb47ca6e60b6c76877be78cc529d9f4da.
|
| |
|
|
|
|
|
|
| |
Flatpak Thunderbird has a slower cold start than the native package
used to. On a busy session start, the main window with the tb-main
mark sometimes appears after the existing 20s budget, and the script
exits without moving it to the scratchpad — leaving TB tiled on the
current workspace.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two issues with the sway autostart of signal.service:
1. Electron picks its tray backend from XDG_SESSION_TYPE and
XDG_SESSION_DESKTOP. The sway config only imported DISPLAY,
WAYLAND_DISPLAY, SWAYSOCK and XDG_CURRENT_DESKTOP into the systemd
user manager, so services launched there got a partial env and
Electron registered no SNI tray icon. Worked when launched from a
terminal (which inherits sway's full env, including the bits set by
pam_systemd). Add the two missing variables to both
systemctl import-environment and dbus-update-activation-environment.
2. With minimize-to-tray on, Electron treats SIGTERM as a window-close
and just hides the window, so 'systemctl --user stop signal' did
nothing visible until the 90s default timeout SIGKILLed. Switch to
ExecStop=flatpak kill org.signal.Signal, which uses flatpak's own
instance manager to actually terminate the sandboxed app, plus a
short TimeoutStopSec as a safety net.
|
| |
|
|
| |
This reverts commit 6eafc884f77a367f04dc4e7b35ca999de5bea271.
|
| |
|
|
|
|
|
|
| |
Without this, signal.service races with waybar at session start: if
Signal asks for the SNI watcher before waybar has registered it on
the bus, it launches with no tray icon and --start-in-tray hides the
main window with no way to bring it back. Add Requires/After=waybar
and an ExecStartPre that polls busctl for the watcher (up to 30s).
|
| |
|
|
|
|
|
| |
Sway does not honour XDG $HOME/.config/autostart/, so the in-app
'start at login' toggle is a no-op. Use a user unit wired into
sway-session.target with --start-in-tray, matching the existing
waybar/swayidle/cliphist/etc. pattern.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Defense-in-depth for the cross-sandbox handoff vector: when the
LibreWolf/Thunderbird flatpaks open a downloaded PDF or video via the
OpenURI portal, the receiving app currently runs natively with full
$HOME access — defeating part of the browser/mail isolation.
- meta/flatpak.txt: add org.pwmt.zathura, io.mpv.Mpv
- meta/wayland.txt: drop native zathura + zathura-pdf-mupdf
- meta/media.txt: keep native mpv (streamlink, /tmp/mpvsocket IPC,
fast yt-dlp) — flatpak mpv is *additional*, only as the mimeapps
default for video/audio to receive sandboxed handoffs
- dot_config/mimeapps.list: rewrite mpv.desktop -> io.mpv.Mpv.desktop,
zathura-pdf-mupdf.desktop -> org.pwmt.zathura.desktop, and replace
stale userapp-Thunderbird-* entries with org.mozilla.Thunderbird.desktop
- run_onchange_after_deploy-flatpak-overrides.sh.tmpl (new):
--filesystem=xdg-config/{zathura,mpv}:ro so the flatpaks read our
chezmoi-managed configs as a single source of truth
- README: media row + new deploy-script row
Manual one-shot on host: chezmoi apply -v.
The pteid bridge already iterates a flatpak app list, so cartão de
cidadão remains correctly registered for the Mozilla flatpaks. Native
mpv config (input-ipc-server) keeps working since each flatpak has its
own /tmp; no socket collision.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move LibreWolf from native librewolf-bin to Flathub
io.gitlab.librewolf-community. Bubblewrap isolates the browser from
$HOME (\\.ssh, password-store, gnupg, ssh-agent socket) at the cost
of namespace chroot + IPC/network namespace isolation between content
processes (mozilla bug 1756236, P3, considered defense-in-depth).
seccomp-bpf — the dominant sandbox layer — is preserved.
- meta/flatpak.txt: + io.gitlab.librewolf-community
- meta/browser.txt: - librewolf-bin
- run_onchange_after_deploy-firefox.sh.tmpl: profile path moves to
~/.var/app/io.gitlab.librewolf-community/.librewolf
- dot_config/mimeapps.list: librewolf.desktop -> flatpak app id
- dot_local/bin/executable_linkhandler: flatpak run wrapper
- README.md: blurb + new profile path
arkenfox-user.js + chezmoi user-overrides.js deploy keep working
unchanged because the flatpak profile is still on the host fs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Install Nix (multi-user daemon) on Arch and wire up direnv so any project
can declare its toolchain in a flake.nix and get a hermetic dev shell on
cd. No NixOS, no home-manager, no migration off paru/chezmoi — just one
new package manager scoped to project dev shells.
- meta/nix.txt: nix from extra repo
- meta/dev.txt: direnv (general-purpose, not nix-specific)
- systemd-units/system/nix.txt: nix-daemon.socket (socket-activated)
- etc/nix/nix.conf: enable flakes + nix-command, trusted-users=@wheel,
auto-optimise-store, keep-outputs/derivations so direnv envs survive GC
- dot_config/direnv/direnvrc: load nix-direnv 3.1.1 via source_url with
pinned sha256 (not packaged for Arch; refusing -git AUR)
- dot_config/nix/templates/{flake.nix,dev/}: flake template usable via
'nix flake init -t ~/.config/nix/templates'
- dot_config/zsh/dot_zshrc: 'eval "$(direnv hook zsh)"'
|
| |
|
|
|
|
|
|
|
| |
The Bridge presents a self-signed cert on its 127.0.0.1:1025 STARTTLS
listener, so git send-email's default cert verification fails with
SSL_verify_cert. Setting smtpSslCertPath to empty disables chain
verification for this single, loopback-only endpoint.
Per https://git-send-email.io/#step-2 (Proton Bridge note).
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a [sendemail] block targeting the local Bridge SMTP listener
(127.0.0.1:1025, STARTTLS) and a credential helper scoped to that URL
that fetches the password from pass (proton/bridge-smtp). The helper
command is public; the secret stays in the password store. The bridge
SMTP username (sensitive but not secret) goes in the per-identity
private overlay (~/doxfiles), not here.
Also pull in the Perl SMTP modules git send-email needs at runtime.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Push-to-talk dictation toggle on Super+i: parecord captures 16 kHz mono
WAV, whisper-cli transcribes (auto language), output is typed via wtype
and copied to the clipboard.
Region OCR on Super+Shift+o: slurp + grim feed tesseract (eng+por),
result lands in the clipboard with a notification preview.
Adds wtype to wayland.txt; tesseract (+eng/por data) and whisper.cpp +
the large-v3-turbo-q5_0 model package to extra.txt.
|
| |
|
|
|
|
|
|
|
| |
- xkb variant altgr-intl: AltGr dead keys + direct Euro on AltGr+5.
Preserves bare ' " ` ~ ^ for code/shell.
- Compose on Right Ctrl (compose:rctrl). Leaves Right Alt for AltGr.
- New dot_XCompose with %L include + PT-PT guillemets, Euro, ordinals,
em/en dashes, ellipsis.
- KEYBINDS.md: new Typing / Input section with AltGr + Compose cheatsheet.
|
| |
|
|
|
|
|
|
|
|
| |
- XF86Display replaces F7 for display-toggle.sh (dedicated HW key)
- XF86Tools opens floating pulsemixer (audio mixer TUI)
- XF86Keyboard opens KEYBINDS.md in glow (floating pager)
- XF86Favorites takes over mako history picker (from Super+Alt+n)
Adds generic [app_id="floating"] window rule so ghostty --class=floating
windows open floating. Adds glow to meta/base.txt.
|
| |
|
|
|
| |
tmux-style mnemonics. Bypasses NewPane's aspect-ratio auto-direction
which misfires on widescreens with pane_frames disabled.
|
| |
|
|
|
|
|
| |
Pair with the existing '$mod+w layout tabbed' to get a bspwm-like
monocle experience: one window visible, tabs along the top, status
bar intact. Cycle with Super+[ and Super+] (mimics browser tab
shortcuts).
|
| |
|
|
|
|
|
|
| |
The bridge opens the IMAP listener before the keyring is unlocked, so a
port-open check returns true while the server would still reject logins.
Probe for the '* OK' IMAP greeting (the bridge only sends it once it can
actually service logins) and add a 1s grace period for SMTP (1025) to
catch up.
|
| |
|
|
|
|
|
|
| |
Going through xdg-open relied on mimeapps propagation and
update-desktop-database cache. Add a dedicated `view-md` opener
that invokes okular directly and route *.md, *.markdown, and
text/markdown files to it. Still orphan=true to avoid the
unfinished-tasks prompt.
|
| |
|
|
|
|
|
| |
Default yazi rule treats .md as text and hands it to $EDITOR.
Prepend a rule that uses the `open` opener (xdg-open, now pointed
at okular) so pressing Enter on a markdown file in yazi opens the
rendered view instead of nvim.
|
| |
|
|
|
|
|
| |
xdg-open was handing .md files to nvim, which is an editor — not
what we want for casual reading. okular (with discount installed)
renders markdown as a paged document, similar to how zathura
handles pdfs.
|
| |
|
|
|
|
|
|
|
| |
yazi tracks child processes as running tasks. Default `open`
opener runs `xdg-open` synchronously, so opening a pdf (or any
file handed off to an external viewer) leaves yazi convinced a task
is still running and it prompts 'unfinished tasks, quit anyway?' on
exit. orphan = true detaches the spawned process from yazi so the
quit is clean.
|
| |
|
|
|
|
| |
--format is not supported by this mako version. Parse the native text
output (Notification N: summary / App name: X) with awk for the picker
and grep '^Notification ' for the counter.
|
| |
|
|
|
|
| |
makoctl outputs plain text by default on this version. Use --format
strings for both the history picker (%a/%s/%b) and the counter script
(%i + wc), instead of trying to parse JSON that isn't there.
|
| |
|
|
|
|
|
| |
Previous jq path (.data[0][].summary.data) only works for one nesting
shape of mako's history JSON. Recurse to find notification objects and
unwrap dbus-typed {type,data} fields defensively. Also bump
max-history from the default of 5 so more entries are retained.
|
| |
|
|
|
|
|
| |
makoctl menu only acts on currently-visible notifications, not history
(mako has no API to re-invoke arbitrary history entries). Replace with
a small script that pipes 'makoctl history' through jq and fuzzel, then
copies the selected entry to the clipboard for reference.
|
| | |
|
| |
|
|
|
|
| |
makoctl menu <cmd> expects the command to emit just the notification
id, but fuzzel --dmenu echoes the full '<id> <summary>' line. Pipe
through cut -d' ' -f1 so mako can act on the selection.
|
| |
|
|
|
| |
- Super+Ctrl+n: makoctl restore (re-show the most recent dismissed)
- Super+Alt+n: makoctl menu fuzzel --dmenu (pick any from history)
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The idle_inhibitor em-dash and bare mako '0' blended with the clock.
- mako counter: prefix 'NTF', gray when empty, aqua for history, orange
for pending.
- idle_inhibitor: 'IDL'/'INH' with gray/yellow.
- privacy: red (only visible when screensharing or mic-active).
- Add padding rules so the new modules line up with the rest.
|
| |
|
|
|
|
|
| |
On cold boot Thunderbird would race protonmail-bridge and pop up a
'failed to login to 127.0.0.1' error. Poll 127.0.0.1:1143 (bridge's
default IMAP port) for up to 15s before spawning TB. Gives up silently
if the bridge doesn't come up.
|
| |
|
|
|
|
|
|
| |
Move waybar from sway's inline bar {} block to waybar.service pulled in
by sway-session.target. Matches the pattern for mako, swayidle,
poweralertd, display-watcher, cliphist. ExecReload sends SIGUSR2 so
'systemctl --user reload waybar' picks up config changes without a
restart.
|
| |
|
|
|
| |
$mod+v is sway's default splitv; my cliphist bind was shadowing it and
emitting a warning. Move clipboard history to $mod+p / $mod+Shift+p.
|
| |
|
|
|
| |
- shfmt -i 2 -ci -s on the four updated shell scripts (tabs → 2 spaces)
- prettier --write on KEYBINDS.md and README.md
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Install brightnessctl and bind all seven ThinkPad multimedia keys:
- XF86MonBrightnessUp/Down → brightnessctl ±5%
- XF86AudioMicMute → pactl source mute
- XF86Bluetooth → bt-toggle.sh (bluetoothctl + notify-send)
- XF86ScreenSaver (Fn+F2) → same as $mod+Shift+s (pause + swaylock)
- XF86Sleep → systemctl suspend
- XF86WLAN / XF86RFKill → rfkill toggle
Note: rfkill may need a passwordless doas rule
(permit nopass :wheel cmd rfkill) or group membership to write
/dev/rfkill without privileges; not wired speculatively.
|
| |
|
|
|
|
| |
Pairs with focus_follows_mouse to prevent stale-hover focus-steal after
keyboard navigation: the cursor jumps into the new focus so subsequent
small mouse movements don't bounce focus back to where it used to be.
|
| |
|
|
|
| |
Any fullscreen window now pauses swayidle's timer. Covers mpv, video
calls, fullscreen browser video, etc.
|
| |
|
|
|
|
| |
New mako-status.sh emits JSON with pending / history counts. Click to
dismiss latest, right-click to dismiss all, middle-click to restore the
last dismissed notification.
|
| |
|
|
|
| |
Shows icons while any app holds the microphone or a screen-share source
via PipeWire. No new deps on a PipeWire system.
|
| |
|
|
|
| |
Click to toggle an inhibit lock that prevents swayidle from firing.
Useful for long reads, video playback without fullscreen, etc.
|
| |
|
|
|
| |
Pipe grim through tee so Print / Shift+Print save to disk AND copy the
PNG to the Wayland clipboard via wl-copy.
|
| |
|
|
|
|
| |
Install cliphist and wire two user services (text + image watchers) into
sway-session.target. Bind $mod+v to pick an entry via fuzzel and
$mod+Shift+v to delete one.
|
| | |
|
| |
|
|
|
|
|
|
| |
Splitting the for_window 'move to scratchpad' action into a dedicated
autostart helper so that super+t launches TB tiled (not stashed) when TB
isn't already running. Previously the for_window rule would stash every
new main window, forcing the user to press super+t twice after killing
TB manually.
|
sommerfeld