| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
User confirms snx-rs's SAML loopback no longer needs chromium routing.
Remove:
- dot_local/bin/snxctl-chromium (PATH-override wrapper)
- dot_local/share/snx-rs/bin/xdg-open (chromium shim)
- snx-rs LibreWolf SAML note in user-overrides.js
The waybar snx-vpn toggle now just runs `snxctl connect` detached,
no wrapper indirection.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
snx-rs.service is a system unit, not --user, so the prior approach of
overriding the daemon's PATH via a systemd drop-in could never apply.
And it wasn't needed anyway: snxctl itself runs opener::open(url)
in-process, so prepending the shim dir to snxctl's PATH is enough.
- Drop dot_config/systemd/user/snx-rs.service.d/10-chromium-saml.conf.
- snxctl-chromium now just sets PATH and exec's snxctl connect.
- xdg-open shim no longer forces --new-window so chromium can reuse a
warm window (faster SAML round-trip).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
systemd/user/teams-{sii,xsight}.service: autostart both Teams flatpak
profiles on sway-session.target login. KillMode=mixed so SIGTERM hits
only the wrapper process — both instances share the same flatpak app
id, so killing by app id would take down the sibling instance. A 15s
SIGKILL fallback covers the case where Electron tray-hides instead of
quitting. Both units listed in systemd-units/user.txt.
etc/pacman.conf: IgnorePkg = llama-cpp-vulkan. The AUR package rebuilds
on every llama.cpp commit (multi-hour build). Update manually with
`paru -S llama-cpp-vulkan` when intended.
snxctl-chromium wrapper:
- dot_local/share/snx-rs/bin/xdg-open: shim that flatpak-runs
ungoogled-chromium, used only by snx-rs.
- dot_config/systemd/user/snx-rs.service.d/10-chromium-saml.conf:
drop-in prepending that dir to the daemon's PATH so snx-rs's
opener-crate call to xdg-open lands in chromium, without affecting
xdg-open for any other process.
- dot_local/bin/snxctl-chromium: convenience wrapper that
daemon-reloads and restarts snx-rs.service if the drop-in isn't yet
applied, then execs `snxctl connect`.
firefox/user-overrides.js: revert the dom.security.https_only_mode.
upgrade_local and network.lna.local-network-to-localhost.skip-checks
prefs — they didn't actually fix the SAML flow. Replaced with a
comment pointing to the wrapper instead.
|
| |
|
|
|
|
|
| |
Pre-existing whitespace/style drift caught by `just check`. Touch
nothing semantic — pure formatter output (shfmt -i 2 -ci -s, ruff,
prettier, taplo). Excludes dot_config/clangd/config.yaml whose manual
indentation is intentionally preserved.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
doas's one-shot password and absent 'sudo -v' kept wasting hour-long
paru AUR builds. sudo-rs is a memory-safe Rust rewrite (ISRG/Ferrous
Systems), drop-in CLI compatible, and the same one Ubuntu 25.10 ships
as default. We follow the Arch wiki 'Using sudo-rs without the sudo
package' recipe verbatim — no custom shims.
- meta/base.txt: -doas-sudo-shim +sudo-rs
- etc/sudoers-rs (mode 0440): wiki minimal config + NOPASSWD reboot/poweroff
- etc/pam.d/sudo: 4-line copy of upstream sudo's PAM file
- run_onchange_after_deploy-etc.sh.tmpl: use real sudo, deploy sudoers-rs
at 0440, create /etc/pam.d/sudo-i and /usr/local/bin/{sudo,sudoedit,
su,visudo} → sudo-rs symlinks idempotently
- delete etc/doas.conf, dot_local/bin/{doasedit,sudo}
- zshrc: drop sudo=doas/sudoedit=doasedit aliases; rewrite ss/gimme/
pacdiff/ssys to call sudo
- justfile: s/doas/sudo/g (status/diff/restore helpers)
- nvim: rename :DoasWrite → :SudoWrite (uses sudo -S)
- sway config: reboot/poweroff buttons call sudo
- bootstrap.sh: update step-5 comment
- README/KEYBINDS/copilot-instructions: flip the privesc convention
No Defaults overrides: sudo's defaults (passwd_tries=3,
timestamp_timeout=5) already fix the doas pain, and paru SudoLoop
(kept) refreshes the 5-min window via real sudo -v.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The packaged doas-sudo-shim is just 'exec doas "$@"', which means
'sudo -v' (used by paru --sudoloop to keep the auth timestamp fresh
during long AUR builds) hits doas, which doesn't implement -v, and
the loop dies. Then when the build finally finishes and tries the real
install, the cached timestamp has long expired, so we reprompt — and
opendoas only allows one attempt before bailing, so a single mistype
throws an hour of compilation away.
Replace it (per-user, via $HOME/.local/bin precedence) with a shim
that translates:
-v -> doas true (refresh persist timestamp)
-k / -K -> doas -L (clear)
-E -H -i -S etc -> dropped (no doas equivalent)
rest -> doas "$@"
Then enable SudoLoop in paru.conf so the timestamp stays fresh.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move LibreWolf from native librewolf-bin to Flathub
io.gitlab.librewolf-community. Bubblewrap isolates the browser from
$HOME (\\.ssh, password-store, gnupg, ssh-agent socket) at the cost
of namespace chroot + IPC/network namespace isolation between content
processes (mozilla bug 1756236, P3, considered defense-in-depth).
seccomp-bpf — the dominant sandbox layer — is preserved.
- meta/flatpak.txt: + io.gitlab.librewolf-community
- meta/browser.txt: - librewolf-bin
- run_onchange_after_deploy-firefox.sh.tmpl: profile path moves to
~/.var/app/io.gitlab.librewolf-community/.librewolf
- dot_config/mimeapps.list: librewolf.desktop -> flatpak app id
- dot_local/bin/executable_linkhandler: flatpak run wrapper
- README.md: blurb + new profile path
arkenfox-user.js + chezmoi user-overrides.js deploy keep working
unchanged because the flatpak profile is still on the host fs.
|
| |
|
|
|
|
|
|
|
|
| |
large-v3-turbo-q5_0 ran ~1-2x realtime on the T490's CPU, making
push-to-talk feel sluggish. The base multilingual model is ~142 MB
(vs 547 MB) and runs ~7-10x realtime, dropping perceived latency on
short utterances from a few seconds to near-instant.
Quality on short EN/PT dictation remains usable; bump WHISPER_MODEL
to small or large-v3-turbo if accuracy matters more than latency.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Push-to-talk dictation toggle on Super+i: parecord captures 16 kHz mono
WAV, whisper-cli transcribes (auto language), output is typed via wtype
and copied to the clipboard.
Region OCR on Super+Shift+o: slurp + grim feed tesseract (eng+por),
result lands in the clipboard with a notification preview.
Adds wtype to wayland.txt; tesseract (+eng/por data) and whisper.cpp +
the large-v3-turbo-q5_0 model package to extra.txt.
|
| |
|
|
|
|
|
|
|
| |
Remove aerc, khal, khard, vdirsyncer from meta/mail.txt and delete their
configs (aerc/, vdirsyncer systemd override, aerc .desktop handler).
Point linkhandler mailto at xdg-open until a GUI client is set up.
Add systemd user unit for protonmail-bridge --noninteractive, tied to
graphical-session.target so it starts with the sway session.
|
| |
|
|
|
|
|
| |
Track /etc/kernel/cmdline and enable default_uki/fallback_uki in
linux.preset. Remove create-efi helper (UKI is self-contained; only
needed once at install time). Update bootstrap to print the one-off
efibootmgr command instead of launching create-efi.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sway's XWayland is lazy — DISPLAY isn't set in sway's env until the
first X client connects, which means systemctl/dbus import-environment
runs too early and nothing downstream sees DISPLAY.
Setting DISPLAY=:0 in zprofile before 'exec sway' ensures sway itself
inherits it, and therefore so do all its child processes (terminals,
scripts, systemd user services via import-environment). XWayland will
spawn on demand when a client actually connects to :0.
Also drop the redundant fallback from rqr now that the session-wide
export covers it.
|
| |
|
|
|
|
|
|
|
|
|
| |
zbarcam needs an X11 display for the live camera preview, which sway
provides via XWayland. Two changes to make that reliable:
- sway/config: add DISPLAY to the systemd/dbus user-environment imports,
so anything launched through those paths (not just direct sway execs)
can reach XWayland.
- rqr: default DISPLAY to :0 (sway's default XWayland socket) when
unset, as a belt-and-suspenders fallback.
|
| |
|
|
|
|
|
| |
zbarcam defaults to opening an X11 preview window, which fails on Sway
without XWayland ("unable to open X display"). --nodisplay runs the
scanner headlessly; we don't need the preview since -1 exits on the
first barcode anyway.
|
| |
|
|
|
|
|
|
|
|
| |
Inline directives for cases where the linter's shell/language dialect
doesn't match reality:
- init.lua: _G.P helper is intentional
- dot_zprofile: zsh tied arrays, $+commands, optional sourcing
- dot_zshrc: zsh brace-group-as-function-body
- ipython_config: 'c' is injected by IPython at load time
- doasedit: /bin/sh on Arch is bash, -O test is supported
|
| | |
|
| |
|
|
|
| |
Aligned with the other personal scripts; chezmoi will deploy it as
~/.local/bin/create-efi (executable, no .sh extension).
|
|
|
Rename home/ contents to chezmoi naming conventions:
- dot_ prefix for dotfiles and dot-dirs
- private_dot_ for .gnupg and .ssh directories
- private_ for 0600 files (nym.pub)
- executable_ for scripts in .local/bin and display-toggle.sh
- symlink_ for mimeapps.list symlink
|
sommerfeld