dotfiles - My linux config and rc files

	Commit message (Collapse)	Author	Age	Files	Lines
*	fix(suspend): load intel_lpss_pci from initramfs (Arch wiki touchpad fix)	sommerfeld	3 days	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Symptoms (Intel CPU + linux-hardened + blinking caps lock + hard hang on resume from S3) are a direct match for the Arch wiki entry: https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Touchpad_causes_a_kernel_panic_on_resume https://bbs.archlinux.org/viewtopic.php?id=231881 When intel_lpss_pci is loaded late (via udev after userspace is up), the touchpad/I2C controller it parents can be torn down by suspend before the module's resume callback is registered, leading to a NULL-deref panic during resume. The kernel never makes it far enough to flush logs — which matches our 'PM: suspend entry (deep)' being the last journal line. Fix: load intel_lpss_pci from the initramfs so it's available before the suspend/resume code path runs. Why this only bites linux-hardened: the hardening config enables INIT_ON_FREE, slab freelist hardening, page poisoning, and stricter pointer validation, which turn what's a silent UAF on stock linux into an immediate panic on hardened. Stock 'just works' by accident. Also drop the speculative init_on_free=0 from the hardened cmdline now that we have a targeted hypothesis. Keep nmi_watchdog=panic + softlockup_panic=1 + panic=10 as belt-and-braces: if this fix is wrong, the next hang will auto-reboot with a usable panic log in 'journalctl -b -1 -k' instead of needing the power button again.
*	refactor(etc): keep mkinitcpio.conf closer to Arch pristine	sommerfeld	2026-05-13	1	-1/+1
\| \| \| \| \| \|	Arch already ships systemd-based HOOKS as default; only add sd-encrypt. keymap is redundant with sd-vconsole but harmless, and keeping it minimizes diff from upstream (one word changed).
*	feat(boot): switch to systemd initramfs + rd.luks.name cmdline	sommerfeld	2026-05-13	1	-1/+1
\| \| \| \| \| \| \| \| \|	Prerequisite for TPM2 LUKS unlock. systemd-cryptenroll stores TPM hints in LUKS2 token metadata, so no cmdline options are needed beyond rd.luks.name (sd-encrypt auto-discovers enrolled tokens). After chezmoi apply: sudo mkinitcpio -P && sudo sbctl verify, then reboot. Passphrase still works; TPM enrollment is a separate step.
*	UPower: PowerOff critical action (no swap, no hibernate)	sommerfeld	2026-04-21	1	-1/+1
\|
*	hibernate: add resume mkinitcpio hook, UPower critical action	sommerfeld	2026-04-21	1	-1/+1
\|
*	feat(etc): track drifted host configs	sommerfeld	2026-04-21	1	-0/+81
	Adopted via 'just etc-add' after 'just etc-drift' surfaced them: locale.conf, locale.gen, mkinitcpio.conf, mkinitcpio.d/linux.preset, pacman.conf, resolved.conf, systemd/network/30-bond*, and the shokz udev blacklist rule.