dotfiles - My linux config and rc files

	Commit message (Collapse)	Author	Age	Files	Lines
*	feat(suspend): hardened-only init_on_free=0 + hang-detection cmdline	sommerfeld	3 days	1	-2/+6
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Split the hardened UKI cmdline off the shared etc/kernel/cmdline.tmpl so we can carry workarounds without poking the stock linux build. Daily-driving linux-hardened on this hardware has reliably hung on resume from S3: black screen, blinking caps-lock + power LED, only the power button helps. The kernel journal stops at 'PM: suspend entry (deep)' with nothing after, so the freeze is below the level where logs can flush — characteristic of a hard hang inside a device driver's suspend/resume callback rather than a userspace bug. linux-hardened defaults init_on_free=1, which zeroes pages on free. On Intel + iwlwifi/i915/nvme stacks this routinely surfaces latent UAFs as suspend hangs that are invisible on stock linux. Drop that knob to 0 for the hardened cmdline as the working hypothesis. Add nmi_watchdog=panic, softlockup_panic=1, panic=10 so if the next attempt still wedges, a stuck CPU self-panics and auto-reboots within ~10s, giving us a 'journalctl -b -1 -k' trace to look at instead of having to force-power-off blindly. Stock linux is untouched.
*	Revert "refactor(boot): drop linux-hardened-fallback UKI"	sommerfeld	3 days	1	-1/+4
\| \| \| \| \| \| \| \| \|	Keeping the fallback after all — leaves the door open to dropping the stock 'linux' package entirely once linux-hardened is proven as a daily driver. Without hardened-fallback, that future single-kernel config would have zero autodetect recovery path. This reverts commit c0c9183.
*	refactor(boot): drop linux-hardened-fallback UKI	sommerfeld	3 days	1	-4/+1
\| \| \| \| \| \| \| \| \|	Stock linux-fallback already covers the 'autodetect missed a module' recovery scenario, regardless of which kernel you tried to boot. hardened being opt-in means a hardened-default failure naturally falls back to stock — no need for hardened-fallback as a second safety net. Saves ESP space and mkinitcpio regen time on each linux-hardened update.
*	feat(boot): add linux-hardened as parallel UKI	sommerfeld	3 days	1	-0/+19
	Installs linux-hardened + linux-hardened-headers alongside the stock linux kernel. Stock kernel remains the default; linux-hardened is opt-in via efibootmgr --bootnext after the EFI entry is registered (one-time host-side step, documented in the preset). After first 'just pkg-apply', mkinitcpio auto-builds /boot/EFI/Linux/arch-linux-hardened.efi from the new preset (sharing etc/kernel/cmdline.tmpl with the stock UKI — same LUKS root, no kernel-specific cmdline knobs). Host-side EFI entry registration: sudo efibootmgr --create --disk /dev/nvme0n1 --part 1 \ --label 'Arch Hardened' --loader '\\EFI\\Linux\\arch-linux-hardened.efi' Roll back any time by removing both packages and the preset file; the stock kernel and its UKI are untouched.