| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | refactor(boot): drop linux-hardened-fallback UKI |  sommerfeld | 2 days | 1 | -4/+1 |
| * | feat(boot): add linux-hardened as parallel UKI | sommerfeld | 2 days | 1 | -0/+19 |
| * | feat(iwd): per-SSID MAC randomisation | sommerfeld | 2 days | 1 | -0/+23 |
| * | feat(polkit): restrict systemd + udisks system actions to active local sessions | sommerfeld | 2 days | 2 | -0/+26 |
| * | feat(sysctl): kernel info-disclosure + ICMP/IPv6 RA hardening | sommerfeld | 2 days | 1 | -1/+39 |
| * | fix(nftables): waydroid DHCP/DNS ingress, drop manual NAT table | sommerfeld | 9 days | 1 | -19/+9 |
| * | fix(nftables): add MASQUERADE for waydroid0 | sommerfeld | 9 days | 1 | -3/+19 |
| * | Revert "fix(sysctl): enable net.ipv4.ip_forward for NAT bridges" | sommerfeld | 9 days | 1 | -5/+0 |
| * | fix(sysctl): enable net.ipv4.ip_forward for NAT bridges | sommerfeld | 9 days | 1 | -0/+5 |
| * | fix(net): positive-match physical NICs into bond0 | sommerfeld | 9 days | 1 | -14/+9 |
| * | fix(net): keep waydroid0 out of bond0, allow it through nftables | sommerfeld | 9 days | 2 | -2/+10 |
| * | fix(pacman): correct llama.cpp-vulkan IgnorePkg name (was llama-cpp-vulkan) | sommerfeld | 12 days | 1 | -3/+3 |
| * | feat: teams autostart, llama-cpp-vulkan ignore, snxctl-chromium wrapper | sommerfeld | 2026-05-14 | 1 | -1/+3 |
| * | fix(nftables): use iifname/oifname for virbr0 so rules load before libvirtd | sommerfeld | 2026-05-13 | 1 | -4/+6 |
| * | fix(nftables): allow DHCP/DNS and forwarding for libvirt virbr0 | sommerfeld | 2026-05-13 | 1 | -0/+16 |
| * | fix(networkd): exclude virtual taps/bridges from bond0 enslavement | sommerfeld | 2026-05-13 | 1 | -0/+10 |
| * | feat: add libvirt/qemu/swtpm stack for Sii Intune VM | sommerfeld | 2026-05-13 | 1 | -0/+13 |
| * | feat(nix): saturate builds, add community cache, pin nixpkgs registry | sommerfeld | 2026-05-13 | 1 | -2/+10 |
| * | fix(lostfiles): emit parent directories alongside tracked files | sommerfeld | 2026-05-13 | 1 | -1/+1 |
| * | feat(lostfiles): filter known/private/cache paths via auto-synced ignore | sommerfeld | 2026-05-13 | 2 | -1/+36 |
| * | refactor(udev): drop hand-rolled ZSA rule, install qmk package instead | sommerfeld | 2026-05-13 | 1 | -13/+0 |
| * | feat(udev,flatpak): allow ungoogled-chromium to talk to ZSA keyboards | sommerfeld | 2026-05-13 | 1 | -0/+13 |
| * | refactor(sudoers): drop NOPASSWD poweroff/reboot, polkit handles it | sommerfeld | 2026-05-13 | 1 | -3/+0 |
| * | refactor(nftables): minimize diff against upstream pristine | sommerfeld | 2026-05-13 | 2 | -46/+24 |
| * | fix(sudoers-rs,waybar): pass DIFFPROG (and friends) through sudo-rs | sommerfeld | 2026-05-13 | 1 | -0/+16 |
| * | feat(lostfiles): weekly unowned-files refresh + waybar reminder | sommerfeld | 2026-05-13 | 2 | -0/+21 |
| * | feat(arch-audit): daily CVE refresh + waybar reminder | sommerfeld | 2026-05-13 | 2 | -0/+21 |
| * | feat(systemd): monthly btrfs balance template | sommerfeld | 2026-05-13 | 2 | -0/+25 |
| * | feat(waybar,sway): htop click handler, app keybinds, VPN toggle | sommerfeld | 2026-05-13 | 1 | -0/+13 |
| * | fix(logind): ignore KEY_POWER long-press too | sommerfeld | 2026-05-13 | 1 | -6/+12 |
| * | refactor(logind): drop device-specific rationale from power-key drop-in | sommerfeld | 2026-05-13 | 1 | -8/+5 |
| * | fix(logind): ignore KEY_POWER short-press to stop Shokz dongle shutdowns | sommerfeld | 2026-05-13 | 2 | -7/+11 |
| * | feat(udev): replace shokz blacklist with hwdb keycode override | sommerfeld | 2026-05-13 | 2 | -1/+7 |
| * | fix(privesc): revert bogus AssumeInstalled directive | sommerfeld | 2026-05-13 | 1 | -4/+0 |
| * | feat(privesc): drop classic sudo via AssumeInstalled | sommerfeld | 2026-05-13 | 1 | -0/+4 |
| * | feat(privesc): migrate from opendoas to sudo-rs | sommerfeld | 2026-05-13 | 3 | -3/+17 |
| * | feat(nix): hybrid setup with flakes + direnv for per-project dev shells | sommerfeld | 2026-05-13 | 1 | -0/+21 |
| * | feat(net): nftables laptop firewall | sommerfeld | 2026-05-13 | 2 | -0/+63 |
| * | refactor(etc): narrow etc-status to tracked-file drift | sommerfeld | 2026-05-13 | 1 | -57/+0 |
| * | fix(etc): restrict lsblk to the parent device only | sommerfeld | 2026-05-13 | 1 | -1/+1 |
| * | feat(etc): template kernel cmdline, derive LUKS UUID from partition name | sommerfeld | 2026-05-13 | 2 | -1/+1 |
| * | feat(getty): blank VT and powerdown monitor on idle | sommerfeld | 2026-05-13 | 1 | -0/+2 |
| * | refactor(sway): manage swayidle as a user unit; drop logind override | sommerfeld | 2026-05-13 | 1 | -57/+0 |
| * | feat(sway): auto-lock on idle and before suspend | sommerfeld | 2026-05-13 | 1 | -0/+57 |
| * | refactor(etc): keep mkinitcpio.conf closer to Arch pristine | sommerfeld | 2026-05-13 | 1 | -1/+1 |
| * | feat(boot): switch to systemd initramfs + rd.luks.name cmdline | sommerfeld | 2026-05-13 | 2 | -2/+2 |
| * | refactor(etc): drop marginal UPower percentage overrides | sommerfeld | 2026-05-13 | 1 | -3/+3 |
| * | refactor(etc): re-sync reflector.conf against pristine; VPN-aware countries | sommerfeld | 2026-05-13 | 1 | -3/+26 |
| * | refactor(etc): re-sync UPower.conf against pristine | sommerfeld | 2026-05-13 | 1 | -4/+107 |
| * | feat(etc): relax faillock (deny=50, unlock_time=30) | sommerfeld | 2026-05-13 | 1 | -0/+64 |
