| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vanilla sway only has splith/splitv with no auto-orientation, so new
windows always split along whatever axis the parent container is set
to (default splith). The result: opening a third window in a workspace
that's already split horizontally just keeps stacking horizontally,
even when each pane is now narrower than it is tall.
swayr's daemon (swayrd) subscribes to sway IPC and, with
[layout].auto_tile = true, issues splith or splitv on the focused
container based on its width-vs-height before sway places the next
window. The result is the i3/awesome-style spiral tiling: each new
window splits the focused pane along its longest side.
Run swayrd as a systemd user service bound to sway-session.target so
it starts/stops with the session (matching the pattern used by
waybar, swayidle, mako, etc.). No keybind changes; only the placement
algorithm.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Inspecting upstream qmk_udev's 50-qmk.rules: the access-granting
line (`SUBSYSTEM=="hidraw" ... ENV{ID_QMK}="1"` paired with a
MODE/TAG) is *commented out*. The package only sets ID_QMK=1 via a
helper to mark devices for ModemManager to ignore during flashing. It
does not in fact tag hidraw nodes with uaccess for runtime apps like
VIA/usevia.
zsa-udev (AUR) ships ZSA's upstream 50-oryx.rules and 50-wally.rules
which do exactly the right TAG+=uaccess on VID 3297. Same package
zsa-keymapp-bin already depends on, so this is the canonical path.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The qmk Arch package ships /usr/lib/udev/rules.d/50-qmk.rules covering
all major mech-keyboard vendors including ZSA's VID 3297, with the
same TAG+=uaccess semantics. Prefer that over maintaining our own
rules file.
- meta/base.txt: + qmk
- etc/udev/rules.d/50-zsa.rules: removed
- etc deploy script: drop the udevadm reload (only existed to support
our custom rule; pacman handles reloads for package-shipped rules).
|
| |
|
|
|
|
|
|
| |
The python pass-secret-service AUR package is unmaintained. Switch to
grimsteel's actively-maintained Rust implementation (-bin variant for
faster install) and enable the shipped user systemd unit so the
service is visible to systemctl --user status, not just lazily
D-Bus-activated.
|
| |
|
|
|
|
|
|
|
| |
Signal Desktop (and any libsecret consumer) wants to talk to the
org.freedesktop.secrets D-Bus service. pass-secret-service implements
that API on top of the existing pass store -- secrets land under
~/.password-store/secret-service/ encrypted with the same GPG key, so
no separate keyring to manage. The service is D-Bus activated, no
systemd unit needed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- xdg-desktop-portal: pin wlr for ScreenCast/Screenshot, gtk for the
rest, so flatpak browsers (Meet, Slack, Discord) get a working
screen-share path instead of whatever the portal frontend happens to
pick first.
- wob: small wayland overlay bar fed via a fifo. New vol-osd.sh /
brightness-osd.sh wrappers replace the bare pactl/brightnessctl
invocations in keybinds so adjusting volume or backlight flashes a
bar at the bottom of the screen. wob.service owns the fifo lifecycle
(mkfifo before, rm after).
- mako: add a [mode=do-not-disturb] section that hides notifications
while the mode is active, plus a Super+x n submode binding to toggle
it. Notifications still accumulate in history; just no popups.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two related session-idle improvements:
1. ScreenSaver inhibit bridge. Browsers (LibreWolf/Chromium flatpaks)
ask the session not to idle via the legacy
org.freedesktop.ScreenSaver D-Bus API during video calls and
fullscreen video; swayidle only honors logind's BlockInhibited
property. Add inhibridge as a user unit to translate the former
into the latter, so e.g. a Google Meet tab now keeps the screen
from locking, dimming and (downstream) suspending.
2. Post-resume grace period. Locking on before-sleep meant every wake
demanded the password even for a quick check. Replace with:
before-sleep -> only pause media
after-resume -> resume-lock-grace.sh 30
The grace script runs a one-shot swayidle that locks iff the user
stays idle for 30s after the wake, with a watchdog that exits as
soon as swaylock comes up (or after a hard cap) so it never lingers
alongside the main swayidle. The 5-min main idle-lock and explicit
loginctl lock-session paths are unchanged.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Three small extra-repo packages, each anchoring one strand of the new
'remind, never auto-fix' system-health story:
- arch-audit: queries security.archlinux.org for CVEs against installed
versions and prints those that already have a fix in the repos. Driven
by etc/systemd/system/arch-audit.timer (daily refresh into
/run/arch-audit.txt) and surfaced through custom/arch-audit in waybar.
- lostfiles: enumerates filesystem entries under tracked dirs (/etc,
/usr, /var…) that aren't owned by any pacman package and aren't on
its built-in safe-list. Driven by etc/systemd/system/lostfiles.timer
(weekly refresh into /run/lostfiles.txt) and surfaced through
custom/lostfiles in waybar.
- kernel-modules-hook: ships its own /usr/share/libalpm/hooks entries
that copy the running kernel's modules to /usr/lib/modules/$(uname -r)
on upgrade and prune them on shutdown, so modprobe (USB devices, vfat
mounts, etc.) keeps working between a kernel upgrade and the next
reboot. No further config — drop-in fix.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop the per-domain group fragmentation in meta/ and the parallel
group-per-file structure in systemd-units/.
meta/ (18 -> 6 groups):
keep base, flatpak (magic), intel, nvidia, work, btc
fold browser, bt, cpp, dev, extra, fonts, mail, media, nix,
sound, wayland -> base (with `# --- section ---` comments
preserving at-a-glance structure)
drop fortran (niche; install ad-hoc when needed)
systemd-units/:
flatten to a single system.txt + user.txt; .ignore files move up
one level; group concept and pairing rule removed.
justfile:
unit-list/unit-apply/unit-status no longer take a group argument.
unit-add/unit-forget infer scope by probing
`systemctl [--user] cat <unit>` (system wins on tie). Top-level
add/forget dispatcher updated: any unit-suffixed arg routes to
unit-* without requiring a leading GROUP.
docs:
.github/copilot-instructions.md and README.md updated to describe
the new flat layout. Pairing rule and group-token grammar gone.
Pure layout refactor - no package contents change.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
doas's one-shot password and absent 'sudo -v' kept wasting hour-long
paru AUR builds. sudo-rs is a memory-safe Rust rewrite (ISRG/Ferrous
Systems), drop-in CLI compatible, and the same one Ubuntu 25.10 ships
as default. We follow the Arch wiki 'Using sudo-rs without the sudo
package' recipe verbatim — no custom shims.
- meta/base.txt: -doas-sudo-shim +sudo-rs
- etc/sudoers-rs (mode 0440): wiki minimal config + NOPASSWD reboot/poweroff
- etc/pam.d/sudo: 4-line copy of upstream sudo's PAM file
- run_onchange_after_deploy-etc.sh.tmpl: use real sudo, deploy sudoers-rs
at 0440, create /etc/pam.d/sudo-i and /usr/local/bin/{sudo,sudoedit,
su,visudo} → sudo-rs symlinks idempotently
- delete etc/doas.conf, dot_local/bin/{doasedit,sudo}
- zshrc: drop sudo=doas/sudoedit=doasedit aliases; rewrite ss/gimme/
pacdiff/ssys to call sudo
- justfile: s/doas/sudo/g (status/diff/restore helpers)
- nvim: rename :DoasWrite → :SudoWrite (uses sudo -S)
- sway config: reboot/poweroff buttons call sudo
- bootstrap.sh: update step-5 comment
- README/KEYBINDS/copilot-instructions: flip the privesc convention
No Defaults overrides: sudo's defaults (passwd_tries=3,
timestamp_timeout=5) already fix the doas pain, and paru SudoLoop
(kept) refreshes the 5-min window via real sudo -v.
|
| |
|
|
|
|
|
|
|
|
| |
- XF86Display replaces F7 for display-toggle.sh (dedicated HW key)
- XF86Tools opens floating pulsemixer (audio mixer TUI)
- XF86Keyboard opens KEYBINDS.md in glow (floating pager)
- XF86Favorites takes over mako history picker (from Super+Alt+n)
Adds generic [app_id="floating"] window rule so ghostty --class=floating
windows open floating. Adds glow to meta/base.txt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Default-deny inbound, allow outbound. Scoped to 'inet filter' with
'destroy table' on reload so podman/netavark tables are preserved.
- meta/base.txt: add nftables
- systemd-units/system/base.txt: enable nftables.service
- etc/nftables.conf: laptop ruleset (loopback, ct state, ICMP/ICMPv6
essentials, DHCPv6 client, default-drop input/forward, accept output)
- etc/sysctl.d/99-sysctl.conf: rp_filter=2, no redirects, no source-route,
log_martians
- README.md: firewall section with reload caveat
|
| |
|
|
| |
fwupd-refresh; drop fstrim.timer
|
| |
|
|
|
| |
Cap at 8 GiB, zstd compression. Tune VM for RAM-backed swap:
high swappiness, no read-ahead clustering.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
- mold moves cpp→dev (broader home; used by both Rust and C++ builds)
- choose/curlie/dog restored to base (actively used)
- restore 'alias curl=curlie' to match
linux-headers stays only in nvidia.txt (pulled by nvidia-dkms; no
other DKMS packages in the set).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Structural:
- Dedupe: drop git/unzip/wget/mold from dev, linux-headers from base,
zbar from btc (kept in wayland)
- Move thermald base→intel (Intel-only daemon)
- Split wayland.txt into wayland (compositor stack), browser, office
- Sort base.txt alphabetically
Content:
- Drop stale: dog, choose, curlie (base); sloccount (dev)
- Drop redundant: pipenv, yarn (dev has uv and npm)
- Drop niche: irqbalance, libusb-compat (base); go-md2man, flamelens (dev)
- Switch doas-sudo-shim-k → doas-sudo-shim (mainline variant)
Removed packages are list-only; uninstall afterward with paru -Rsn
if they appear in 'just undeclared'.
|
| | |
|
|
|
- Convert 16 PKGBUILD metapackages to simple .txt files (one package per line)
- Delete all PKGBUILD, .SRCINFO, and .pkg.tar.zst binary artifacts
- Clean stale packages: lf→yazi, tmux→zellij, neofetch→fastfetch, stow→chezmoi
- Remove duplicate rustup in dev, duplicate mesa in intel
- Add justfile recipes: install, install-all, status (unified drift detection)
- Configure chezmoi to exclude scripts from status/diff output
- Update copilot instructions
|
sommerfeld