| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
doas's one-shot password and absent 'sudo -v' kept wasting hour-long
paru AUR builds. sudo-rs is a memory-safe Rust rewrite (ISRG/Ferrous
Systems), drop-in CLI compatible, and the same one Ubuntu 25.10 ships
as default. We follow the Arch wiki 'Using sudo-rs without the sudo
package' recipe verbatim — no custom shims.
- meta/base.txt: -doas-sudo-shim +sudo-rs
- etc/sudoers-rs (mode 0440): wiki minimal config + NOPASSWD reboot/poweroff
- etc/pam.d/sudo: 4-line copy of upstream sudo's PAM file
- run_onchange_after_deploy-etc.sh.tmpl: use real sudo, deploy sudoers-rs
at 0440, create /etc/pam.d/sudo-i and /usr/local/bin/{sudo,sudoedit,
su,visudo} → sudo-rs symlinks idempotently
- delete etc/doas.conf, dot_local/bin/{doasedit,sudo}
- zshrc: drop sudo=doas/sudoedit=doasedit aliases; rewrite ss/gimme/
pacdiff/ssys to call sudo
- justfile: s/doas/sudo/g (status/diff/restore helpers)
- nvim: rename :DoasWrite → :SudoWrite (uses sudo -S)
- sway config: reboot/poweroff buttons call sudo
- bootstrap.sh: update step-5 comment
- README/KEYBINDS/copilot-instructions: flip the privesc convention
No Defaults overrides: sudo's defaults (passwd_tries=3,
timestamp_timeout=5) already fix the doas pain, and paru SudoLoop
(kept) refreshes the 5-min window via real sudo -v.
|
| |
|
|
|
|
|
|
|
|
| |
- XF86Display replaces F7 for display-toggle.sh (dedicated HW key)
- XF86Tools opens floating pulsemixer (audio mixer TUI)
- XF86Keyboard opens KEYBINDS.md in glow (floating pager)
- XF86Favorites takes over mako history picker (from Super+Alt+n)
Adds generic [app_id="floating"] window rule so ghostty --class=floating
windows open floating. Adds glow to meta/base.txt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Default-deny inbound, allow outbound. Scoped to 'inet filter' with
'destroy table' on reload so podman/netavark tables are preserved.
- meta/base.txt: add nftables
- systemd-units/system/base.txt: enable nftables.service
- etc/nftables.conf: laptop ruleset (loopback, ct state, ICMP/ICMPv6
essentials, DHCPv6 client, default-drop input/forward, accept output)
- etc/sysctl.d/99-sysctl.conf: rp_filter=2, no redirects, no source-route,
log_martians
- README.md: firewall section with reload caveat
|
| |
|
|
| |
fwupd-refresh; drop fstrim.timer
|
| |
|
|
|
| |
Cap at 8 GiB, zstd compression. Tune VM for RAM-backed swap:
high swappiness, no read-ahead clustering.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
- mold moves cpp→dev (broader home; used by both Rust and C++ builds)
- choose/curlie/dog restored to base (actively used)
- restore 'alias curl=curlie' to match
linux-headers stays only in nvidia.txt (pulled by nvidia-dkms; no
other DKMS packages in the set).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Structural:
- Dedupe: drop git/unzip/wget/mold from dev, linux-headers from base,
zbar from btc (kept in wayland)
- Move thermald base→intel (Intel-only daemon)
- Split wayland.txt into wayland (compositor stack), browser, office
- Sort base.txt alphabetically
Content:
- Drop stale: dog, choose, curlie (base); sloccount (dev)
- Drop redundant: pipenv, yarn (dev has uv and npm)
- Drop niche: irqbalance, libusb-compat (base); go-md2man, flamelens (dev)
- Switch doas-sudo-shim-k → doas-sudo-shim (mainline variant)
Removed packages are list-only; uninstall afterward with paru -Rsn
if they appear in 'just undeclared'.
|
| | |
|
|
|
- Convert 16 PKGBUILD metapackages to simple .txt files (one package per line)
- Delete all PKGBUILD, .SRCINFO, and .pkg.tar.zst binary artifacts
- Clean stale packages: lf→yazi, tmux→zellij, neofetch→fastfetch, stow→chezmoi
- Remove duplicate rustup in dev, duplicate mesa in intel
- Add justfile recipes: install, install-all, status (unified drift detection)
- Configure chezmoi to exclude scripts from status/diff output
- Update copilot instructions
|
sommerfeld