| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
The qmk Arch package ships /usr/lib/udev/rules.d/50-qmk.rules covering
all major mech-keyboard vendors including ZSA's VID 3297, with the
same TAG+=uaccess semantics. Prefer that over maintaining our own
rules file.
- meta/base.txt: + qmk
- etc/udev/rules.d/50-zsa.rules: removed
- etc deploy script: drop the udevadm reload (only existed to support
our custom rule; pacman handles reloads for package-shipped rules).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
usevia.app uses WebHID to talk to /dev/hidraw* directly. Two layers
were blocking it:
1. Host: no udev rule existed for ZSA boards, so /dev/hidraw nodes
were root-only. Add etc/udev/rules.d/50-zsa.rules covering the ZSA
VID 3297 (ErgoDox EZ / Moonlander / Voyager) with TAG+=uaccess so
logind grants the active session user access. Also include the two
bootloader VIDs used during firmware flashing for completeness.
2. Sandbox: the chromium flatpak only sees /dev/dri by default. Add a
--device=all override (flatpak has no finer-grained device knob).
The host udev rule still gates which hidraw nodes the user can
actually open, so this isn't a meaningful escalation.
Also wire `udevadm control --reload && udevadm trigger` into the etc
deploy script so rule changes apply without a reboot or replug.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Shokz OpenMeet dongle (3511:2EF2) emits KEY_POWER on USB
enumeration and on headset power transitions, which logind handles
with HandlePowerKey=poweroff and immediately shuts the host down.
The previous attempt — an hwdb scancode remap of c0030 to reserved —
sets the udev property correctly but the kernel does not honor
EVIOCSKEYCODE for this device's HID consumer-page mapping (verified:
KEY_POWER 116 still appears in the evdev keymap after udevadm trigger
and libinput still reports it). Drop the hwdb file and the
systemd-hwdb hooks from the etc deploy script.
Replace with a logind drop-in that sets HandlePowerKey=ignore and
HandlePowerKeyLongPress=poweroff. Single-tap power events from any
source become no-ops; a 5s hold still shuts the machine down, so the
real hardware-power-button safety net is preserved. Add a HUP to
systemd-logind in the deploy script so the change takes effect
without restarting the daemon.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous /etc/udev/rules.d/80-shokz-blacklist.rules deauthorized the
entire usbhid interface for the Shokz OpenMeet dongle (3511:2EF2) to stop
the host from powering off when the headset is turned off. That also
killed mic-mute, volume, and media keys on the same HID Consumer Control
node.
Replace it with a narrow hwdb override that remaps just the offending
scancode (Consumer page Power, c0030 -> KEY_POWER) to reserved on that
specific vendor/product. KEY_MUTE / volume / media keys keep working.
Add 'systemd-hwdb update' + an input-subsystem udevadm trigger to the
etc deploy hook so new hwdb files take effect immediately.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
base-devel hard-depends on the sudo package, so without help, pacman
refuses to remove it. The Arch-native fix is pacman.conf's
AssumeInstalled directive: tell pacman to pretend a virtual
sudo=99.0 is installed and base-devel's dep is satisfied without
actually pulling sudo in.
- etc/pacman.conf: AssumeInstalled = sudo=99.0
- bootstrap.sh: after 'just init' (which writes the AssumeInstalled
line and installs sudo-rs), Rns the leftover sudo package so a
fresh install ends up with sudo-rs only.
Also reformat bootstrap.sh and the etc deploy script with the
project's shfmt style (-i 2 -ci -s).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
doas's one-shot password and absent 'sudo -v' kept wasting hour-long
paru AUR builds. sudo-rs is a memory-safe Rust rewrite (ISRG/Ferrous
Systems), drop-in CLI compatible, and the same one Ubuntu 25.10 ships
as default. We follow the Arch wiki 'Using sudo-rs without the sudo
package' recipe verbatim — no custom shims.
- meta/base.txt: -doas-sudo-shim +sudo-rs
- etc/sudoers-rs (mode 0440): wiki minimal config + NOPASSWD reboot/poweroff
- etc/pam.d/sudo: 4-line copy of upstream sudo's PAM file
- run_onchange_after_deploy-etc.sh.tmpl: use real sudo, deploy sudoers-rs
at 0440, create /etc/pam.d/sudo-i and /usr/local/bin/{sudo,sudoedit,
su,visudo} → sudo-rs symlinks idempotently
- delete etc/doas.conf, dot_local/bin/{doasedit,sudo}
- zshrc: drop sudo=doas/sudoedit=doasedit aliases; rewrite ss/gimme/
pacdiff/ssys to call sudo
- justfile: s/doas/sudo/g (status/diff/restore helpers)
- nvim: rename :DoasWrite → :SudoWrite (uses sudo -S)
- sway config: reboot/poweroff buttons call sudo
- bootstrap.sh: update step-5 comment
- README/KEYBINDS/copilot-instructions: flip the privesc convention
No Defaults overrides: sudo's defaults (passwd_tries=3,
timestamp_timeout=5) already fix the doas pain, and paru SudoLoop
(kept) refreshes the 5-min window via real sudo -v.
|
| |
|
|
|
|
|
| |
lsblk without -d lists the partition AND its children, so on a LUKS
setup the second line (the mapper's UUID) was leaking into the
rendered cmdline and deploy script. Add -d so only the partition's
own UUID is emitted.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prompt once at 'chezmoi init' time for the LUKS root partition (e.g.
nvme0n1p2) and store it under [data].luksRootPartition in the per-machine
chezmoi config. etc/kernel/cmdline.tmpl resolves the UUID at apply time
via lsblk, so reinstalls only require re-entering the partition name.
The etc deploy script now renders *.tmpl sources through
'chezmoi execute-template' and installs them without the suffix. The
resolved UUID is folded into the onchange hash so the script re-runs
when the UUID changes even if etc/ content is unchanged.
just etc-status/diff transparently handle .tmpl sources (strip suffix
for the live-path mapping, render before diffing). etc-re-add skips
.tmpl files since template sources can't be reverse-rendered from the
live file.
|
| |
|
|
|
|
|
|
|
|
|
| |
- `just etc-drift` reports /etc files modified from pacman defaults
(via pacman -Qii) and user-created files (via pacman -Qo), subtracting
already-managed paths and patterns listed in etc/.ignore.
- Refactor run_onchange_after_deploy-etc.sh.tmpl to enumerate files under
etc/ automatically via find; single combined hash via chezmoi output +
sha256sum, so new files only need to be dropped into etc/.
- etc/.ignore seeds noise filters: machine-id, ssh host keys, pacman
keyring, mirrorlist, shadow/passwd backups, sbctl keys, ca-certs.
|
| |
|
|
|
| |
Added to the etc/ deploy loop plus a post-copy chown/chmod to 0400
root:root since doas refuses to parse otherwise.
|
|
|
- etc2/ only existed because stow used symlinks and reflector refused
them. Chezmoi copies files, so no reason to keep them separate.
- Run scripts are now .tmpl files with sha256sum hashes of deployed
files. chezmoi only re-runs them when file content actually changes,
avoiding unnecessary doas prompts on every apply.
|
sommerfeld