dotfiles - My linux config and rc files

	Commit message (Collapse)	Author	Age	Files	Lines
*	chore(thunderbird): switch flatpak app id to org.mozilla.thunderbird	sommerfeld	3 days	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Upstream marked org.mozilla.Thunderbird end-of-life. Flathub split it into two replacement IDs: org.mozilla.thunderbird monthly release channel (new default) org.mozilla.thunderbird_esr ESR / long-term-support channel Move to the lowercase monthly-release flatpak, which is what Mozilla now recommends for regular desktop users and gets features at the same cadence as Firefox. Renamed references in: * meta/flatpak.txt - the package list the user installs from * meta/base.txt - comment in the mail-bits section * dot_config/sway/config - window-match app_id rule for marking * dot_config/mimeapps.list - mailto/ics/webcal handler .desktop names * run_onchange_after_deploy-thunderbird.sh.tmpl - profile path under ~/.var/app/<id>/.thunderbird/ * run_onchange_after_deploy-tb-eer.sh.tmpl - flatpak override target and sandbox path for External Editor Revived bridge * run_onchange_after_deploy-pteid-pkcs11.sh.tmpl - Mozilla-family flatpak NSS DB registration list * README.md - doc snippets and xdg-mime example On-host migration: flatpak install -y flathub org.mozilla.thunderbird # Preserve accounts, OpenPGP keys, calendars, EER bridge wrapper: mv ~/.var/app/org.mozilla.Thunderbird ~/.var/app/org.mozilla.thunderbird flatpak uninstall -y org.mozilla.Thunderbird chezmoi apply -v update-desktop-database ~/.local/share/applications 2>/dev/null \|\| true Verify mail handler: xdg-mime query default x-scheme-handler/mailto # -> org.mozilla.thunderbird.desktop
*	feat(pteid): bridge cartão de cidadão into Okular and LibreOffice flatpaks	sommerfeld	2026-05-13	1	-35/+53
\| \| \| \| \| \| \| \| \| \| \| \|	Both apps support digital signatures via NSS — Okular through Poppler, LibreOffice natively. Extend the pteid bridge to also register libpteidpkcs11.so in their per-flatpak ~/.pki/nssdb (single shared DB, unlike Mozilla's per-profile model). Refactored the script around two helpers (apply_override, register_in_profile) and two app tables (MOZILLA_APPS for per-profile, SHARED_NSS_APPS for single-DB). register_in_profile auto-creates the NSS DB with certutil -N if missing, since neither Okular nor LibreOffice initialise it on first run.
*	feat(thunderbird): migrate to flatpak with NMH + PKCS#11 bridges	sommerfeld	2026-05-13	1	-26/+35
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Move Thunderbird from native pacman to org.mozilla.Thunderbird flatpak, mirroring the LibreWolf migration. Bubblewrap isolates the mail client from the rest of $HOME (ssh keys, password store, gpg sockets); intra-process isolation regression is real but minor (same tradeoff as the browser). Three cross-sandbox glue points handled in repo: - run_onchange_after_deploy-thunderbird.sh.tmpl: profile path moves from ~/.thunderbird to ~/.var/app/org.mozilla.Thunderbird/.thunderbird - run_onchange_after_deploy-pteid-pkcs11.sh.tmpl: refactored to iterate over (LibreWolf, Thunderbird) instead of hard-coding LibreWolf, so cartão de cidadão signing/encryption works for S/MIME in TB - run_onchange_after_deploy-tb-eer.sh.tmpl (new): bridges external-editor-revived's native messaging host into the sandbox via a flatpak-spawn --host wrapper + relocated manifest Other surfaces (Bridge, Radicale, libsecret, mako, OpenPGP) are covered by Flathub default permissions. Manual one-shot migration on host (after pulling + just sync): close TB, copy ~/.thunderbird/. into ~/.var/app/org.mozilla.Thunderbird/.thunderbird/, chezmoi apply -v, then xdg-mime default org.mozilla.Thunderbird.desktop x-scheme-handler/mailto. Once verified working, archive the old profile via mv ~/.thunderbird ~/.thunderbird.pre-flatpak.bak.
*	feat(pteid): bridge PKCS#11 into LibreWolf flatpak	sommerfeld	2026-05-13	1	-0/+62
	Cartão de cidadão web authentication needs the libpteidpkcs11.so module loaded into LibreWolf's NSS database. With both apps now sandboxed in separate flatpaks, neither can see the other by default. Add a chezmoi onchange script that, when both flatpaks are installed: - Resolves the pt.gov.autenticacao install dir + .so path on the host - Grants LibreWolf flatpak read-only filesystem access to that dir, --socket=pcsc, and an LD_LIBRARY_PATH so the bundled deps (libxerces, libcjose, etc.) resolve at dlopen time - Registers the module in each LibreWolf NSS profile via modutil, with the path rewritten to /run/host/... as seen from inside the sandbox - Skips silently when LibreWolf is running (modutil would corrupt the DB) Hash gate includes the pt.gov.autenticacao line from meta/flatpak.txt so the override + registration auto-refresh on bundle bumps. Idempotent. Also explicit pcsc-lite + ccid in meta/extra.txt — they were transitive deps of the removed autenticacao-gov-pt-bin AUR package; pcscd.socket in systemd-units/system/base.txt would otherwise fail to activate.