From 3be68c032c864fa98ed85e54ea5af19976c55ed7 Mon Sep 17 00:00:00 2001
From: sommerfeld <sommerfeld@sommerfeld.dev>
Date: Fri, 29 May 2026 11:18:14 +0100
Subject: feat(suspend): disable system suspend until hardened kernel resume
 issue is fixed

linux-hardened wedges on resume from S3 (NVMe/i915/iwlwifi driver UAF
exposed by INIT_ON_FREE + slab hardening). Until root-caused, take
suspend off the table while keeping lock + DPMS intact.

- etc/systemd/logind.conf.d/20-no-suspend.conf: lid close, suspend
  key, hibernate key all map to 'lock'; IdleAction=ignore (swayidle
  drives DPMS+swaylock independently).
- run_onchange_after_deploy-etc.sh.tmpl: mask sleep.target,
  suspend.target, hibernate.target, hybrid-sleep.target,
  suspend-then-hibernate.target via /etc/systemd/system -> /dev/null
  symlinks. Catches 'systemctl suspend' from any source.
- dot_config/sway/config: XF86Sleep and system-mode 's' now run
  loginctl lock-session instead of systemctl suspend.
- dot_config/sway/executable_power-menu.sh: drop Suspend entry.
- KEYBINDS.md: reflect new behaviour.

To re-enable later: remove the logind drop-in + symlink loop, then
sudo systemctl daemon-reload.
---
 dot_config/sway/executable_power-menu.sh | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'dot_config/sway/executable_power-menu.sh')

diff --git a/dot_config/sway/executable_power-menu.sh b/dot_config/sway/executable_power-menu.sh
index 999259c..0a7de91 100644
--- a/dot_config/sway/executable_power-menu.sh
+++ b/dot_config/sway/executable_power-menu.sh
@@ -2,9 +2,10 @@
 # Keyboard-driven power menu via wofi --dmenu (j/k navigation).
 set -eu
 
+# Suspend entry intentionally omitted while suspend is disabled
+# system-wide. See etc/systemd/logind.conf.d/20-no-suspend.conf.
 choice=$(printf '%s\n' \
   "  Lock" \
-  "  Suspend" \
   "  Logout" \
   "  Reboot" \
   "  Poweroff" |
@@ -17,10 +18,6 @@ case "$choice" in
     playerctl -a pause
     exec swaylock -f -e -c 000000
     ;;
-  *Suspend)
-    playerctl -a pause
-    exec systemctl suspend
-    ;;
   *Logout) exec swaymsg exit ;;
   *Reboot) exec systemctl reboot ;;
   *Poweroff) exec systemctl poweroff ;;
-- 
cgit v1.3.1