From 3fc4705b6c711871a920290feef138694e72d29a Mon Sep 17 00:00:00 2001 From: sommerfeld Date: Thu, 14 May 2026 10:58:37 +0100 Subject: feat: teams autostart, llama-cpp-vulkan ignore, snxctl-chromium wrapper MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit systemd/user/teams-{sii,xsight}.service: autostart both Teams flatpak profiles on sway-session.target login. KillMode=mixed so SIGTERM hits only the wrapper process — both instances share the same flatpak app id, so killing by app id would take down the sibling instance. A 15s SIGKILL fallback covers the case where Electron tray-hides instead of quitting. Both units listed in systemd-units/user.txt. etc/pacman.conf: IgnorePkg = llama-cpp-vulkan. The AUR package rebuilds on every llama.cpp commit (multi-hour build). Update manually with `paru -S llama-cpp-vulkan` when intended. snxctl-chromium wrapper: - dot_local/share/snx-rs/bin/xdg-open: shim that flatpak-runs ungoogled-chromium, used only by snx-rs. - dot_config/systemd/user/snx-rs.service.d/10-chromium-saml.conf: drop-in prepending that dir to the daemon's PATH so snx-rs's opener-crate call to xdg-open lands in chromium, without affecting xdg-open for any other process. - dot_local/bin/snxctl-chromium: convenience wrapper that daemon-reloads and restarts snx-rs.service if the drop-in isn't yet applied, then execs `snxctl connect`. firefox/user-overrides.js: revert the dom.security.https_only_mode. upgrade_local and network.lna.local-network-to-localhost.skip-checks prefs — they didn't actually fix the SAML flow. Replaced with a comment pointing to the wrapper instead. --- dot_local/bin/executable_snxctl-chromium | 37 ++++++++++++++++++++++++++ dot_local/share/snx-rs/bin/executable_xdg-open | 11 ++++++++ 2 files changed, 48 insertions(+) create mode 100644 dot_local/bin/executable_snxctl-chromium create mode 100644 dot_local/share/snx-rs/bin/executable_xdg-open (limited to 'dot_local') diff --git a/dot_local/bin/executable_snxctl-chromium b/dot_local/bin/executable_snxctl-chromium new file mode 100644 index 0000000..d52ddfb --- /dev/null +++ b/dot_local/bin/executable_snxctl-chromium @@ -0,0 +1,37 @@ +#!/bin/sh +# snxctl-chromium: `snxctl connect` with the flatpak ungoogled-chromium as +# the SAML browser. Bypasses LibreWolf's loopback HTTPS-upgrade + LNA block +# that prevent snx-rs's 127.0.0.1:7779 SAML callback from completing. +# +# How it works +# ------------ +# A tracked drop-in +# (~/.config/systemd/user/snx-rs.service.d/10-chromium-saml.conf) prepends +# ~/.local/share/snx-rs/bin to the daemon's PATH. That directory contains +# an `xdg-open` shim that flatpak-runs ungoogled-chromium. snx-rs uses the +# `opener` crate which spawns `xdg-open` — the shim wins. +# +# This script just makes sure the daemon picks up the override (it only +# loads Environment= at start time, so a freshly-edited drop-in needs a +# daemon-reload + service restart) and then runs `snxctl connect`. +set -eu + +SERVICE=snx-rs.service + +if ! systemctl --user cat "$SERVICE" >/dev/null 2>&1; then + printf '%s: %s is not a known user unit; aborting.\n' "${0##*/}" "$SERVICE" >&2 + exit 1 +fi + +current_path=$(systemctl --user show -p Environment --value "$SERVICE") +case "$current_path" in + *"$HOME/.local/share/snx-rs/bin"*) ;; + *) + echo "${0##*/}: applying chromium SAML drop-in (daemon-reload + restart)…" >&2 + systemctl --user daemon-reload + systemctl --user restart "$SERVICE" + sleep 1 + ;; +esac + +exec snxctl connect "$@" diff --git a/dot_local/share/snx-rs/bin/executable_xdg-open b/dot_local/share/snx-rs/bin/executable_xdg-open new file mode 100644 index 0000000..5577b10 --- /dev/null +++ b/dot_local/share/snx-rs/bin/executable_xdg-open @@ -0,0 +1,11 @@ +#!/bin/sh +# xdg-open shim that hands every URL to the flatpak ungoogled-chromium. +# +# Used by snx-rs (which calls `xdg-open` via the `opener` crate) to land +# the SAML callback inside a browser that won't HTTPS-upgrade or LNA-block +# the loopback handoff to 127.0.0.1:7779. Wired up via a systemd --user +# drop-in (dot_config/systemd/user/snx-rs.service.d/10-chromium-saml.conf) +# that prepends this directory to the daemon's PATH — it does NOT shadow +# the system-wide xdg-open for any other process. +exec flatpak run io.github.ungoogled_software.ungoogled_chromium \ + --new-window "$@" -- cgit v1.3.1