From 7ad6f474634f7c359264053bf0f8e93a9bdd37b1 Mon Sep 17 00:00:00 2001 From: sommerfeld Date: Fri, 29 May 2026 11:18:13 +0100 Subject: feat(suspend): bounce snx-rs around system sleep snx-rs (Check Point VPN) doesn't notice that its tunnel died during suspend: the IKE keepalive is interrupted and the SAML cookie may expire, but the daemon happily sits on dead sockets after resume. `snxctl status` keeps reporting "Connected" while no traffic actually flows, so the user has to manually disconnect+reconnect. Install an /etc/systemd/system-sleep/ hook that stops the user-scope snx-rs.service before suspend and starts it on resume. The tunnel is left disconnected after resume; the waybar toggle (or any `snxctl connect`) re-establishes it, going through SAML only if the cached cookie has actually expired. The hook enumerates logged-in users via loginctl and skips any that don't have snx-rs.service enabled, so it's a no-op on machines that don't use the VPN. Also teach run_onchange_after_deploy-etc.sh.tmpl to install files under etc/systemd/system-sleep/ with mode 0755 (systemd ignores sleep hooks that aren't executable). --- run_onchange_after_deploy-etc.sh.tmpl | 3 +++ 1 file changed, 3 insertions(+) (limited to 'run_onchange_after_deploy-etc.sh.tmpl') diff --git a/run_onchange_after_deploy-etc.sh.tmpl b/run_onchange_after_deploy-etc.sh.tmpl index d08f989..743675a 100755 --- a/run_onchange_after_deploy-etc.sh.tmpl +++ b/run_onchange_after_deploy-etc.sh.tmpl @@ -18,6 +18,9 @@ find etc -type f ! -name .ignore | while IFS= read -r src; do etc/sudoers-rs) sudo install -D -m 0440 -o root -g root "$src" "/${src}" ;; + etc/systemd/system-sleep/*) + sudo install -D -m 0755 -o root -g root "$src" "/${src}" + ;; *) sudo install -D -m 0644 -o root -g root "$src" "/${src}" ;; -- cgit v1.3.1