From b309851423301098aea8cca106cca7483c8442b4 Mon Sep 17 00:00:00 2001 From: David Aizenberg Date: Tue, 9 Dec 2025 13:23:23 +0100 Subject: [PATCH] sync --- .chezmoi.toml.tmpl | 7 ++++ .../run_once_setup-vpn-sudoers.sh.tmpl | 32 +++++++++++++++++++ .../bin/executable_audio-sink-cycle} | 0 .../bin/executable_hypr-expo} | 0 .../bin/executable_screenshot} | 0 .../bin/executable_vpn-helper} | 0 .../bin/executable_vpn-status} | 0 .../bin/executable_vpn-switcher.tmpl} | 16 +++++----- .../bin/executable_workspace-pin.tmpl} | 2 +- .../hypr/hypridle.conf.tmpl | 2 +- .../hypr/hyprland.conf.tmpl | 10 +++--- .../waybar/config.jsonc.tmpl | 8 ++--- legacy/shell/.bashrc | 20 ++++++------ legacy/shell/.zshrc | 10 +++--- 14 files changed, 73 insertions(+), 34 deletions(-) create mode 100644 home/.chezmoiscripts/run_once_setup-vpn-sudoers.sh.tmpl rename home/{private_dot_config/hypr/scripts/executable_scroll-audio-sink.sh => dot_local/bin/executable_audio-sink-cycle} (100%) rename home/{private_dot_config/hypr/scripts/executable_toggle_expo_on_primary.sh => dot_local/bin/executable_hypr-expo} (100%) rename home/{private_dot_config/hypr/scripts/executable_screenshot.sh => dot_local/bin/executable_screenshot} (100%) rename home/{private_dot_config/hypr/scripts/executable_vpn-switcher-helper.sh => dot_local/bin/executable_vpn-helper} (100%) rename home/{private_dot_config/waybar/scripts/executable_vpn-status.sh => dot_local/bin/executable_vpn-status} (100%) rename home/{private_dot_config/hypr/scripts/executable_vpn-switcher.sh.tmpl => dot_local/bin/executable_vpn-switcher.tmpl} (94%) rename home/{private_dot_config/hypr/scripts/executable_workspace-pin.sh => dot_local/bin/executable_workspace-pin.tmpl} (98%) diff --git a/.chezmoi.toml.tmpl b/.chezmoi.toml.tmpl index f0a1a44..db5354d 100644 --- a/.chezmoi.toml.tmpl +++ b/.chezmoi.toml.tmpl @@ -29,11 +29,18 @@ {{- $secretsPath = "~/secrets" -}} {{- end -}} +{{- /* Prompt for workspace PIN */ -}} +{{- $workspacePin := promptStringOnce . "workspacePin" "Workspace PIN (for protected workspaces) [1234]" -}} +{{- if eq $workspacePin "" -}} +{{- $workspacePin = "1234" -}} +{{- end -}} + [data] deviceProfile = {{ $deviceProfile | quote }} hostname = {{ $hostname | quote }} distro = {{ $distro | quote }} secretsPath = {{ $secretsPath | quote }} + workspacePin = {{ $workspacePin | quote }} # Device-specific configuration {{- if eq $deviceProfile "desktop" }} diff --git a/home/.chezmoiscripts/run_once_setup-vpn-sudoers.sh.tmpl b/home/.chezmoiscripts/run_once_setup-vpn-sudoers.sh.tmpl new file mode 100644 index 0000000..2941564 --- /dev/null +++ b/home/.chezmoiscripts/run_once_setup-vpn-sudoers.sh.tmpl @@ -0,0 +1,32 @@ +#!/bin/bash +# Setup sudoers rule for vpn-helper (passwordless VPN switching) + +SUDOERS_FILE="/etc/sudoers.d/vpn-helper" +HELPER_PATH="{{ .chezmoi.homeDir }}/.local/bin/vpn-helper" +USER="{{ .chezmoi.username }}" + +# Check if rule already exists +if [ -f "$SUDOERS_FILE" ] && grep -q "$HELPER_PATH" "$SUDOERS_FILE" 2>/dev/null; then + echo "Sudoers rule for vpn-helper already exists" + exit 0 +fi + +echo "Setting up sudoers rule for vpn-helper..." +echo "This will allow running VPN commands without password prompts." +echo "" + +# Create the sudoers rule +RULE="$USER ALL=(ALL) NOPASSWD: $HELPER_PATH" + +# Use sudo to write the rule +echo "$RULE" | sudo tee "$SUDOERS_FILE" > /dev/null +sudo chmod 440 "$SUDOERS_FILE" + +# Validate the sudoers file +if sudo visudo -c -f "$SUDOERS_FILE" > /dev/null 2>&1; then + echo "Sudoers rule installed successfully" +else + echo "Error: Invalid sudoers file, removing..." + sudo rm -f "$SUDOERS_FILE" + exit 1 +fi diff --git a/home/private_dot_config/hypr/scripts/executable_scroll-audio-sink.sh b/home/dot_local/bin/executable_audio-sink-cycle similarity index 100% rename from home/private_dot_config/hypr/scripts/executable_scroll-audio-sink.sh rename to home/dot_local/bin/executable_audio-sink-cycle diff --git a/home/private_dot_config/hypr/scripts/executable_toggle_expo_on_primary.sh b/home/dot_local/bin/executable_hypr-expo similarity index 100% rename from home/private_dot_config/hypr/scripts/executable_toggle_expo_on_primary.sh rename to home/dot_local/bin/executable_hypr-expo diff --git a/home/private_dot_config/hypr/scripts/executable_screenshot.sh b/home/dot_local/bin/executable_screenshot similarity index 100% rename from home/private_dot_config/hypr/scripts/executable_screenshot.sh rename to home/dot_local/bin/executable_screenshot diff --git a/home/private_dot_config/hypr/scripts/executable_vpn-switcher-helper.sh b/home/dot_local/bin/executable_vpn-helper similarity index 100% rename from home/private_dot_config/hypr/scripts/executable_vpn-switcher-helper.sh rename to home/dot_local/bin/executable_vpn-helper diff --git a/home/private_dot_config/waybar/scripts/executable_vpn-status.sh b/home/dot_local/bin/executable_vpn-status similarity index 100% rename from home/private_dot_config/waybar/scripts/executable_vpn-status.sh rename to home/dot_local/bin/executable_vpn-status diff --git a/home/private_dot_config/hypr/scripts/executable_vpn-switcher.sh.tmpl b/home/dot_local/bin/executable_vpn-switcher.tmpl similarity index 94% rename from home/private_dot_config/hypr/scripts/executable_vpn-switcher.sh.tmpl rename to home/dot_local/bin/executable_vpn-switcher.tmpl index 2e698d9..1da30a6 100644 --- a/home/private_dot_config/hypr/scripts/executable_vpn-switcher.sh.tmpl +++ b/home/dot_local/bin/executable_vpn-switcher.tmpl @@ -6,7 +6,7 @@ import os # Secrets directory - configurable via chezmoi SECRETS_DIR = os.path.expanduser("{{ .secretsPath }}") VPN_DIR = os.path.join(SECRETS_DIR, "vpn") if os.path.isdir(os.path.join(os.path.expanduser("{{ .secretsPath }}"), "vpn")) else os.path.expanduser("~/cfg/vpn") -HELPER = os.path.expanduser("~/.config/hypr/scripts/vpn-switcher-helper.sh") +HELPER = os.path.expanduser("~/.local/bin/vpn-helper") WOFI_CMD = ["wofi", "--dmenu", "--width", "450", "--height", "350", "--prompt", "VPN Switcher", "--cache-file", "/dev/null"] def run(cmd, check=False): @@ -137,18 +137,18 @@ def build_menu(): return "\n".join(lines) -def pkexec_helper(action, arg): - """Run helper script via pkexec.""" - subprocess.run(["pkexec", HELPER, action, arg], capture_output=True) +def sudo_helper(action, arg): + """Run helper script via sudo (configured for NOPASSWD).""" + subprocess.run(["sudo", HELPER, action, arg], capture_output=True) def disconnect_all_wg(): """Disconnect all WireGuard interfaces.""" for iface in get_active_wg(): conf_path = os.path.join(VPN_DIR, f"{iface}.conf") if os.path.exists(conf_path): - pkexec_helper("wg-down", conf_path) + sudo_helper("wg-down", conf_path) else: - pkexec_helper("wg-down", iface) + sudo_helper("wg-down", iface) def handle_selection(selection): """Handle the user's menu selection.""" @@ -173,7 +173,7 @@ def handle_selection(selection): if name in active_wg: # Turn off conf_path = os.path.join(VPN_DIR, f"{name}.conf") - pkexec_helper("wg-down", conf_path) + sudo_helper("wg-down", conf_path) notify(f"WireGuard: {name} disconnected") else: # Turn on (disable others first) @@ -181,7 +181,7 @@ def handle_selection(selection): if is_tailscale_up(): run(["tailscale", "set", "--exit-node="]) conf_path = os.path.join(VPN_DIR, f"{name}.conf") - pkexec_helper("wg-up", conf_path) + sudo_helper("wg-up", conf_path) notify(f"WireGuard: {name} connected") return diff --git a/home/private_dot_config/hypr/scripts/executable_workspace-pin.sh b/home/dot_local/bin/executable_workspace-pin.tmpl similarity index 98% rename from home/private_dot_config/hypr/scripts/executable_workspace-pin.sh rename to home/dot_local/bin/executable_workspace-pin.tmpl index 1d8d3cb..2588933 100644 --- a/home/private_dot_config/hypr/scripts/executable_workspace-pin.sh +++ b/home/dot_local/bin/executable_workspace-pin.tmpl @@ -2,7 +2,7 @@ # Configuration WORKSPACE=$1 -CORRECT_PIN="1234" +CORRECT_PIN="{{ .workspacePin }}" LOG_FILE="$HOME/.workspace_access_log" # Fuzzel colors - Nord theme diff --git a/home/private_dot_config/hypr/hypridle.conf.tmpl b/home/private_dot_config/hypr/hypridle.conf.tmpl index d2499b5..330bcab 100644 --- a/home/private_dot_config/hypr/hypridle.conf.tmpl +++ b/home/private_dot_config/hypr/hypridle.conf.tmpl @@ -3,7 +3,7 @@ # Idle timeout: {{ .idleTimeout }} seconds general { - lock_cmd = pidof hyprlock || hyprlock + lock_cmd = hyprctl switchxkblayout all 0; pidof hyprlock || hyprlock before_sleep_cmd = loginctl lock-session after_sleep_cmd = hyprctl dispatch dpms on } diff --git a/home/private_dot_config/hypr/hyprland.conf.tmpl b/home/private_dot_config/hypr/hyprland.conf.tmpl index e827154..1a08992 100644 --- a/home/private_dot_config/hypr/hyprland.conf.tmpl +++ b/home/private_dot_config/hypr/hyprland.conf.tmpl @@ -181,17 +181,17 @@ bind = SUPER, bracketleft, exec, ~/Scripts/change_wallpaper.sh prev bind = $mainMod, Q, exec, $terminal bind = $mainMod, K, killactive, bind = $mainMod, M, exit, -bind = $mainMod, E, exec, ~/.config/hypr/scripts/toggle_expo_on_primary.sh +bind = $mainMod, E, exec, ~/.local/bin/hypr-expo bind = $mainMod, V, togglefloating, bind = $mainMod, R, exec, $menu bind = $mainMod SHIFT, R, exec, hyprctl reload bind = $mainMod, P, pseudo, bind = $mainMod, J, togglesplit, -bind = $mainMod, L, exec, pactl set-sink-mute @DEFAULT_SINK@ 1 && hyprlock +bind = $mainMod, L, exec, hyprctl switchxkblayout all 0 && pactl set-sink-mute @DEFAULT_SINK@ 1 && hyprlock bind = $mainMod, t, togglegroup # VPN switcher -bind = , F6, exec, ~/.config/hypr/scripts/vpn-switcher.sh +bind = , F6, exec, ~/.local/bin/vpn-switcher # Move focus with mainMod + arrow keys bind = $mainMod, left, movefocus, l @@ -211,7 +211,7 @@ bind = $mainMod, 8, workspace, 8 bind = $mainMod, 9, workspace, 9 # Special workspaces -bind = SUPER, F12, exec, ~/.config/hypr/scripts/workspace-pin.sh 1337 +bind = SUPER, F12, exec, ~/.local/bin/workspace-pin 1337 bind = , F12, togglespecialworkspace, org bind = SUPER, A, togglespecialworkspace, org bind = SUPER SHIFT, F12, movetoworkspace, special:org @@ -237,7 +237,7 @@ bind = $mainMod SHIFT, 9, movetoworkspacesilent, 9 bind = $mainMod SHIFT, 0, movetoworkspacesilent, 10 # Screenshot (selection, copies to clipboard) -bind = , Print, exec, ~/.config/hypr/scripts/screenshot.sh +bind = , Print, exec, ~/.local/bin/screenshot # Scroll through existing workspaces bind = $mainMod, mouse_down, workspace, e+1 diff --git a/home/private_dot_config/waybar/config.jsonc.tmpl b/home/private_dot_config/waybar/config.jsonc.tmpl index bdbe820..612c9b7 100644 --- a/home/private_dot_config/waybar/config.jsonc.tmpl +++ b/home/private_dot_config/waybar/config.jsonc.tmpl @@ -62,8 +62,8 @@ "format-muted": "VOL muted", "on-click": "pavucontrol -t 3", "on-click-right": "pactl set-sink-mute @DEFAULT_SINK@ toggle", - "on-scroll-up": "~/.config/hypr/scripts/scroll-audio-sink.sh up", - "on-scroll-down": "~/.config/hypr/scripts/scroll-audio-sink.sh down" + "on-scroll-up": "~/.local/bin/audio-sink-cycle up", + "on-scroll-down": "~/.local/bin/audio-sink-cycle down" }, "pulseaudio#mic": { @@ -116,9 +116,9 @@ "tray": { "spacing": 4 }, "custom/vpn": { - "exec": "~/.config/waybar/scripts/vpn-status.sh", + "exec": "~/.local/bin/vpn-status", "return-type": "json", "interval": 5, - "on-click": "~/.config/hypr/scripts/vpn-switcher.sh" + "on-click": "~/.local/bin/vpn-switcher" } } diff --git a/legacy/shell/.bashrc b/legacy/shell/.bashrc index 9707df3..f84e6de 100644 --- a/legacy/shell/.bashrc +++ b/legacy/shell/.bashrc @@ -158,16 +158,16 @@ echo -e "\033]11;#000000\a" # >>> mamba initialize >>> # !! Contents within this block are managed by 'mamba init' !! -export MAMBA_EXE="/home/neo/.micromamba/bin/micromamba"; -export MAMBA_ROOT_PREFIX="/home/neo/micromamba"; -__mamba_setup="$('/home/neo/.micromamba/bin/micromamba' shell hook --shell bash --prefix '/home/neo/micromamba' 2> /dev/null)" +export MAMBA_EXE="$HOME/.micromamba/bin/micromamba"; +export MAMBA_ROOT_PREFIX="$HOME/micromamba"; +__mamba_setup="$('$HOME/.micromamba/bin/micromamba' shell hook --shell bash --prefix '$HOME/micromamba' 2> /dev/null)" if [ $? -eq 0 ]; then eval "$__mamba_setup" else - if [ -f "/home/neo/micromamba/etc/profile.d/micromamba.sh" ]; then - . "/home/neo/micromamba/etc/profile.d/micromamba.sh" + if [ -f "$HOME/micromamba/etc/profile.d/micromamba.sh" ]; then + . "$HOME/micromamba/etc/profile.d/micromamba.sh" else - export PATH="/home/neo/micromamba/bin:$PATH" # extra space after export prevents interference from conda init + export PATH="$HOME/micromamba/bin:$PATH" # extra space after export prevents interference from conda init fi fi unset __mamba_setup @@ -175,14 +175,14 @@ unset __mamba_setup # >>> conda initialize >>> # !! Contents within this block are managed by 'conda init' !! -__conda_setup="$('/home/neo/micromamba/bin/conda' 'shell.bash' 'hook' 2> /dev/null)" +__conda_setup="$('$HOME/micromamba/bin/conda' 'shell.bash' 'hook' 2> /dev/null)" if [ $? -eq 0 ]; then eval "$__conda_setup" else - if [ -f "/home/neo/micromamba/etc/profile.d/conda.sh" ]; then - . "/home/neo/micromamba/etc/profile.d/conda.sh" + if [ -f "$HOME/micromamba/etc/profile.d/conda.sh" ]; then + . "$HOME/micromamba/etc/profile.d/conda.sh" else - export PATH="/home/neo/micromamba/bin:$PATH" + export PATH="$HOME/micromamba/bin:$PATH" fi fi unset __conda_setup diff --git a/legacy/shell/.zshrc b/legacy/shell/.zshrc index 3809b30..5852af5 100644 --- a/legacy/shell/.zshrc +++ b/legacy/shell/.zshrc @@ -35,7 +35,7 @@ alias did="vim +'normal Go' +'r!date' ~/did.txt" alias genpass="apg -a 1 -M lnc -n 9 -m 26" export GOPATH=$HOME/go -PATH=$GOPATH/bin:/home/neo/mongoClient::$PATH +PATH=$GOPATH/bin:$HOME/mongoClient::$PATH source /etc/profile.d/go.sh source ~/.private.env @@ -159,14 +159,14 @@ eval "$(scw autocomplete script shell=zsh)" # >>> conda initialize >>> # !! Contents within this block are managed by 'conda init' !! -__conda_setup="$('/home/neo/micromamba/bin/conda' 'shell.zsh' 'hook' 2> /dev/null)" +__conda_setup="$('$HOME/micromamba/bin/conda' 'shell.zsh' 'hook' 2> /dev/null)" if [ $? -eq 0 ]; then eval "$__conda_setup" else - if [ -f "/home/neo/micromamba/etc/profile.d/conda.sh" ]; then - . "/home/neo/micromamba/etc/profile.d/conda.sh" + if [ -f "$HOME/micromamba/etc/profile.d/conda.sh" ]; then + . "$HOME/micromamba/etc/profile.d/conda.sh" else - export PATH="/home/neo/micromamba/bin:$PATH" + export PATH="$HOME/micromamba/bin:$PATH" fi fi unset __conda_setup