sync

.chezmoi.toml.tmpl

@@ -29,11 +29,18 @@
 {{-   $secretsPath = "~/secrets" -}}
 {{- end -}}
 
+{{- /* Prompt for workspace PIN */ -}}
+{{- $workspacePin := promptStringOnce . "workspacePin" "Workspace PIN (for protected workspaces) [1234]" -}}
+{{- if eq $workspacePin "" -}}
+{{-   $workspacePin = "1234" -}}
+{{- end -}}
+
 [data]
     deviceProfile = {{ $deviceProfile | quote }}
     hostname = {{ $hostname | quote }}
     distro = {{ $distro | quote }}
     secretsPath = {{ $secretsPath | quote }}
+    workspacePin = {{ $workspacePin | quote }}
 
     # Device-specific configuration
     {{- if eq $deviceProfile "desktop" }}

home/.chezmoiscripts/run_once_setup-vpn-sudoers.sh.tmpl

@@ -0,0 +1,32 @@
+#!/bin/bash
+# Setup sudoers rule for vpn-helper (passwordless VPN switching)
+
+SUDOERS_FILE="/etc/sudoers.d/vpn-helper"
+HELPER_PATH="{{ .chezmoi.homeDir }}/.local/bin/vpn-helper"
+USER="{{ .chezmoi.username }}"
+
+# Check if rule already exists
+if [ -f "$SUDOERS_FILE" ] && grep -q "$HELPER_PATH" "$SUDOERS_FILE" 2>/dev/null; then
+    echo "Sudoers rule for vpn-helper already exists"
+    exit 0
+fi
+
+echo "Setting up sudoers rule for vpn-helper..."
+echo "This will allow running VPN commands without password prompts."
+echo ""
+
+# Create the sudoers rule
+RULE="$USER ALL=(ALL) NOPASSWD: $HELPER_PATH"
+
+# Use sudo to write the rule
+echo "$RULE" | sudo tee "$SUDOERS_FILE" > /dev/null
+sudo chmod 440 "$SUDOERS_FILE"
+
+# Validate the sudoers file
+if sudo visudo -c -f "$SUDOERS_FILE" > /dev/null 2>&1; then
+    echo "Sudoers rule installed successfully"
+else
+    echo "Error: Invalid sudoers file, removing..."
+    sudo rm -f "$SUDOERS_FILE"
+    exit 1
+fi

home/dot_local/bin/executable_vpn-switcher.tmpl

@@ -6,7 +6,7 @@ import os
 # Secrets directory - configurable via chezmoi
 SECRETS_DIR = os.path.expanduser("{{ .secretsPath }}")
 VPN_DIR = os.path.join(SECRETS_DIR, "vpn") if os.path.isdir(os.path.join(os.path.expanduser("{{ .secretsPath }}"), "vpn")) else os.path.expanduser("~/cfg/vpn")
-HELPER = os.path.expanduser("~/.config/hypr/scripts/vpn-switcher-helper.sh")
+HELPER = os.path.expanduser("~/.local/bin/vpn-helper")
 WOFI_CMD = ["wofi", "--dmenu", "--width", "450", "--height", "350", "--prompt", "VPN Switcher", "--cache-file", "/dev/null"]
 
 def run(cmd, check=False):
@@ -137,18 +137,18 @@ def build_menu():
 
     return "\n".join(lines)
 
-def pkexec_helper(action, arg):
-    """Run helper script via pkexec."""
-    subprocess.run(["pkexec", HELPER, action, arg], capture_output=True)
+def sudo_helper(action, arg):
+    """Run helper script via sudo (configured for NOPASSWD)."""
+    subprocess.run(["sudo", HELPER, action, arg], capture_output=True)
 
 def disconnect_all_wg():
     """Disconnect all WireGuard interfaces."""
     for iface in get_active_wg():
         conf_path = os.path.join(VPN_DIR, f"{iface}.conf")
         if os.path.exists(conf_path):
-            pkexec_helper("wg-down", conf_path)
+            sudo_helper("wg-down", conf_path)
         else:
-            pkexec_helper("wg-down", iface)
+            sudo_helper("wg-down", iface)
 
 def handle_selection(selection):
     """Handle the user's menu selection."""
@@ -173,7 +173,7 @@ def handle_selection(selection):
             if name in active_wg:
                 # Turn off
                 conf_path = os.path.join(VPN_DIR, f"{name}.conf")
-                pkexec_helper("wg-down", conf_path)
+                sudo_helper("wg-down", conf_path)
                 notify(f"WireGuard: {name} disconnected")
             else:
                 # Turn on (disable others first)
@@ -181,7 +181,7 @@ def handle_selection(selection):
                 if is_tailscale_up():
                     run(["tailscale", "set", "--exit-node="])
                 conf_path = os.path.join(VPN_DIR, f"{name}.conf")
-                pkexec_helper("wg-up", conf_path)
+                sudo_helper("wg-up", conf_path)
                 notify(f"WireGuard: {name} connected")
             return
 

home/dot_local/bin/executable_workspace-pin.tmpl

@@ -2,7 +2,7 @@
 
 # Configuration
 WORKSPACE=$1
-CORRECT_PIN="1234"
+CORRECT_PIN="{{ .workspacePin }}"
 LOG_FILE="$HOME/.workspace_access_log"
 
 # Fuzzel colors - Nord theme

home/private_dot_config/hypr/hypridle.conf.tmpl

@@ -3,7 +3,7 @@
 # Idle timeout: {{ .idleTimeout }} seconds
 
 general {
-    lock_cmd = pidof hyprlock || hyprlock
+    lock_cmd = hyprctl switchxkblayout all 0; pidof hyprlock || hyprlock
     before_sleep_cmd = loginctl lock-session
     after_sleep_cmd = hyprctl dispatch dpms on
 }

home/private_dot_config/hypr/hyprland.conf.tmpl

@@ -181,17 +181,17 @@ bind = SUPER, bracketleft, exec, ~/Scripts/change_wallpaper.sh prev
 bind = $mainMod, Q, exec, $terminal
 bind = $mainMod, K, killactive,
 bind = $mainMod, M, exit,
-bind = $mainMod, E, exec, ~/.config/hypr/scripts/toggle_expo_on_primary.sh
+bind = $mainMod, E, exec, ~/.local/bin/hypr-expo
 bind = $mainMod, V, togglefloating,
 bind = $mainMod, R, exec, $menu
 bind = $mainMod SHIFT, R, exec, hyprctl reload
 bind = $mainMod, P, pseudo,
 bind = $mainMod, J, togglesplit,
-bind = $mainMod, L, exec, pactl set-sink-mute @DEFAULT_SINK@ 1 && hyprlock
+bind = $mainMod, L, exec, hyprctl switchxkblayout all 0 && pactl set-sink-mute @DEFAULT_SINK@ 1 && hyprlock
 bind = $mainMod, t, togglegroup
 
 # VPN switcher
-bind = , F6, exec, ~/.config/hypr/scripts/vpn-switcher.sh
+bind = , F6, exec, ~/.local/bin/vpn-switcher
 
 # Move focus with mainMod + arrow keys
 bind = $mainMod, left, movefocus, l
@@ -211,7 +211,7 @@ bind = $mainMod, 8, workspace, 8
 bind = $mainMod, 9, workspace, 9
 
 # Special workspaces
-bind = SUPER, F12, exec, ~/.config/hypr/scripts/workspace-pin.sh 1337
+bind = SUPER, F12, exec, ~/.local/bin/workspace-pin 1337
 bind = , F12, togglespecialworkspace, org
 bind = SUPER, A, togglespecialworkspace, org
 bind = SUPER SHIFT, F12, movetoworkspace, special:org
@@ -237,7 +237,7 @@ bind = $mainMod SHIFT, 9, movetoworkspacesilent, 9
 bind = $mainMod SHIFT, 0, movetoworkspacesilent, 10
 
 # Screenshot (selection, copies to clipboard)
-bind = , Print, exec, ~/.config/hypr/scripts/screenshot.sh
+bind = , Print, exec, ~/.local/bin/screenshot
 
 # Scroll through existing workspaces
 bind = $mainMod, mouse_down, workspace, e+1

home/private_dot_config/waybar/config.jsonc.tmpl

@@ -62,8 +62,8 @@
     "format-muted": "VOL muted",
     "on-click": "pavucontrol -t 3",
     "on-click-right": "pactl set-sink-mute @DEFAULT_SINK@ toggle",
-    "on-scroll-up": "~/.config/hypr/scripts/scroll-audio-sink.sh up",
-    "on-scroll-down": "~/.config/hypr/scripts/scroll-audio-sink.sh down"
+    "on-scroll-up": "~/.local/bin/audio-sink-cycle up",
+    "on-scroll-down": "~/.local/bin/audio-sink-cycle down"
   },
 
   "pulseaudio#mic": {
@@ -116,9 +116,9 @@
   "tray": { "spacing": 4 },
 
   "custom/vpn": {
-    "exec": "~/.config/waybar/scripts/vpn-status.sh",
+    "exec": "~/.local/bin/vpn-status",
     "return-type": "json",
     "interval": 5,
-    "on-click": "~/.config/hypr/scripts/vpn-switcher.sh"
+    "on-click": "~/.local/bin/vpn-switcher"
   }
 }

legacy/shell/.bashrc

@@ -158,16 +158,16 @@ echo -e "\033]11;#000000\a"
 
 # >>> mamba initialize >>>
 # !! Contents within this block are managed by 'mamba init' !!
-export MAMBA_EXE="/home/neo/.micromamba/bin/micromamba";
-export MAMBA_ROOT_PREFIX="/home/neo/micromamba";
-__mamba_setup="$('/home/neo/.micromamba/bin/micromamba' shell hook --shell bash --prefix '/home/neo/micromamba' 2> /dev/null)"
+export MAMBA_EXE="$HOME/.micromamba/bin/micromamba";
+export MAMBA_ROOT_PREFIX="$HOME/micromamba";
+__mamba_setup="$('$HOME/.micromamba/bin/micromamba' shell hook --shell bash --prefix '$HOME/micromamba' 2> /dev/null)"
 if [ $? -eq 0 ]; then
     eval "$__mamba_setup"
 else
-    if [ -f "/home/neo/micromamba/etc/profile.d/micromamba.sh" ]; then
-        . "/home/neo/micromamba/etc/profile.d/micromamba.sh"
+    if [ -f "$HOME/micromamba/etc/profile.d/micromamba.sh" ]; then
+        . "$HOME/micromamba/etc/profile.d/micromamba.sh"
     else
-        export  PATH="/home/neo/micromamba/bin:$PATH"  # extra space after export prevents interference from conda init
+        export  PATH="$HOME/micromamba/bin:$PATH"  # extra space after export prevents interference from conda init
     fi
 fi
 unset __mamba_setup
@@ -175,14 +175,14 @@ unset __mamba_setup
 
 # >>> conda initialize >>>
 # !! Contents within this block are managed by 'conda init' !!
-__conda_setup="$('/home/neo/micromamba/bin/conda' 'shell.bash' 'hook' 2> /dev/null)"
+__conda_setup="$('$HOME/micromamba/bin/conda' 'shell.bash' 'hook' 2> /dev/null)"
 if [ $? -eq 0 ]; then
     eval "$__conda_setup"
 else
-    if [ -f "/home/neo/micromamba/etc/profile.d/conda.sh" ]; then
-        . "/home/neo/micromamba/etc/profile.d/conda.sh"
+    if [ -f "$HOME/micromamba/etc/profile.d/conda.sh" ]; then
+        . "$HOME/micromamba/etc/profile.d/conda.sh"
     else
-        export PATH="/home/neo/micromamba/bin:$PATH"
+        export PATH="$HOME/micromamba/bin:$PATH"
     fi
 fi
 unset __conda_setup

legacy/shell/.zshrc

@@ -35,7 +35,7 @@ alias did="vim +'normal Go' +'r!date' ~/did.txt"
 alias genpass="apg -a 1 -M lnc -n 9 -m 26"
 
 export GOPATH=$HOME/go
-PATH=$GOPATH/bin:/home/neo/mongoClient::$PATH
+PATH=$GOPATH/bin:$HOME/mongoClient::$PATH
 
 source /etc/profile.d/go.sh
 source ~/.private.env
@@ -159,14 +159,14 @@ eval "$(scw autocomplete script shell=zsh)"
 
 # >>> conda initialize >>>
 # !! Contents within this block are managed by 'conda init' !!
-__conda_setup="$('/home/neo/micromamba/bin/conda' 'shell.zsh' 'hook' 2> /dev/null)"
+__conda_setup="$('$HOME/micromamba/bin/conda' 'shell.zsh' 'hook' 2> /dev/null)"
 if [ $? -eq 0 ]; then
     eval "$__conda_setup"
 else
-    if [ -f "/home/neo/micromamba/etc/profile.d/conda.sh" ]; then
-        . "/home/neo/micromamba/etc/profile.d/conda.sh"
+    if [ -f "$HOME/micromamba/etc/profile.d/conda.sh" ]; then
+        . "$HOME/micromamba/etc/profile.d/conda.sh"
     else
-        export PATH="/home/neo/micromamba/bin:$PATH"
+        export PATH="$HOME/micromamba/bin:$PATH"
     fi
 fi
 unset __conda_setup