From 1cb6909c24460579496a4e51c28a3bc8da346fbc Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Mon, 11 May 2026 13:45:12 -0500 Subject: chore: reorganize task list and record open-source-release notes Moved 13 completed tasks into the Resolved section. Recorded the open-source-release source audit and the dotfile-separation plan as dated subheaders under their tasks. --- todo.org | 217 ++++++++++++++++++++++++++++++++++++++------------------------- 1 file changed, 132 insertions(+), 85 deletions(-) diff --git a/todo.org b/todo.org index d6191b4..724ea2d 100644 --- a/todo.org +++ b/todo.org @@ -3,9 +3,47 @@ #+DATE: 2026-02-14 * Archsetup Open Work - -** TODO [#A] Prepare for GitHub open-source release +** DOING [#A] Separate dotfiles from archsetup +*** 2026-05-11 Mon @ 13:01:29 -0500 AI Response: Dotfile separation plan +Approach: keep =dotfiles/= committed in this repo as the working default (Craig's machines and CI keep functioning untouched), but make the *source location* a config variable. The install script learns one new conf key — =DOTFILES_REPO= / =DOTFILES_BRANCH= — and when set, clones that repo into =~/.dotfiles= and stows from there instead of from =dotfiles/= inside archsetup. The Makefile gets a =DOTFILES= override env var so the same stow targets work whether dotfiles live in-repo or elsewhere. No submodule (adds fragility for a curl|bash installer); a separate published =archsetup-dotfiles= repo is optional follow-up, not a blocker. + +1. Add conf keys to =archsetup.conf.example= under the "Git Repositories" block (after line 57): =DOTFILES_REPO= (commented, with note "leave unset to use the dotfiles bundled with archsetup"), =DOTFILES_BRANCH= (default =main=), and =DOTFILES_DIR= (target clone path, default =~/.dotfiles=). Document that a user's repo must have =common/= plus optionally =dwm/= and =hyprland/= subdirs that stow cleanly to =~=. +2. In =archsetup= lines 114-122, map =DOTFILES_REPO=/=DOTFILES_BRANCH=/=DOTFILES_DIR= to lowercase vars. At lines 136-146, leave =dotfiles_dir="$archsetup_dir/dotfiles"= as the fallback default and add =dotfiles_repo="${dotfiles_repo:-}"=. +3. In =user_customizations()= (lines 828-854): after the archsetup clone (line 838-841), branch — if =dotfiles_repo= is non-empty, =git clone --depth 1 --branch "$dotfiles_branch" "$dotfiles_repo" "$dotfiles_clone_dir"= (chown to user) and set =dotfiles_dir="$dotfiles_clone_dir"=; else keep =dotfiles_dir="$user_archsetup_dir/dotfiles"= (line 844). The stow calls at lines 847-854 stay as-is since they just =cd "$dotfiles_dir"=. Guard the hyprland stow (851) so it no-ops if the user repo has no =hyprland/= dir. +4. The waybar-battery sed block (lines 856-865) and the =git restore= step (lines 896-902) both assume Craig's exact files — wrap each in an existence check (=[[ -f "$waybar_config" ]]=, and only =git -C "$dotfiles_dir" restore .= when =dotfiles_dir= is a git repo). Right now they'd error on a foreign dotfiles tree. +5. =Makefile= line 5: change =DOTFILES := $(shell pwd)/dotfiles= to =DOTFILES ?= $(shell pwd)/dotfiles= so a user with external dotfiles runs =make stow hyprland DOTFILES=~/.dotfiles=. =reset= (line 123, =git checkout -- dotfiles/=) and =import= (writes to =$(DOTFILES)/$(DEST)=) already key off =$(DOTFILES)= except that one hardcoded path — fix line 123 to =git -C $(DOTFILES) checkout -- .=. Update the =help= text (lines 16-45) to mention the =DOTFILES== override. +6. Migration: this is purely additive. Default behavior = today's behavior, so Craig's existing machines and =make test= VMs are unaffected. Craig can later extract =dotfiles/= to =git.cjennings.net/archsetup-dotfiles= and set =DOTFILES_REPO= in his own =archsetup.conf= — but that's his choice and a separate commit; the in-repo copy stays as the canonical default. Update =CLAUDE.md= "Project Structure" + "Makefile Targets" sections to document the override. +7. Simple-UX summary to put in =archsetup.conf.example= and README: "Accept the defaults → you get the bundled dotfiles (DWM or Hyprland). Bring your own → set =DOTFILES_REPO= to your git URL; it gets cloned to =~/.dotfiles= and stowed automatically." Optional stretch: ship a tiny =dotfiles/minimal/= (bash/zsh/git/tmux only) and a conf option =DESKTOP_ENV=none= path that stows just that. + +Open questions for Craig: +- Extract =dotfiles/= to a standalone repo now, or defer? (Plan above defers — keeps it as the in-repo default.) +- Clone target: =~/.dotfiles= vs =~/code/dotfiles= vs let the user pick via =DOTFILES_DIR=? +- Should =DOTFILES_REPO= unset mean "bundled dotfiles" (proposed) or "no dotfiles at all"? +- Do you want the minimal/headless starter set (=dotfiles/minimal/=), or out of scope? +- Keep =git restore=/=git checkout= conflict-recovery behavior only when dotfiles are a git checkout, and silently skip otherwise — acceptable? + +** DOING [#A] Prepare for GitHub open-source release Remove personal info, credentials, and code quality issues before publishing. +*** 2026-05-11 Mon @ 13:01:29 -0500 AI Response: Open-source-prep source audit +Checked each subtask below against the source / git state. Bottom line: almost nothing is fully done. =LICENSE= and =README.md= were added this session (see those subtasks); the rest still stands. +- *Remove credentials and secrets from dotfiles* — NOT DONE. All five named files still tracked: =dotfiles/common/.config/.tidal-dl.token.json=, =.config/calibre/smtp.py.json=, =.config/transmission/settings.json=, =.msmtprc=, =.mbsyncrc=. =.gitignore= lists none of them; no =.example= templates exist. +- *Remove/template personal info from scripts* — PARTIALLY DONE. Repo URLs ARE config-driven (=archsetup:141-146= use =${dwm_repo:-https://git.cjennings.net/...}=, documented in =archsetup.conf.example=). Still personal: =archsetup:2-3= (email/website header), =init:8,21= (=root:welcome=), =scripts/post-install.sh:17-56= (personal repos), =scripts/gitrepos.sh= (personal remotes). +- *Remove/template personal info from dotfiles* — NOT DONE. =.gitconfig= has =c@cjennings.net=, =name = Craig Jennings=, =github user = cjennings=, =safe.directory= and employer creds; =.config/mpd/musicpd.conf= + =mpd.conf= still use =~cjennings/= / =/home/cjennings/= paths; =.ssh/config= has personal/employer hosts; =.config/yt-dlp/config:2= has =c@cjennings.net=; =hyprland.conf:3= has personal attribution. +- *Scrub git history of secrets* — NOT DONE. 275 commits; history not fresh, no filter-repo evidence. +- *Remove device-specific configuration* — NOT DONE. =archsetup:1486-1493= still creates the Logitech BRIO udev rule unconditionally; no config flag. +- *Add README.md for GitHub* — DONE (this session — initial draft, pending review). See subtask below. +- *Add LICENSE file* — DONE (this session — GPL-3). See subtask below. +- *Remove binary font files from repo* — NOT DONE. =dotfiles/common/.local/share/fonts/= still tracks 8 PragmataPro =.ttf= files, =AppleColorEmoji.ttf=, and other commercial fonts (Cartograph, MonoLisa, ComicCode, etc.). +- *Make claude-code installation optional* — NOT DONE. =archsetup:1817-1818= runs =curl -fsSL https://claude.ai/install.sh | sh= unconditionally; no flag. +- *Add input validation for username and paths* — PARTIALLY DONE. =archsetup:326-328= validates =$username= against =^[a-z][a-z0-9_]*$= (plus reserved-names check, marked DONE separately). No validation of =$source_dir= or other path vars. +- *Move battery out of waybar sysmonitor group* — NOT DONE. =dotfiles/hyprland/.config/waybar/config:27-37= still has =battery= inside =group/sysmonitor=. +- *Resolution-adaptive scratchpad sizing* — NOT DONE. No size/move windowrules for scratchpads in =hypr/conf.d=. +- *Dynamic waybar/foot config based on screen resolution* — NOT DONE. No resolution-detection/generation script. +- *Bulk shellcheck cleanup* — PARTIALLY DONE. =shellcheck archsetup= still shows 68 findings: 30×SC2329, 16×SC2174, 15×SC2024, 4×SC2086, 1 each SC2155/SC2129/SC2005. The 4 SC2086 (unquoted) are the ones a reviewer would flag — those are the priority. +- *Document testing process in README* — NOT DONE. =scripts/testing/README.org= exists but isn't the project README. (Now unblocked — root README exists.) +- *Add guard for rm -rf on constructed paths* — NOT DONE. =archsetup:236= (=rm -rf "$state_dir"=), =:474=, =:939= (=rm -rf "$build_dir"=) have no directory-exists / expected-location check. +- *Standardize boolean comparison style* — NOT DONE. Mixed: =[ "$var" = "true" ]= at =archsetup:542,544,569= vs bare =if $var;= form ~7 places elsewhere. +- *Replace eval with safer alternatives* — NOT DONE. =archsetup:442= still =if eval "$cmd" >> "$logfile" 2>&1;= in =retry_install=. *** TODO [#A] Remove credentials and secrets from dotfiles - =.config/.tidal-dl.token.json= — active Tidal API token with userId @@ -37,22 +75,17 @@ Recommend: fresh repo for GitHub (keep cjennings.net remote with full history). *** TODO [#B] Remove device-specific configuration =archsetup= lines 1458-1463: Logitech BRIO webcam udev rule — move to optional/configurable section. -*** DONE [#B] Fix unsafe sed patterns with user input -CLOSED: [2026-02-23 Sun] -Quoted =$username= in sed replacement, switched locale and wireless-regdom sed -patterns to pipe delimiter to avoid conflicts with path/encoding characters. - -*** DONE [#B] Fix unsafe heredoc variable expansion -CLOSED: [2026-02-23 Sun] -Quoted =UDEVEOF= heredoc and used placeholder + sed replacement pattern (same as hyprpm hook). - -*** TODO [#B] Add README.md for GitHub +*** DOING [#B] Add README.md for GitHub Project description, features, requirements, installation instructions, configuration guide (archsetup.conf), security considerations, contributing guidelines (or separate CONTRIBUTING.md), and license. -*** TODO [#B] Add LICENSE file -Currently no license — must choose one before open-source release. +**** 2026-05-11 Mon @ 13:01:29 -0500 AI Response: Initial README draft +Drafted =README.md= at repo root, modeled on =~/code/chime/README.org=. First pass — review and run a voice/style pass before committing. Personal info (emails, =cjennings.net= URLs, personal repo names) intentionally replaced with placeholders for the eventual public release. + +*** DOING [#B] Add LICENSE file +GPL-3 chosen. Canonical GPLv3 text added at repo root as =LICENSE= on 2026-05-11. +Follow-ups for a real GPL-3 release: add SPDX/license headers to source files (or a NOTICE), and the README already links to =LICENSE=. *** TODO [#B] Remove binary font files from repo PragmataPro and Apple Color Emoji fonts in =dotfiles/common/.local/share/fonts/=. @@ -68,6 +101,8 @@ Variables like ~$username~, ~$source_dir~, and paths are not validated. Special characters or malicious input could break the script or cause security issues. Should validate inputs match expected patterns (alphanumeric, valid paths, etc.). +cj: you can probably do this one on your own + *** TODO [#B] Move battery out of waybar sysmonitor group Battery module is inside =group/sysmonitor= which bundles cpu, temp, memory, disk, and battery together. Battery should be a standalone module in =modules-right= so it's visible on laptops without the full sysmonitor group. @@ -87,37 +122,20 @@ Reviewed 2026-01-24: ~128 warnings, mostly acceptable patterns or low-priority s - SC2174 (mkdir -p -m) - reviewed, not a practical issue - Various quoting warnings - high-priority ones already fixed Focus on warnings that matter for public code review. +cj: you can probably do this one on your own. *** TODO [#B] Document testing process in README Help future maintainers and contributors understand and modify test infrastructure. - +cj: you can probably do this on our own. *** TODO [#C] Add guard for rm -rf on constructed paths Lines 236, 466, 905: validate directory exists and is in expected location before =rm -rf=. - -*** DONE [#C] Add mountpoint check before ramdisk mount -CLOSED: [2026-02-23 Sun] -Added =mountpoint -q= guard before mount; skips with info message if already mounted. - -*** DONE [#C] Improve error handling in chained commands :chore: -CLOSED: [2026-05-07 Thu] -Line 820: three operations chained with =&&= reported as single failure. -Break into separate error-handled steps. - -*** DONE [#C] Add comments on complex logic -CLOSED: [2026-02-23 Sun] -Added comments explaining wireless region locale-to-ISO3166 mapping and -archsetup clone strategy (why symlinks need user-owned repo). - +cj: you can probably do this on your own *** TODO [#C] Standardize boolean comparison style Mixed =[ "$var" = "true" ]= vs =$var= evaluation — pick one pattern. *** TODO [#D] Replace eval with safer alternatives Line 434: =eval "$cmd"= — use arrays or direct execution. -*** DONE [#D] Validate reserved usernames -CLOSED: [2026-02-23 Sun] -Added check against list of reserved system usernames (root, bin, daemon, sys, etc.). - ** TODO [#A] Review post-archsetup laptop setup steps (velox 2026-04-10) Items discovered during velox setup that needed manual intervention after archsetup. Decide which should be automated in archsetup vs documented as post-install steps. @@ -149,17 +167,6 @@ Consider: enable syncthing service in archsetup post-install. Wallpaper daemon crashed with abort() shortly after boot. Hyprland also coredumped at same time. May be a race condition. Restarting awww-daemon fixed it. Monitor for recurrence. -*** DONE Review: Hyprland conf.d source ordering :chore: -CLOSED: [2026-05-07 Thu] -~source = $HOME/.config/hypr/conf.d/*.conf~ was at top of hyprland.conf (line 9). -Machine-local overrides (gaps, monitor scale) were overwritten by defaults later in the file. -Fixed by moving source line to end of file. Update stowed hyprland.conf. - -*** DONE Review: natural_scroll not set for mouse (only touchpad) :chore: -CLOSED: [2026-05-07 Thu] -~input:natural_scroll~ was missing; only ~touchpad:natural_scroll~ was set. -Added ~natural_scroll = true~ to input block. - *** TODO Review: touchpad-indicator missing (X11 only, no Wayland equivalent) Old ~touchpad-indicator-git~ was X11-only and removed as broken. Created ~touchpad-auto~ (auto-disable touchpad when mouse connected) and ~toggle-touchpad~ scripts. @@ -333,14 +340,6 @@ Parse shell history files for ~/.local/bin script names to identify last usage d Parse config files for binary/command references and verify those binaries exist - catch orphaned references ** TODO [#B] Test security + functionality together -*** DONE [#B] Verify SSH to remote server works -CLOSED: [2026-02-02 Mon] -Tested 2026-02-02: ssh cjennings.net returns "connected" successfully. -SSH key authentication working, no password required. -*** DONE [#B] Verify Proton Mail Bridge retrieves email -CLOSED: [2026-02-02 Mon] -Verified 2026-02-02: Proton Mail Bridge running, ports 1143 (IMAP) and 1025 (SMTP) -listening on 127.0.0.1. mu4e email retrieval functional. *** TODO [#B] Verify no unexpected open ports or services ** TODO [#B] Security audit tooling @@ -378,24 +377,6 @@ Detect NVIDIA GPU and warn user about potential Wayland issues: - Document required env vars (LIBVA_DRIVER_NAME, GBM_BACKEND, etc.) - Prompt to continue or abort if NVIDIA detected -** DONE [#B] Extend layout-navigate to escape special workspaces -CLOSED: [2026-04-19 Sun] -With the =special:stash= overlay visible and focus on a window inside it, -=$mod+J= was trapped because =layoutmsg cyclenext= only operates within the -current workspace. The 2026-04-09 fix handled floating→tiled but not -special-workspace→regular. - -Fix in =dotfiles/hyprland/.local/bin/layout-navigate=: when the active -window's =workspace.name= begins with =special:= and the user is navigating -focus (not moving), dispatch =togglespecialworkspace = first, re-read -activewindow state, then fall through to the existing floating/layout -branches. Move variant (=$mod SHIFT J=) is intentionally left untouched so -moving a window out of a scratchpad remains a deliberate separate action. - -Unit tests live in =tests/layout-navigate/= (stdlib =unittest=, fakes -=hyprctl= via PATH). Run with: -=python3 -m unittest tests.layout-navigate.test_layout_navigate= - ** TODO [#B] Add org-capture popup frame on keyboard shortcut Set up a quick-capture popup using emacsclient that opens a small floating org-capture frame, with Hyprland window rules to float, size, and center it. @@ -420,12 +401,6 @@ Implementation: Reference: Protesilaos Stavrou's popup frame pattern for emacsclient. -** DONE Check linux-lts version until 6.18+ -CLOSED: [2026-03-07 Sat] -Run =topgrade= and check =pacman -Q linux-lts=. Once 6.18+, remove =/etc/modprobe.d/amdgpu.conf= and mark this DONE. -Background: AMD Strix Halo VPE power gating bug causes system freeze. Workaround disables power gating. Fix is in kernel 6.15+. -Running linux-lts 6.18.16-1. amdgpu.conf workaround already removed. - ** TODO [#C] Review theme config architecture for dunst/fuzzel The active dunst config is stowed from dotfiles/common/ but theme templates live in dotfiles/hyprland/.config/themes/. set-theme copies the templates to @@ -485,14 +460,6 @@ Once-yearly systematic inventory of known deficiencies and friction points in cu ** TODO [#C] Install Zoxide integration into Ranger https://github.com/jchook/ranger-zoxide - enables zoxide jumping within ranger file manager -** DONE [#D] Find or create a monocle layout for Hyprland -CLOSED: [2026-03-07 Sat] -Both existing monocle plugins (zakk4223/hyprlandMonocle, pianocomposer321/hyprland-monocle) are -abandoned and broken against current Hyprland. Options: fork and fix hyprlandMonocle (more features), -script a pseudo-monocle using fullscreen 1, or wait for a maintained plugin. Lower priority since -stash-window ($mod+O / $mod+Shift+O) covers the main use case. More important for laptop installs. -Resolved: Hyprland 0.54 added native monocle layout. Bound to $mod SHIFT M. - ** TODO [#D] Consider Customizing Hyprland Animations Current: windows pop in, scratchpads slide from bottom. @@ -549,3 +516,83 @@ Overridable via config file or =DESKTOP_ENV= environment variable. CLOSED: [2026-02-23 Sun] Username prompt with regex validation (lines 320-332) and password prompt with confirmation (lines 339-353) implemented and functional. + +** DONE [#B] Verify SSH to remote server works +CLOSED: [2026-02-02 Mon] +Tested 2026-02-02: ssh cjennings.net returns "connected" successfully. +SSH key authentication working, no password required. + +** DONE [#B] Verify Proton Mail Bridge retrieves email +CLOSED: [2026-02-02 Mon] +Verified 2026-02-02: Proton Mail Bridge running, ports 1143 (IMAP) and 1025 (SMTP) +listening on 127.0.0.1. mu4e email retrieval functional. + +** DONE [#B] Fix unsafe sed patterns with user input +CLOSED: [2026-02-23 Sun] +Quoted =$username= in sed replacement, switched locale and wireless-regdom sed +patterns to pipe delimiter to avoid conflicts with path/encoding characters. + +** DONE [#B] Fix unsafe heredoc variable expansion +CLOSED: [2026-02-23 Sun] +Quoted =UDEVEOF= heredoc and used placeholder + sed replacement pattern (same as hyprpm hook). + +** DONE [#C] Add mountpoint check before ramdisk mount +CLOSED: [2026-02-23 Sun] +Added =mountpoint -q= guard before mount; skips with info message if already mounted. + +** DONE [#C] Improve error handling in chained commands :chore: +CLOSED: [2026-05-07 Thu] +Line 820: three operations chained with =&&= reported as single failure. +Broken into separate error-handled steps. + +** DONE [#C] Add comments on complex logic +CLOSED: [2026-02-23 Sun] +Added comments explaining wireless region locale-to-ISO3166 mapping and +archsetup clone strategy (why symlinks need user-owned repo). + +** DONE [#D] Validate reserved usernames +CLOSED: [2026-02-23 Sun] +Added check against list of reserved system usernames (root, bin, daemon, sys, etc.). + +** DONE Review: Hyprland conf.d source ordering :chore: +CLOSED: [2026-05-07 Thu] +~source = $HOME/.config/hypr/conf.d/*.conf~ was at top of hyprland.conf (line 9). +Machine-local overrides (gaps, monitor scale) were overwritten by defaults later in the file. +Fixed by moving source line to end of file. Update stowed hyprland.conf. + +** DONE Review: natural_scroll not set for mouse (only touchpad) :chore: +CLOSED: [2026-05-07 Thu] +~input:natural_scroll~ was missing; only ~touchpad:natural_scroll~ was set. +Added ~natural_scroll = true~ to input block. + +** DONE [#B] Extend layout-navigate to escape special workspaces +CLOSED: [2026-04-19 Sun] +With the =special:stash= overlay visible and focus on a window inside it, +=$mod+J= was trapped because =layoutmsg cyclenext= only operates within the +current workspace. The 2026-04-09 fix handled floating→tiled but not +special-workspace→regular. + +Fix in =dotfiles/hyprland/.local/bin/layout-navigate=: when the active +window's =workspace.name= begins with =special:= and the user is navigating +focus (not moving), dispatch =togglespecialworkspace = first, re-read +activewindow state, then fall through to the existing floating/layout +branches. Move variant (=$mod SHIFT J=) is intentionally left untouched so +moving a window out of a scratchpad remains a deliberate separate action. + +Unit tests live in =tests/layout-navigate/= (stdlib =unittest=, fakes +=hyprctl= via PATH). Run with: +=python3 -m unittest tests.layout-navigate.test_layout_navigate= + +** DONE Check linux-lts version until 6.18+ +CLOSED: [2026-03-07 Sat] +Run =topgrade= and check =pacman -Q linux-lts=. Once 6.18+, remove =/etc/modprobe.d/amdgpu.conf= and mark this DONE. +Background: AMD Strix Halo VPE power gating bug causes system freeze. Workaround disables power gating. Fix is in kernel 6.15+. +Running linux-lts 6.18.16-1. amdgpu.conf workaround already removed. + +** DONE [#D] Find or create a monocle layout for Hyprland +CLOSED: [2026-03-07 Sat] +Both existing monocle plugins (zakk4223/hyprlandMonocle, pianocomposer321/hyprland-monocle) are +abandoned and broken against current Hyprland. Options: fork and fix hyprlandMonocle (more features), +script a pseudo-monocle using fullscreen 1, or wait for a maintained plugin. Lower priority since +stash-window ($mod+O / $mod+Shift+O) covers the main use case. More important for laptop installs. +Resolved: Hyprland 0.54 added native monocle layout. Bound to $mod SHIFT M. -- cgit v1.2.3