wip
This commit is contained in:
71
audit/remaining.md
Normal file
71
audit/remaining.md
Normal file
@@ -0,0 +1,71 @@
|
||||
# Remaining Audit Findings
|
||||
|
||||
Items already completed: zsh, starship, git, ghostty, tmux config + scripts.
|
||||
|
||||
## Sway
|
||||
|
||||
### Security
|
||||
|
||||
- **[high]** waybar `custom/ssh-login` on-click runs `pkill -9 -t $(who | awk '{ print $2 }')`. Unquoted command substitution causes word-splitting across multiple TTYs. Use `pkill -HUP` instead of `-9`, and quote the substitution or target a specific TTY.
|
||||
- **[medium]** `80-autostart.conf` starts `protonmail-bridge -n` as bare `exec`. Consider systemd user service for proper lifecycle management.
|
||||
- **[medium]** swayidle timeout of 300s (5 min) is relatively long for an unattended workstation.
|
||||
- **[medium]** `swaylock/config` lacks `show-failed-attempts` and `ignore-empty-password` verification.
|
||||
- **[low]** `wlsunset -l 46.1 -L 14.5` exposes approximate geographic coordinates in public dotfiles.
|
||||
|
||||
### Idiomacy
|
||||
|
||||
- **[issue]** host.d include is before config.d/* in main sway config. Host files cannot reference `$variables` from `10-variables.conf`. Move host.d include after config.d/*.
|
||||
- **[issue]** `41-theme-swayfx.conf` uses SwayFX-specific directives that error on stock sway. Gate or document.
|
||||
- **[issue]** Volume keybindings mix `pactl` (mute toggle) and `pamixer` (volume up/down). Pick one consistently. Mic mute on F16 also uses `pactl` instead of `pamixer`.
|
||||
- **[issue]** wob FIFO setup has race condition on sway restart. Consider wob 0.14+ `--socket` flag or `$XDG_RUNTIME_DIR/wob.sock` path.
|
||||
- **[issue]** swayidle missing `lock` event handler (`lock 'swaylock -f'`). `loginctl lock-session` won't lock the screen without it.
|
||||
- **[issue]** No idle inhibitor configured. Fullscreen video will trigger lock after timeout. Options: waybar `idle_inhibitor` module, `for_window` rule with `inhibit_idle fullscreen`, or `sway-audio-idle-inhibit`.
|
||||
|
||||
### Waybar
|
||||
|
||||
- **[issue]** `custom/ssh-login` polls every 1 second. Reduce to 10-30s.
|
||||
- **[issue]** `custom/ssh-login` on-click uses `pkill -9` (SIGKILL). Use SIGHUP.
|
||||
- **[dead]** `custom/power` module defined but not included in any bar's module list.
|
||||
- **[issue]** `style.css` references `@define-color` names (`@gray`, `@background-light`, `@foreground`, `@red`, etc.) that are not defined in the file. They must come from an external GTK theme. Define them in `style.css` for self-containment or document the dependency.
|
||||
- **[issue]** Hardcoded `#1e1e2e` (Catppuccin Mocha) in `#waybar .module` conflicts with gruvbox scheme. Leftover from a template.
|
||||
- **[note]** `cpu` on-click hardcodes `ghostty -e htop` (waybar JSONC doesn't support sway variables).
|
||||
|
||||
### Typos
|
||||
|
||||
- `50-keybind.conf` line 13: `# programs'` — trailing apostrophe
|
||||
- `50-keybind.conf` line 88: `# xf86-brightnes` — missing trailing 's'
|
||||
- `80-autostart.conf` line 1: `# deamon` — should be "daemon"
|
||||
|
||||
## Structure
|
||||
|
||||
### .gitignore
|
||||
|
||||
- **[dead]** `!alacritty` is tracked but alacritty is no longer used (ghostty replaced it). Remove or keep intentionally.
|
||||
- **[issue]** `!waybar` and `!bin` un-ignore entire directories with no interior filter. Every other program explicitly whitelists files. Tighten to two-level pattern:
|
||||
```
|
||||
!waybar
|
||||
waybar/*
|
||||
!waybar/config.jsonc
|
||||
!waybar/style.css
|
||||
```
|
||||
- **[note]** `!ghostty/themes`, `!sway/config.d`, `!sway/host.d` also un-ignore whole subdirectories. Intentional for sway (new drop-in files auto-tracked), worth noting for ghostty themes.
|
||||
|
||||
### bin/ directory
|
||||
|
||||
- `bin/waybar-custom-cider.sh` is the only script and is waybar-specific. Consider moving to `waybar/cider.sh` and updating the exec path in `waybar/config.jsonc`.
|
||||
|
||||
### SSH preview duplication
|
||||
|
||||
- `zsh/ssh-menu` defines `_ssh_menu_preview` and `tmux/tmux-ssher` defines `_preview`. Same function with cosmetic differences. Extract to a shared script (e.g. `bin/ssh-preview`) to eliminate drift. The `command -v host` guard is only in ssh-menu, not ssher.
|
||||
|
||||
### Paths
|
||||
|
||||
- `tmux.conf` hardcodes `~/.config/tmux/...` in run-shell bindings instead of `$XDG_CONFIG_HOME`.
|
||||
- `flameshot.ini` hardcodes `/home/matej/screens` — breaks on other usernames/machines.
|
||||
- `swaylock/config` and `sway/config.d/20-output.conf` reference `~/.assets/` — not XDG, but consistent with each other.
|
||||
|
||||
### Consistency
|
||||
|
||||
- Waybar CSS color variables depend on external GTK theme (see waybar section above).
|
||||
- Swaylock uses `#000000`/`#ffffff` (black/white) instead of gruvbox. May be intentional for contrast.
|
||||
- Alacritty config is dead weight if no longer used.
|
||||
Reference in New Issue
Block a user