My linux config and rc files https://git.strisemarx.com/dotfiles/atom?h=master 2026-04-17T13:47:35Z 2026-04-17T13:47:35Z sommerfeld sommerfeld@sommerfeld.dev 2026-04-17T13:47:35Z urn:sha1:08c521f7ce7e64fa080360aeb67bf9e92bcf159b 2026-04-17T13:47:34Z sommerfeld sommerfeld@sommerfeld.dev 2026-04-17T13:47:34Z urn:sha1:c6eb8e5092b22e4bb611deb5a11273547f8b1f1e GPG_TTY was set in .zprofile (login shell) to /dev/tty1, but terminal emulator shells get /dev/pts/N. Move the export to .zshrc so each interactive shell sets the correct TTY before telling the agent. 2026-04-17T13:47:34Z sommerfeld sommerfeld@sommerfeld.dev 2026-04-17T13:47:34Z urn:sha1:e2da9bd7318c3811b344c756358104fd8c7e4994 With GPG key passphrases being removed (LUKS provides at-rest encryption), pam-gnupg is no longer needed. Remove: - pam-gnupg config file and keygrip list - pam-gnupg-git from base metapackage - Cache TTL overrides (defaults are fine without passphrase caching) - allow-preset-passphrase (only needed by pam-gnupg) 2026-04-17T13:47:34Z sommerfeld sommerfeld@sommerfeld.dev 2026-04-17T13:47:34Z urn:sha1:644785859ac960c0da64016065a800bf660ffbcf Drop custom GNUPGHOME=~/.local/share/gnupg which required 6 systemd socket/service overrides with hardcoded directory hashes. GnuPG periodically changes its hash algorithm on updates, silently breaking systemd socket activation and pam-gnupg passphrase presetting. With default GNUPGHOME, stock systemd units work out of the box. - Move gpg.conf, gpg-agent.conf, sshcontrol to home/.gnupg/ - Delete all gpg-agent socket/service/dirmngr override dirs - Remove GNUPGHOME from .zprofile, .pam_environment, pam-gnupg - Remove GNUPGHOME from vdirsyncer and bridge service overrides 2026-04-17T13:47:26Z sommerfeld sommerfeld@sommerfeld.dev 2026-04-17T13:47:26Z urn:sha1:8fadfc96e378886aa5e9d3ddf82bb7913c0cf0e4 GnuPG changed its socket directory hash from d.hmaqciuk8y8ye3gwt9b6eth1 to d.199epr64wmzkrnk8u8qgricf. The mismatch broke systemd socket activation and pam-gnupg passphrase presetting, causing SSH auth failures after reboot. 2026-04-17T10:17:01Z sommerfeld sommerfeld@sommerfeld.dev 2026-04-17T10:17:01Z urn:sha1:b7fcd084b324c0f8c445f9c3811d3d1331fb4198 gpgconf --list-dirs agent-ssh-socket needs GNUPGHOME set to return the correct hashed socket path. Without it, SSH_AUTH_SOCK pointed to a non-existent socket, breaking GPG agent SSH authentication. 2026-04-17T09:54:17Z sommerfeld sommerfeld@sommerfeld.dev 2026-04-17T09:54:17Z urn:sha1:87033a4fb88c29e8184ed70817f1a03bad1f246e - orphans.hook: remove commented-out alternative Exec line - reflector.conf: strip comment bloat, keep only active settings 2026-04-17T09:54:16Z sommerfeld sommerfeld@sommerfeld.dev 2026-04-17T09:54:16Z urn:sha1:1df288011674b8f4c2bcb2e8f784a81148f2a516 - wget/wgetrc: move hsts-file from /tmp to ~/.local/share for XDG compliance and persistence across reboots - cargo/config: rename to config.toml (modern Cargo convention) 2026-04-17T09:54:15Z sommerfeld sommerfeld@sommerfeld.dev 2026-04-17T09:54:15Z urn:sha1:be49079efa54e90e34e244af8336be00bc48ff3c Remove all explicit HostKeyAlgorithms, KexAlgorithms, and Ciphers lists. OpenSSH 9.x+ has excellent defaults: Ed25519 preferred, ssh-rsa disabled, strong cipher and kex ordering out of the box. Explicit lists become a liability — they prevent picking up improved defaults on upgrade. 2026-04-17T09:54:15Z sommerfeld sommerfeld@sommerfeld.dev 2026-04-17T09:54:15Z urn:sha1:daa9dc343a409f613312a32f28ecd839e0a3dcb8 Remove ~1400 lines of commented defaults that duplicate manpage docs: - aerc.conf: 602 → 32 lines - ipython_config.py: 625 → 5 lines - MangoHud.conf: 118 → 10 lines - gamemode.ini: 97 → 7 lines