ExecStop on the user service caused an unmount race: it fired
asynchronously after logout while the next login's install.sh had
already remounted the wallet, then unmounted it again leaving
kwalletd6 without its wallet directory.
install.sh already handles umount/remount at login start, so no
ExecStop is needed. On gocryptfs systems the wallet becomes
inaccessible at logout naturally when ~/data is unmounted.
user_run.sh now explicitly stops any leftover kwalletd6-logon unit
from a previous session before creating a new one, avoiding the
systemd-run unit-name-conflict failure.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ExecStop (umount) fires asynchronously ~26s after logout, by which
time a second login's install.sh has already remounted the wallet.
ExecStop then unmounts the fresh mount, leaving kwalletd6 without
the wallet directory.
Fix: stop kwalletd6-logon.service at the top of install.sh so its
ExecStop fires and drains before the remount, eliminating the race.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
kwalletd6 exits with code 1 when the Wayland compositor shuts down
during logout. Without SuccessExitStatus=1, the service is marked
failed and ExecStop (the bind mount umount) never runs. Treating
exit code 1 as success keeps the service in active-exited state so
systemd fires ExecStop cleanly on session end.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Switch kwalletd6-logon from --scope to a transient service with
RemainAfterExit=yes (kwalletd6 forks to background, so the service
must stay active after the main process exits). ExecStop runs
'sudo umount -l' to detach the wallet bind mount before gocryptfs
unmounts ~/data (Before=gocryptfs-home.service ordering).
install.sh adds a per-user sudoers drop-in so the user service
can call umount as root without a password.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Introduce NC_FLATPAK_APP and NC_FLATPAK_DIR variables so the app ID
and ~/.var/app path are defined once and referenced everywhere, rather
than repeated as literals. Also fixes a stray leading '/' in the
nextcloud.cfg grep path.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Set _nc_first=0 in the already-found branch so that a configured folder
prevents subsequent entries from wiping the Nextcloud config.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Before the sync loop, find all *.bak directories in the parent dirs of
configured sync paths, list them with their size, and ask the user to
delete them with a y/N prompt.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace static _bak suffix with _YYYYMMDDhhmmss.bak so repeated runs
never fail trying to overwrite an existing backup directory.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Config wipe now guarded by _nc_wipe_done flag so subsequent new entries
do not destroy the previous setup. _nc_first logic kept as comments for
later activation when multi-folder support is confirmed working.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Shebang changed to sh; replace all [[ ]] with [ ], == with = in [ ]
- Loop over CLIENT_DATA_SYNC[@] directly instead of counting to 100;
replace index-based first-entry check with a _nc_first flag
- Fix missing fi before done, remove stray fi after KWallet block
- Dedent KWallet block to top level (was left indented from inside the loop)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- sync_client_software.sh: add system-wide flatpak session-bus override for
Nextcloud so KWallet D-Bus access works for all users; fix broken compound
test ([ a || b ] → [ a ] || [ b ])
- user_run.sh: check KWallet entries with hasEntry before writing — skip write
and print info message when both passwords are already present; remove stale
commented-out code
- install.sh: forward REPO_URL and REPO_BRANCH into configure.sh environment
for both the su- and direct-bash invocation paths
- configure.sh: simplify do_configure (user cleanup)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
cinnamon_fullsetup.cfg: add xapps package so the xapp-gtk3-module GTK
module referenced in Cinnamon's GTK settings is present for Flatpak apps.
user_run.sh: pass --setenv=SESSION_MANAGER= to systemd-run so Qt does not
try to connect to an X11 session manager socket that may not exist (fixes
"Could not open network socket" on Wayland and non-KDE desktops).
Guard the KWallet D-Bus block behind a session-bus presence check
(qdbus | grep org.kde.kwalletd) so it is skipped entirely on Cinnamon and
other non-KDE desktops instead of producing D-Bus errors.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fetches user_full_name (givenname + sn) and user_email from FreeIPA via
ipalib and writes them into the Thunderbird IMAP account prefs. Adds
ipalib availability check to logon_script.sh. Drops TB_MAIL_FULLNAME
config variable.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds SERVERFQDN_IMAP and TB_MAIL_FULLNAME to setup_system.conf.dist.
On each logon the script checks if an IMAP account for DAVTOKEN_USER@TLDOMAIN
already exists in prefs.js; if not it writes the server, identity, and account
entries and registers it with accountmanager. Idempotent — skipped when the
account is already present.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Ensures session bus socket and kwalletd5/6 talk permissions are set at
logon, so Flatseal or a missing manifest entry cannot silently break
Talk's credential storage and Plasma integration.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
--scope ... & had two problems:
1. systemd-run stayed alive in the autostart service cgroup;
KillMode=control-group sent it SIGTERM when logon_script.sh exited,
tearing down the scope and killing Talk mid-initialization.
2. The scope lacked Delegate=yes, preventing Electron's zygote from
creating sub-cgroups for the GPU/renderer processes.
The previous commit added Delegate=yes but kept --scope, so problem 1
remained: the scope was still torn down on service exit, causing the
GPU/network service crash visible in talk.log.
Switch to a transient service unit identical to the Nextcloud Desktop
Client fix: --no-block returns immediately so systemd-run is gone from
the cgroup before the service ends; --property=Delegate=yes is retained
for Electron's zygote. Tested: service active, zygote and network
service running, no GPU crash.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
systemd-run --scope ... & left the systemd-run binary running as a
background process inside the autostart service's cgroup. When
logon_script.sh exited, systemd's KillMode=control-group sent SIGTERM
to all remaining cgroup processes, including systemd-run. systemd-run,
on receiving SIGTERM while monitoring a scope, stopped the scope and
killed the Nextcloud client -- at exactly the same moment the autostart
service ended.
--no-block with --scope is not supported. Switch to a transient service
unit (drop --scope, add --no-block). systemd-run registers the unit and
returns immediately, leaving the cgroup before logon_script.sh ends.
The Nextcloud process then runs as an independent systemd user service,
unaffected by the autostart service lifecycle. Tested: Nextcloud keeps
running after systemd-run exits.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Nextcloud Talk is an Electron app. Electron uses a zygote process to
fork sandboxed child processes (GPU, renderer, network service) into
their own sub-cgroups. systemd-run --scope without Delegate=yes locks
down the cgroup — sub-cgroups cannot be created — so the zygote fails,
causing the GPU process to crash immediately on startup.
Adding --property=Delegate=yes hands cgroup management to the scope,
allowing flatpak/bubblewrap and Electron's zygote to create the
sub-cgroups they need. Tested: no GPU crash with this flag set.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
setsid -f forks the process into a new session but leaves it in the
calling service's cgroup. systemd-run --user --scope moves it into its
own transient scope cgroup so the autostart service can finish normally.
Added & to background the launch, replacing the fork that setsid -f
was providing. Tested: scope is created and Talk starts correctly.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Same root cause as the gocryptfs and Nextcloud fixes: kwalletd6 is a
long-running daemon that stays alive for the entire KDE session.
Launching it with setsid keeps it in the autostart service cgroup,
preventing app-logon_script.sh@autostart from reaching finished state.
Replace setsid with systemd-run --user --scope so kwalletd6 runs in
its own transient scope cgroup.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
KDE Plasma runs each autostart .desktop entry as a systemd user unit.
systemd tracks service liveness by cgroup membership, not just the
main PID. Any process forked inside the service — even via setsid or &
— stays in the service's cgroup and keeps app-logon_script.sh@autostart
in active (running) state indefinitely after logon_script.sh exits.
mount_ecrypt_home.sh: wrap the gocryptfs mount call with
systemd-run --user --scope --unit=gocryptfs-home
The FUSE daemon that gocryptfs forks now lives in its own transient
scope cgroup. Exit-code propagation is unchanged because systemd-run
--scope returns the main process's exit code.
0050_nextcloud_desktopclient/user_run.sh: replace
/usr/bin/setsid ... &
with
systemd-run --user --scope --unit=nextcloud-client ... &
setsid creates a new session but does not move the process out of the
cgroup; systemd-run --scope does.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The Flatpak autoprovisioning command does not reliably write credentials
to KWallet from inside the sandbox. After provisioning, directly write
both KWallet entries (user:url/:0 and user_app-password:url/:0) via
qdbus, creating the Nextcloud folder first if needed. kwallet-query was
tried but silently returns 0 without creating missing folders.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Daniel unbrot Pätzold
unbrot