Anaconda adds 'server _gateway iburst' as a fallback NTP source when
no NTP servers are specified in the kickstart. chronyd cannot resolve
the special hostname '_gateway' at startup, logging an error each boot.
The sourcedir /run/chrony-dhcp directive already handles DHCP-provided
NTP servers, making the _gateway line redundant.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
systemd-xdg-autostart-generator warns that .desktop files with
execute permissions set are invalid. .desktop files should not be
executable.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ExecStop on the user service caused an unmount race: it fired
asynchronously after logout while the next login's install.sh had
already remounted the wallet, then unmounted it again leaving
kwalletd6 without its wallet directory.
install.sh already handles umount/remount at login start, so no
ExecStop is needed. On gocryptfs systems the wallet becomes
inaccessible at logout naturally when ~/data is unmounted.
user_run.sh now explicitly stops any leftover kwalletd6-logon unit
from a previous session before creating a new one, avoiding the
systemd-run unit-name-conflict failure.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ExecStop (umount) fires asynchronously ~26s after logout, by which
time a second login's install.sh has already remounted the wallet.
ExecStop then unmounts the fresh mount, leaving kwalletd6 without
the wallet directory.
Fix: stop kwalletd6-logon.service at the top of install.sh so its
ExecStop fires and drains before the remount, eliminating the race.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
kwalletd6 exits with code 1 when the Wayland compositor shuts down
during logout. Without SuccessExitStatus=1, the service is marked
failed and ExecStop (the bind mount umount) never runs. Treating
exit code 1 as success keeps the service in active-exited state so
systemd fires ExecStop cleanly on session end.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Switch kwalletd6-logon from --scope to a transient service with
RemainAfterExit=yes (kwalletd6 forks to background, so the service
must stay active after the main process exits). ExecStop runs
'sudo umount -l' to detach the wallet bind mount before gocryptfs
unmounts ~/data (Before=gocryptfs-home.service ordering).
install.sh adds a per-user sudoers drop-in so the user service
can call umount as root without a password.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Daniel unbrot Pätzold