config/.claude/memory/learnings.md
Bastien Chanot c0fddc6f94 feat(install): system-wide low-disk login warning via /etc/profile.d
Add etc/profile.d/disk-usage-warning.sh (POSIX sh) that warns in bold
red at login when / or /home cross 85% usage. Deployed system-wide via
install_disk_warning() (sudo install -D -m 0644), gated inside the
apt-get block since df --output=pcent and /etc/profile.d are GNU/Debian
conventions absent on macOS. Idempotent and re-runnable.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01CN1KSmsuLG6TxSeN5m8xvM
2026-06-24 18:00:17 +02:00

2.6 KiB

Learnings

Reusable patterns. Caveman + English.

LRN-001 — Dotfiles installer idempotency pattern

2026-05-27. Re-runnable installer: rm -rf target before each git clone, mkdir -p dirs, back up existing config to fixed ~/Oldconfig (overwrite prev backup). Avoids "clone fails, dir exists" on second run. Apply to any provisioning script.

LRN-002 — Redundant vim plugin fetch

2026-05-27. molokai colorscheme committed in vim/colors/ AND cloned to /tmp then copied. cp -rupv vim/* ~/.vim/ already deploys it. Dropped the clone. Lesson: check what tracked files already cover before adding external fetch.

LRN-003 — GNOME + xrdp working recipe (Ubuntu)

2026-06-23. apt install xrdp alone = black screen + auth popups. Need: adduser xrdp ssl-cert (xrdp reads TLS key, else black screen on login); polkit rule allowing org.freedesktop.color-manager.* (else recurring "Authentication required to create a color managed device" popups). Polkit format version-gated: v>=0.106 → /etc/polkit-1/rules.d/*.rules (JS); older → .pkla. Verified live polkit 127 → .rules only (.pkla backend dropped). Open RDP 3389 only if firewall active. Restart xrdp after group add so daemon reloads ssl-cert membership.

LRN-004 — gnome-remote-desktop --system: remote desktop on Wayland-only GNOME

2026-06-23. xrdp does NOT work on Wayland-only GNOME (Shell asserts XDG_SESSION_TYPE=wayland, Xorg backend dies instantly on login) → LRN-003 xrdp recipe N/A on such hosts. Use g-r-d system "Remote Login": self-signed TLS cert via grdctl --system rdp set-tls-cert/set-tls-key, rdp enable, enable+start gnome-remote-desktop.service. Auth = 2 layers: shared gate creds via set-credentials (unlock GDM) THEN per-user PAM login. Gate creds REQUIRED — empty → mstsc 0x904/0x7 (BLK-004). Listening socket + TLS + enable NOT enough alone. TPM warn Init TPM credentials failed ... using GKeyFile as fallback = harmless on TPM-less host (creds → keyfile). Connect: client → ip:3389, accept self-signed cert, gate creds, then GDM user. Supersedes LRN-003 for Wayland GNOME.

LRN-005 — df --output=pcent is GNU-only → keep /etc/profile.d disk scripts Linux-gated

2026-06-24. df --output=pcent (and /etc/profile.d itself) are GNU coreutils / Debian conventions, absent on macOS BSD df. Any install step deploying such a snippet system-wide must sit inside the command -v apt-get (Linux) block, never the OS-agnostic path. Deploy idempotently with sudo install -D -m 0644 src /etc/profile.d/x.sh (-D makes the dir, overwrite = re-runnable). Caveat: /etc/profile.d/*.sh runs for LOGIN shells only — non-login terminals need /etc/bash.bashrc instead.