- Remove XFCE/i3-specific packages and dotfiles from Arch path (xarchiver,
udiskie, Thunar, xfce-polkit, clipman, screenshooter)
- Separate per-OS dotfiles: mimeapps, udiskie config, GTK theme script,
udiskie-password, dbus-session and ssh-agent fragments moved to Void-only
- Add mimeapps.arch.list with Nautilus/GNOME associations for nymph
- Move dunst/rofi directory creation from common to profile_desktop_i3
- Add gnome-keyring PAM hooks for GDM (gdm-password) in profile_desktop_gnome
- Remove ssh-agent.service from desktop_systemd_user_services on Arch;
drop ssh-agent dependency and hardcoded socket from emacs.service
- Add ttf-hack-nerd to Arch font packages
- Fix rustup bootstrap: use rustup-init on Void, rustup toolchain install on Arch
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Render personal desktop configs from Ansible templates so public dotfiles no longer expose real identities or mail addresses. Update the bootstrap workflow to consume the rendered mail config and extend the encrypted vault schema for the new private values.
Provision the Maildir root and per-account directories before the mail bootstrap script runs so initial mbsync and mu setup have a consistent local destination.
Disable automatic iCloud keyring initialization by default and add a repo-local bootstrap script that reads .mbsyncrc, stores mail secrets in GNOME Keyring, guides Proton Bridge certificate export, and initializes mail sync/indexing.
Parse the Secret Service default alias object path so iCloud password storage only skips when the login keyring is actually unset. Remove the unused scripts placeholder file.
