feat: show greeter UI on all monitors, not just one (v0.8.0)

Wayland surfaces belong to exactly one output — mirroring is not an option.
Create one full greeter window per monitor via set_monitor(), with only the
first receiving KeyboardMode::Exclusive. Removes the old wallpaper-only
secondary windows. Matches moonlock's per-monitor pattern.

CLAUDE.md

@@ -47,7 +47,7 @@ cd pkg && makepkg -sf && sudo pacman -U moongreet-git-<version>-x86_64.pkg.tar.z
 - `fingerprint.rs` — fprintd D-Bus Probe (gio::DBusProxy) — Geräteerkennung und Enrollment-Check für UI-Feedback
 - `config.rs` — TOML-Config ([appearance] background, gtk-theme, fingerprint-enabled) + Wallpaper-Fallback + Blur-Validierung (finite, clamp 0–200)
 - `greeter.rs` — GTK4 UI (Overlay-Layout), Login-Flow via greetd IPC (Multi-Stage-Auth für fprintd), Faillock-Warnung, Avatar-Cache, Last-User/Last-Session Persistence (0o700 Dirs, 0o600 Files)
-- `main.rs` — Entry Point, GTK App, Layer Shell Setup, Multi-Monitor, systemd-journal-logger
+- `main.rs` — Entry Point, GTK App, Layer Shell Setup, Multi-Monitor (one greeter window per monitor, first gets keyboard), systemd-journal-logger
 - `resources/style.css` — Catppuccin-inspiriertes Theme
 
 ## Design Decisions

Cargo.lock

@@ -575,7 +575,7 @@ dependencies = [
 
 [[package]]
 name = "moongreet"
-version = "0.7.1"
+version = "0.7.4"
 dependencies = [
  "gdk-pixbuf",
  "gdk4",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "moongreet"
-version = "0.7.2"
+version = "0.8.0"
 edition = "2024"
 description = "A greetd greeter for Wayland with GTK4 and Layer Shell"
 license = "MIT"

DECISIONS.md

@@ -1,29 +1,43 @@
 # Decisions
 
+## 2026-04-08 – Show greeter UI on all monitors instead of just one
+
+- **Who**: ClaudeCode, Dom
+- **Why**: moonlock showed its UI on all monitors via ext-session-lock-v1, but moongreet only showed the login UI on one monitor (compositor-picked) with wallpaper-only windows on the rest. Inconsistent UX across the ecosystem.
+- **Tradeoffs**: Each monitor gets its own full greeter widget tree (slightly more memory), but the UI is lightweight. Screen mirroring (e.g., wl-mirror/screencopy) was considered and rejected — it requires an external process, compositor screencopy support, adds latency, and fights Wayland's per-output model. One-window-per-monitor is the established Wayland pattern (swaylock, hyprlock, moonlock all do this).
+- **How**: Create one `create_greeter_window()` per monitor with `set_monitor()`, only the first gets `KeyboardMode::Exclusive`. Removed `create_wallpaper_window()` (no longer needed). No layer shell fallback keeps single-window mode for development.
+
+## 2026-04-06 – Restore explicit gtk-theme in moongreet config
+
+- **Who**: ClaudeCode, Dom
+- **Why**: GTK4 under greetd does not reliably read `/etc/xdg/gtk-4.0/settings.ini` — likely requires a settings daemon that doesn't run in the greeter session. moongreet fell back to Adwaita/Colloid-default (blue accent) instead of Colloid-Grey-Dark-Catppuccin.
+- **Tradeoffs**: Reverts `094878f` ("Remove gtk-theme from app config, use system-wide GTK settings instead"). Duplicates the theme name between settings.ini and moongreet.toml, but the explicit set via `set_gtk_theme_name()` is the only reliable path in a greetd context.
+- **How**: Added `gtk-theme = "Colloid-Grey-Dark-Catppuccin"` to example config and deployed `/etc/moongreet/moongreet.toml`.
+
 ## 2026-04-02 – Replace hardcoded CSS colors with GTK theme variables
 
-- **Who**: Ragnar, Dom
+- **Who**: ClaudeCode, Dom
 - **Why**: moongreet used hardcoded colors (#1a1a2e, white, #ff6b6b) while moonset already used @theme_bg_color, @theme_fg_color, @error_color etc. Inconsistent across the ecosystem and broke theme flexibility.
 - **Tradeoffs**: Depends on the active GTK theme defining standard color variables. Catppuccin Colloid provides all needed vars (@theme_bg_color, @theme_fg_color, @error_color, @success_color, @theme_selected_bg_color). Fallback behavior if a theme lacks vars is GTK's default colors — acceptable.
 - **How**: Replaced all hardcoded hex/named colors with GTK theme variables. Coordinated change across moongreet, moonlock, and moonset (all three now use identical pattern).
 
 ## 2026-03-31 – Fourth audit: power timeout, timing mitigation, release profile, GREETD_SOCK caching
 
-- **Who**: Ragnar, Dom
+- **Who**: ClaudeCode, Dom
 - **Why**: Fourth triple audit found moongreet power.rs had no timeout on loginctl (greeter could freeze), username enumeration via timing differential, GREETD_SOCK re-read on every login, missing release profile, and missing GResource compression.
 - **Tradeoffs**: 500ms minimum login response time adds slight delay on fast auth but prevents timing-based username enumeration. Power timeout (30s + SIGKILL) matches moonset pattern — aggressive but prevents greeter freeze.
 - **How**: (1) power.rs adapted from moonset with 30s timeout + SIGKILL (nix dependency added). (2) 500ms min response floor in attempt_login via Instant + glib::timeout_future. (3) GREETD_SOCK cached in GreeterState at startup. (4) `[profile.release]` with LTO, codegen-units=1, strip. (5) `compressed="true"` on GResource entries. (6) SYNC comments on duplicated blur/background functions.
 
 ## 2026-03-30 – Full audit fix: security, quality, performance (v0.6.2)
 
-- **Who**: Ragnar, Dom
+- **Who**: ClaudeCode, Dom
 - **Why**: Three parallel audits (security, code quality, performance) identified 10 actionable findings across the codebase — from world-readable cache dirs to a GPU blur geometry bug to a race condition in fingerprint probing.
 - **Tradeoffs**: `too_many_arguments` Clippy warnings suppressed with `#[allow]` rather than introducing a `UiWidgets` struct — GTK's `clone!` macro with `#[weak]` refs requires individual widget parameters, a struct would fight the idiom. Async avatar loading skipped because `Pixbuf` is `!Send`; cache already prevents repeat loads. TOCTOU socket pre-check removed entirely — `connect()` in login_worker already handles errors, the `metadata()` check gave false security guarantees.
 - **How**: Cache dirs use `DirBuilder::mode(0o700)` instead of `create_dir_all`. Blur config clamped to `0.0..=200.0` with `is_finite()` guard. Blur texture cached in `Rc<RefCell<Option<gdk::Texture>>>` across monitors. FingerprintProbe device proxy cached in `GreeterState` with generation counter to prevent stale async writes. GPU blur geometry fixed (`-pad` origin shift instead of texture stretching). `is_valid_gtk_theme` extracted as testable function. 9 new tests.
 
 ## 2026-03-29 – Fingerprint authentication via greetd multi-stage PAM
 
-- **Who**: Ragnar, Dom
+- **Who**: ClaudeCode, Dom
 - **Why**: moonlock supports fprintd but moongreet rejected multi-stage auth. Users with enrolled fingerprints couldn't use them at the login screen.
 - **Tradeoffs**: Direct fprintd D-Bus verification (like moonlock) can't start a greetd session — greetd controls session creation via PAM. Using greetd multi-stage means PAM decides the auth order (fingerprint first, then password fallback), not truly parallel. Acceptable — matches standard pam_fprintd behavior.
 - **How**: Replace single-pass auth with a loop over auth_message rounds. Secret prompts get the password, non-secret prompts (fprintd) get None and block until PAM resolves. fprintd D-Bus probe (gio::DBusProxy) only for UI — detecting device availability and enrolled fingers. 60s socket timeout when fingerprint available. Config option `fingerprint-enabled` (default true).
@@ -37,7 +51,7 @@
 
 ## 2026-03-28 – GPU blur via GskBlurNode replaces CPU blur
 
-- **Who**: Ragnar, Dom
+- **Who**: ClaudeCode, Dom
 - **Why**: CPU-side Gaussian blur (`image` crate) blocked the GTK main thread for 500ms–2s on 4K wallpapers at cold cache. Disk cache and async orchestration added significant complexity.
 - **Tradeoffs**: GPU blur quality is slightly different (box-blur approximation vs true Gaussian), acceptable for wallpaper backgrounds. Removes `image` crate dependency entirely (~15 transitive crates eliminated). No disk cache needed.
 - **How**: `Snapshot::push_blur()` + `GskRenderer::render_texture()` on `connect_realize`. Blur happens once on the GPU when the widget gets its renderer, producing a concrete `gdk::Texture`. Zero startup latency. Symmetric with moonlock and moonset.

README.md

@@ -12,7 +12,7 @@ Part of the Moonarch ecosystem.
 - **Last user/session** — Remembered in `/var/cache/moongreet/`
 - **Power actions** — Reboot / Shutdown via `loginctl`
 - **Layer Shell** — Fullscreen via gtk4-layer-shell (TOP layer)
-- **Multi-monitor** — Greeter on primary, wallpaper on all monitors
+- **Multi-monitor** — Full greeter UI on all monitors (keyboard input on first)
 - **GPU blur** — Background blur via GskBlurNode (shared cache across monitors)
 - **i18n** — German and English (auto-detected from system locale)
 - **Faillock warning** — Warns after 2 failed attempts, locked message after 3

config/moongreet.toml

@@ -4,3 +4,7 @@
 [appearance]
 # Absolute path to wallpaper image
 background = "/usr/share/backgrounds/wallpaper.jpg"
+
+# GTK theme name — must match a directory in /usr/share/themes/
+# Required because GTK4 under greetd does not reliably read settings.ini
+gtk-theme = "Colloid-Grey-Dark-Catppuccin"

src/greeter.rs

@@ -188,24 +188,6 @@ fn render_blurred_texture(
     Some(renderer.render_texture(&node, Some(&viewport)))
 }
 
-/// Create a wallpaper-only window for secondary monitors.
-pub fn create_wallpaper_window(
-    texture: &gdk::Texture,
-    blur_radius: Option<f32>,
-    blur_cache: &Rc<RefCell<Option<gdk::Texture>>>,
-    app: &gtk::Application,
-) -> gtk::ApplicationWindow {
-    let window = gtk::ApplicationWindow::builder()
-        .application(app)
-        .build();
-    window.add_css_class("wallpaper");
-
-    let background = create_background_picture(texture, blur_radius, blur_cache);
-    window.set_child(Some(&background));
-
-    window
-}
-
 /// Create a Picture widget for the wallpaper background, optionally with GPU blur.
 /// Uses `blur_cache` to compute the blurred texture only once across all monitors.
 fn create_background_picture(
@@ -553,6 +535,18 @@ pub fn create_greeter_window(
     ));
     window.add_controller(key_controller);
 
+    // Grab keyboard focus after map — layer-shell keyboard grab is only
+    // confirmed by the compositor at map time, not at realize time.
+    window.connect_map(clone!(
+        #[weak]
+        password_entry,
+        move |_| {
+            glib::idle_add_local_once(move || {
+                password_entry.grab_focus();
+            });
+        }
+    ));
+
     // Defer initial user selection until realized (for correct theme colors)
     window.connect_realize(clone!(
         #[strong]

src/main.rs

@@ -63,30 +63,27 @@ fn activate(app: &gtk::Application) {
     let use_layer_shell = std::env::var("MOONGREET_NO_LAYER_SHELL").is_err();
     log::debug!("Layer shell: {use_layer_shell}");
 
-    // Main greeter window (login UI) — compositor picks focused monitor
-    let greeter_window = greeter::create_greeter_window(bg_texture.as_ref(), &config, &blur_cache, app);
     if use_layer_shell {
-        setup_layer_shell(&greeter_window, true, gtk4_layer_shell::Layer::Top);
-    }
-    greeter_window.present();
-
-    // Wallpaper-only windows on all monitors (only with layer shell)
-    if use_layer_shell
-        && let Some(ref texture) = bg_texture
-    {
+        // One greeter window per monitor — only the first gets keyboard input
         let monitors = display.monitors();
         log::debug!("Monitor count: {}", monitors.n_items());
+        let mut first = true;
         for i in 0..monitors.n_items() {
             if let Some(monitor) = monitors
                 .item(i)
                 .and_then(|obj| obj.downcast::<gdk::Monitor>().ok())
             {
-                let wallpaper = greeter::create_wallpaper_window(texture, config.background_blur, &blur_cache, app);
-                setup_layer_shell(&wallpaper, false, gtk4_layer_shell::Layer::Bottom);
-                wallpaper.set_monitor(Some(&monitor));
-                wallpaper.present();
+                let window = greeter::create_greeter_window(bg_texture.as_ref(), &config, &blur_cache, app);
+                setup_layer_shell(&window, first, gtk4_layer_shell::Layer::Top);
+                window.set_monitor(Some(&monitor));
+                window.present();
+                first = false;
             }
         }
+    } else {
+        // No layer shell — single window for development
+        let greeter_window = greeter::create_greeter_window(bg_texture.as_ref(), &config, &blur_cache, app);
+        greeter_window.present();
     }
 }