feat: apply cursor theme via GtkSettings (v0.9.0)

GTK4 under greetd does not honour XCURSOR_THEME reliably, so the greeter
showed the wrong cursor over GTK widgets on some machines. Set
gtk-cursor-theme-name / -size on GtkSettings from new [appearance] config
fields (cursor-theme, cursor-size), mirroring the gtk-theme handling and
reusing is_valid_gtk_theme validation.

Salvaged from commit 29ce185 — tagged v0.9.0 on 2026-04-24 but never
pushed. The orphan branch's keyboard refactor (v0.10.0) is discarded,
superseded by the v0.8.7 single-window fix.

CLAUDE.md

@@ -40,12 +40,12 @@ cd pkg && makepkg -sf && sudo pacman -U moongreet-git-<version>-x86_64.pkg.tar.z
 - `ipc.rs` — greetd Socket-Kommunikation (4-byte LE header + JSON)
 - `users.rs` — Benutzer aus /etc/passwd, Avatare (AccountsService + ~/.face), Symlink-Rejection
 - `sessions.rs` — Wayland/X11 Sessions aus .desktop Files
-- `power.rs` — Reboot/Shutdown via loginctl
+- `power.rs` — Reboot/Shutdown via systemctl (`--no-ask-password`)
 - `i18n.rs` — Locale-Erkennung (LANG / /etc/locale.conf) und String-Tabellen (DE/EN), alle UI- und Login-Fehlermeldungen
 - `fingerprint.rs` — fprintd D-Bus Probe (gio::DBusProxy) — Geräteerkennung und Enrollment-Check für UI-Feedback
-- `config.rs` — TOML-Config ([appearance] background, gtk-theme, fingerprint-enabled) + Wallpaper-Fallback + Blur-Validierung (finite, clamp 0–200)
+- `config.rs` — TOML-Config ([appearance] background, gtk-theme, cursor-theme, cursor-size, fingerprint-enabled) + Wallpaper-Fallback + Blur-Validierung (finite, clamp 0–200) + Cursor-Size-Validierung (range 1–256)
 - `greeter.rs` — GTK4 UI (Overlay-Layout), Login-Flow via greetd IPC (Multi-Stage-Auth für fprintd), Faillock-Warnung, Avatar-Cache, Last-User/Last-Session Persistence (0o700 Dirs, 0o600 Files)
-- `main.rs` — Entry Point, GTK App, Layer Shell Setup, Multi-Monitor mit Hotplug via `items-changed` auf Monitor-ListModel (one greeter window per monitor, first gets keyboard), systemd-journal-logger
+- `main.rs` — Entry Point, GTK App, Layer Shell Setup, ein Greeter-Fenster auf dem fokussierten Output (kein `set_monitor`), `KeyboardMode::Exclusive`, systemd-journal-logger
 - `resources/style.css` — Catppuccin-inspiriertes Theme
 
 ## Design Decisions
@@ -60,6 +60,7 @@ cd pkg && makepkg -sf && sudo pacman -U moongreet-git-<version>-x86_64.pkg.tar.z
 - **Symmetrie mit moonlock/moonset**: Gleiche Patterns (i18n, config, users, power, GResource, GPU-Blur)
 - **Session-Validierung**: Relative Pfade erlaubt (greetd löst PATH auf), nur `..`/Null-Bytes werden abgelehnt
 - **GTK-Theme-Validierung**: Nur alphanumerisch + `_-+.` erlaubt, verhindert Path-Traversal über Config
+- **Cursor-Theme via GtkSettings**: GTK4 unter greetd liest `XCURSOR_THEME` env nicht zuverlässig — Cursor wird via `gtk::Settings::set_gtk_cursor_theme_name()` gesetzt, analog zu `gtk-theme`. Gleiche Validierung (`is_valid_gtk_theme`) gegen Path-Traversal.
 - **Journal-Logging**: `systemd-journal-logger` statt File-Logging — `journalctl -t moongreet`, Debug-Level per `MOONGREET_DEBUG` Env-Var
 - **File Permissions**: Cache-Verzeichnisse 0o700 via `DirBuilder::mode()`, Cache-Dateien 0o600
 - **Testbare Persistence**: `save_*_to`/`load_*_from` Varianten mit konfigurierbarem Pfad für Unit-Tests

Cargo.lock

@@ -575,7 +575,7 @@ dependencies = [
 
 [[package]]
 name = "moongreet"
-version = "0.8.6"
+version = "0.9.0"
 dependencies = [
  "gdk-pixbuf",
  "gdk4",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "moongreet"
-version = "0.8.6"
+version = "0.9.0"
 edition = "2024"
 description = "A greetd greeter for Wayland with GTK4 and Layer Shell"
 license = "MIT"

DECISIONS.md

@@ -1,5 +1,19 @@
 # Decisions
 
+## 2026-06-02 – Cursor theme via GtkSettings, salvaged from unpushed work (v0.9.0)
+
+- **Who**: ClaudeCode, Dom
+- **Why**: On some machines the greeter showed the wrong (GTK-default) cursor. GTK4 under greetd does not honour `XCURSOR_THEME` reliably — niri renders its own pointer from the kdl `cursor` block, but GTK widgets (button hover, text-input I-beam) read `gtk-cursor-theme-name` on `GtkSettings`, which without a session settings.ini stays at the GTK default. This fix was written and tagged v0.9.0 on 2026-04-24 but never pushed — it sat in a local-only branch while the bug kept shipping. Salvaged onto main now (cherry-picked from commit 29ce185).
+- **Tradeoffs**: Adds two `[appearance]` config fields (`cursor-theme`, `cursor-size`), symmetric with the existing `gtk-theme` field. Alternative — a system-wide `/etc/gtk-4.0/settings.ini` with `gtk-cursor-theme-name=` — would couple moongreet to host GTK config and affect every GTK4 app; rejected for the same reason as `gtk-theme`.
+- **How**: `config.rs` gains `cursor_theme: Option<String>` and `cursor_size: Option<i32>` (range-validated 1–256). `greeter::create_greeter_window` applies them via `gtk::Settings::set_gtk_cursor_theme_name()` / `set_gtk_cursor_theme_size()` after the existing gtk-theme handling, reusing `is_valid_gtk_theme()`. Deployed `moongreet.toml` gains `cursor-theme = "Sweet-cursors"` + `cursor-size = 24`. The orphaned April branch (v0.9.0/v0.10.0) is otherwise discarded; its keyboard refactor is superseded by the v0.8.7 single-window fix.
+
+## 2026-06-02 – Power buttons fixed (loginctl→systemctl) + single greeter window (v0.8.7)
+
+- **Who**: ClaudeCode, Dom
+- **Why**: At the greeter the reboot and shutdown buttons always failed with "Neustart/Herunterfahren fehlgeschlagen". Root cause: `power.rs` invoked `/usr/bin/loginctl reboot|poweroff`, but `loginctl` has no such verbs (systemd 260: `Unknown command verb 'reboot'`, exit 1) — power-management verbs belong to `systemctl`. moonlock and moonset already used `systemctl`; moongreet was the outlier (moonset carried the same bug until Mar 29). The polkit rule shipped in v0.8.3 treated the wrong layer — `CanReboot` returns `yes`, polkit was never the blocker. Separately, the multi-monitor greeter (v0.8.0/v0.8.2) gave `KeyboardMode::Exclusive` to only the first enumerated monitor's window, so on a multi-output setup the user could not type the password when focused on any other output.
+- **Tradeoffs**: Dropping the per-monitor + hotplug windows leaves secondary monitors blank during login; irrelevant for a login screen (input happens on one output). Exclusive keyboard binds input to the single greeter surface regardless of pointer position — the mouse may wander to a blank output but typing always reaches the greeter (chosen over compositor-level pointer confinement). The polkit rule is kept as a harmless safety net for the agent-less greeter session; its misleading "session is inactive" comment was corrected.
+- **How**: (1) `power::reboot`/`shutdown` call `/usr/bin/systemctl --no-ask-password reboot|poweroff` (matches moonlock; `--no-ask-password` fails fast instead of hanging on a missing askpass agent). (2) `main.rs` `activate()` creates one greeter window with no `set_monitor` (compositor places it on the focused output, like moonset) and `KeyboardMode::Exclusive`; the monitor loop, `connect_items_changed` hotplug handler, and the now-unused `glib::clone`/`std::rc::Rc` imports are removed. (3) The missing journal entries were investigated and are **not** a logging bug — the greeter user delivers all priorities to journald (verified live); the two button errors were lost because boot -2 was hard-cut before journald's 5-minute sync.
+
 ## 2026-04-24 – Audit LOW fixes: stdout null, utf-8 path, debug value, hidden sessions (v0.8.6)
 
 - **Who**: ClaudeCode, Dom

config/moongreet.toml

@@ -8,3 +8,8 @@ background = "/usr/share/backgrounds/wallpaper.jpg"
 # GTK theme name — must match a directory in /usr/share/themes/
 # Required because GTK4 under greetd does not reliably read settings.ini
 gtk-theme = "Colloid-Grey-Dark-Catppuccin"
+
+# Cursor theme name — must match a directory in /usr/share/icons/
+# GTK4 under greetd does not honour XCURSOR_THEME, so set it here.
+cursor-theme = "Sweet-cursors"
+cursor-size = 24

config/polkit/50-moongreet-power.rules

@@ -1,5 +1,5 @@
 // ABOUTME: Allow the greeter user to reboot and power off without authentication.
-// ABOUTME: Required because greetd's greeter session is inactive in logind.
+// ABOUTME: Safety net for the agent-less greeter session — no askpass/polkit agent to answer a challenge.
 
 polkit.addRule(function(action, subject) {
     if (subject.user === "greeter" &&

src/config.rs

@@ -25,6 +25,10 @@ struct Appearance {
     background_blur: Option<f32>,
     #[serde(rename = "gtk-theme")]
     gtk_theme: Option<String>,
+    #[serde(rename = "cursor-theme")]
+    cursor_theme: Option<String>,
+    #[serde(rename = "cursor-size")]
+    cursor_size: Option<i32>,
     #[serde(rename = "fingerprint-enabled")]
     fingerprint_enabled: Option<bool>,
 }
@@ -35,6 +39,8 @@ pub struct Config {
     pub background_path: Option<String>,
     pub background_blur: Option<f32>,
     pub gtk_theme: Option<String>,
+    pub cursor_theme: Option<String>,
+    pub cursor_size: Option<i32>,
     pub fingerprint_enabled: bool,
 }
 
@@ -44,6 +50,8 @@ impl Default for Config {
             background_path: None,
             background_blur: None,
             gtk_theme: None,
+            cursor_theme: None,
+            cursor_size: None,
             fingerprint_enabled: true,
         }
     }
@@ -88,6 +96,16 @@ pub fn load_config(config_paths: Option<&[PathBuf]>) -> Config {
                             if appearance.gtk_theme.is_some() {
                                 merged.gtk_theme = appearance.gtk_theme;
                             }
+                            if appearance.cursor_theme.is_some() {
+                                merged.cursor_theme = appearance.cursor_theme;
+                            }
+                            if let Some(size) = appearance.cursor_size {
+                                if (1..=256).contains(&size) {
+                                    merged.cursor_size = Some(size);
+                                } else {
+                                    log::warn!("Ignoring cursor-size out of range (1–256): {size}");
+                                }
+                            }
                             if let Some(fp) = appearance.fingerprint_enabled {
                                 merged.fingerprint_enabled = fp;
                             }
@@ -104,7 +122,15 @@ pub fn load_config(config_paths: Option<&[PathBuf]>) -> Config {
         }
     }
 
-    log::debug!("Config result: background={:?}, blur={:?}, gtk_theme={:?}, fingerprint={}", merged.background_path, merged.background_blur, merged.gtk_theme, merged.fingerprint_enabled);
+    log::debug!(
+        "Config result: background={:?}, blur={:?}, gtk_theme={:?}, cursor_theme={:?}, cursor_size={:?}, fingerprint={}",
+        merged.background_path,
+        merged.background_blur,
+        merged.gtk_theme,
+        merged.cursor_theme,
+        merged.cursor_size,
+        merged.fingerprint_enabled
+    );
     merged
 }
 
@@ -331,6 +357,40 @@ mod tests {
         assert!(config.background_blur.is_none());
     }
 
+    // -- Cursor theme tests --
+
+    #[test]
+    fn load_config_cursor_theme_and_size() {
+        let dir = tempfile::tempdir().unwrap();
+        let conf = dir.path().join("moongreet.toml");
+        fs::write(
+            &conf,
+            "[appearance]\ncursor-theme = \"Sweet-cursors\"\ncursor-size = 32\n",
+        )
+        .unwrap();
+        let config = load_config(Some(&[conf]));
+        assert_eq!(config.cursor_theme.as_deref(), Some("Sweet-cursors"));
+        assert_eq!(config.cursor_size, Some(32));
+    }
+
+    #[test]
+    fn load_config_cursor_size_out_of_range_rejected() {
+        let dir = tempfile::tempdir().unwrap();
+        let conf = dir.path().join("moongreet.toml");
+        fs::write(&conf, "[appearance]\ncursor-size = 9999\n").unwrap();
+        let config = load_config(Some(&[conf]));
+        assert!(config.cursor_size.is_none());
+    }
+
+    #[test]
+    fn load_config_cursor_size_zero_rejected() {
+        let dir = tempfile::tempdir().unwrap();
+        let conf = dir.path().join("moongreet.toml");
+        fs::write(&conf, "[appearance]\ncursor-size = 0\n").unwrap();
+        let config = load_config(Some(&[conf]));
+        assert!(config.cursor_size.is_none());
+    }
+
     #[test]
     fn load_config_blur_inf_rejected() {
         let dir = tempfile::tempdir().unwrap();

src/greeter.rs

@@ -189,7 +189,7 @@ fn render_blurred_texture(
 }
 
 /// Create a Picture widget for the wallpaper background, optionally with GPU blur.
-/// Uses `blur_cache` to compute the blurred texture only once across all monitors.
+/// Uses `blur_cache` to compute the blurred texture only once and reuse it.
 fn create_background_picture(
     texture: &gdk::Texture,
     blur_radius: Option<f32>,
@@ -262,6 +262,23 @@ pub fn create_greeter_window(
         }
     }
 
+    // Apply cursor theme from config — GTK4 under greetd does not read XCURSOR_THEME
+    // reliably, so set the gtk-cursor-theme-name property directly.
+    if let Some(ref cursor) = config.cursor_theme {
+        if is_valid_gtk_theme(cursor) {
+            if let Some(settings) = gtk::Settings::default() {
+                settings.set_gtk_cursor_theme_name(Some(cursor));
+            }
+        } else {
+            log::warn!("Ignoring invalid cursor theme name: {cursor}");
+        }
+    }
+    if let Some(size) = config.cursor_size {
+        if let Some(settings) = gtk::Settings::default() {
+            settings.set_gtk_cursor_theme_size(size);
+        }
+    }
+
     let strings = load_strings(None);
     let fingerprint_enabled = config.fingerprint_enabled;
     let all_users = users::get_users(None);

src/main.rs

@@ -1,5 +1,5 @@
 // ABOUTME: Entry point for Moongreet — greetd greeter for Wayland.
-// ABOUTME: Sets up GTK Application, Layer Shell, CSS, and multi-monitor windows.
+// ABOUTME: Sets up GTK Application, Layer Shell, CSS, and a single greeter window.
 
 mod config;
 mod fingerprint;
@@ -11,11 +11,9 @@ mod sessions;
 mod users;
 
 use gdk4 as gdk;
-use glib::clone;
 use gtk4::prelude::*;
 use gtk4::{self as gtk, gio};
 use gtk4_layer_shell::LayerShell;
-use std::rc::Rc;
 fn load_css(display: &gdk::Display) {
     let css_provider = gtk::CssProvider::new();
     css_provider.load_from_resource("/dev/moonarch/moongreet/style.css");
@@ -26,13 +24,11 @@ fn load_css(display: &gdk::Display) {
     );
 }
 
-fn setup_layer_shell(window: &gtk::ApplicationWindow, keyboard: bool, layer: gtk4_layer_shell::Layer) {
+fn setup_layer_shell(window: &gtk::ApplicationWindow, layer: gtk4_layer_shell::Layer) {
     window.init_layer_shell();
     window.set_layer(layer);
     window.set_exclusive_zone(-1);
-    if keyboard {
-        window.set_keyboard_mode(gtk4_layer_shell::KeyboardMode::Exclusive);
-    }
+    window.set_keyboard_mode(gtk4_layer_shell::KeyboardMode::Exclusive);
     // Anchor to all edges for fullscreen
     window.set_anchor(gtk4_layer_shell::Edge::Top, true);
     window.set_anchor(gtk4_layer_shell::Edge::Bottom, true);
@@ -66,49 +62,15 @@ fn activate(app: &gtk::Application) {
     log::debug!("Layer shell: {use_layer_shell}");
 
     if use_layer_shell {
-        // One greeter window per monitor — only the first gets keyboard input
-        let monitors = display.monitors();
-        log::debug!("Monitor count: {}", monitors.n_items());
-        let mut first = true;
-        for i in 0..monitors.n_items() {
-            if let Some(monitor) = monitors
-                .item(i)
-                .and_then(|obj| obj.downcast::<gdk::Monitor>().ok())
-            {
-                let window = greeter::create_greeter_window(bg_texture.as_ref(), &config, &blur_cache, app);
-                setup_layer_shell(&window, first, gtk4_layer_shell::Layer::Top);
-                window.set_monitor(Some(&monitor));
-                window.present();
-                first = false;
-            }
-        }
-
-        // Handle monitor hotplug — create greeter windows for newly added monitors
-        // (without keyboard, since the primary monitor already has it)
-        let bg_texture = Rc::new(bg_texture);
-        let config = Rc::new(config);
-        monitors.connect_items_changed(clone!(
-            #[weak]
-            app,
-            #[strong]
-            blur_cache,
-            move |list, position, _removed, added| {
-                for i in position..position + added {
-                    if let Some(monitor) = list
-                        .item(i)
-                        .and_then(|obj| obj.downcast::<gdk::Monitor>().ok())
-                    {
-                        log::debug!("Monitor hotplug: creating greeter window");
-                        let window = greeter::create_greeter_window(
-                            bg_texture.as_ref().as_ref(), &config, &blur_cache, &app,
-                        );
-                        setup_layer_shell(&window, false, gtk4_layer_shell::Layer::Top);
-                        window.set_monitor(Some(&monitor));
-                        window.present();
-                    }
-                }
-            }
-        ));
+        // Single greeter window. No set_monitor — the compositor places it on the
+        // focused output (same as moonset). Exclusive keyboard binds input to this
+        // surface regardless of pointer position; the mouse may wander to other
+        // outputs but typing always reaches the greeter. The previous per-monitor
+        // approach gave keyboard only to the first monitor's window, so a user on
+        // any other output could not type the password.
+        let window = greeter::create_greeter_window(bg_texture.as_ref(), &config, &blur_cache, app);
+        setup_layer_shell(&window, gtk4_layer_shell::Layer::Top);
+        window.present();
     } else {
         // No layer shell — single window for development
         let greeter_window = greeter::create_greeter_window(bg_texture.as_ref(), &config, &blur_cache, app);

src/power.rs

@@ -1,4 +1,4 @@
-// ABOUTME: Power actions — reboot and shutdown via loginctl.
+// ABOUTME: Power actions — reboot and shutdown via systemctl.
 // ABOUTME: Wrappers around system commands for the greeter UI.
 
 use std::fmt;
@@ -99,14 +99,21 @@ fn run_command(action: &'static str, program: &str, args: &[&str]) -> Result<(),
     }
 }
 
-/// Reboot the system via loginctl.
+/// Reboot the system via systemctl.
+///
+/// `--no-ask-password` keeps systemctl from spawning an interactive askpass
+/// agent — the greeter session has none, so without it a denied authorization
+/// would hang instead of failing fast.
 pub fn reboot() -> Result<(), PowerError> {
-    run_command("reboot", "/usr/bin/loginctl", &["reboot"])
+    run_command("reboot", "/usr/bin/systemctl", &["--no-ask-password", "reboot"])
 }
 
-/// Shut down the system via loginctl.
+/// Shut down the system via systemctl.
+///
+/// `--no-ask-password` for the same reason as [`reboot`] — the agent-less
+/// greeter session has nothing to answer an authorization challenge.
 pub fn shutdown() -> Result<(), PowerError> {
-    run_command("shutdown", "/usr/bin/loginctl", &["poweroff"])
+    run_command("shutdown", "/usr/bin/systemctl", &["--no-ask-password", "poweroff"])
 }
 
 #[cfg(test)]