refactor: clean up scripts

scripts/convert-kernel-config.sh

@@ -16,12 +16,9 @@ with lib.kernel;
 {
 EOF
 
-# Extract disabled options (lines that say "# CONFIG_XXX is not set")
+# Extract disabled options 
 grep "^# CONFIG_.*is not set" "$CONFIG_FILE" | while read -r line; do
-    # Extract config name from "# CONFIG_XXX is not set"
     config_name=$(echo "$line" | sed 's/^# CONFIG_\(.*\) is not set$/\1/')
-    # Quote names that start with a number (invalid Nix syntax otherwise)
-    # Use mkForce to override NixOS defaults
     if [[ "$config_name" =~ ^[0-9] ]]; then
         echo "  \"$config_name\" = lib.mkForce no;" >> "$OUTPUT_FILE"
     else
@@ -29,7 +26,7 @@ grep "^# CONFIG_.*is not set" "$CONFIG_FILE" | while read -r line; do
     fi
 done
 
-# Close the attribute set
+
 echo "}" >> "$OUTPUT_FILE"
 
 echo "Generated $OUTPUT_FILE"

scripts/launch-vpn-app.sh

@@ -2,9 +2,7 @@
 
 # Check if running as root
 if [ "$EUID" -ne 0 ]; then
-  # Re-run as root, preserving environment
+ 
-  # doas automatically preserves some env, allowing specific ones if configured, 
-  # but for simplicity we rely on the internal command to handle env variables.
   exec doas "$0" "$@"
 fi
 
@@ -23,10 +21,7 @@ if [ "$#" -eq 0 ]; then
   exit 1
 fi
 
-# Execute in namespace as the user
+
-# We use `doas -u $USER` INSIDE the namespace to drop back to user privileges
-# We MUST explicitly pass environment variables because doas cleans them.
-# The bwrapper needs HOME, XDG_RUNTIME_DIR, etc. to function correctly.
 exec ip netns exec "$NAMESPACE" doas -u "$USER" env \
   HOME="/home/$USER" \
   USER="$USER" \