================================================================
  TechHeart PiVPN Stability Fixes
  https://techheart.life
================================================================

Companion files for "Debugging Omarchy: Three Bugs That Kept
Killing My VPN"

These files fix three issues that caused PiVPN (OpenVPN)
connections to drop every 5-15 minutes on a laptop:

  1. WiFi power save dropping UDP keepalive packets
  2. A watchdog script that unconditionally restarted
     the VPN service every 60 seconds
  3. OpenVPN config options placed inside a <ca> block
     where the parser ignores them

================================================================
FILES
================================================================

81-wifi-powersave.rules
  Udev rule that disables WiFi power save when any wlan
  interface comes up. Prevents UDP packet loss.
  Install: sudo cp 81-wifi-powersave.rules /etc/udev/rules.d/

pivpn-watchdog.sh
  Cron-based watchdog that restarts the OpenVPN service
  only when tun0 is genuinely missing, with a 30-second
  grace period to avoid race conditions during init.
  Install: cp to ~/.local/bin/, chmod +x, then add to
  ROOT crontab (sudo crontab -e) -- root is required
  because systemctl restart needs elevated privileges.
  Add: */5 * * * * /path/to/pivpn-watchdog.sh

pivpn-client.conf.example
  Example OpenVPN client config showing correct option
  placement. All options MUST be before the <ca> block.
  Replace placeholders with your own PiVPN certificates.
  Install: sudo cp to /etc/openvpn/client/pivpn.conf

nas-unmount-all.sh
  Safe NAS unmount script that uses /proc/self/mountinfo
  instead of mountpoint -q (which hangs on dead NFS).
  Edit the MOUNTS array with your mount points.

================================================================
NOTES
================================================================

- The WiFi power save fix is especially important for
  laptops with Intel WiFi (Framework, ThinkPad, etc.)
- The OpenVPN <ca> block bug is easy to introduce when
  editing configs -- always keep options BEFORE <ca>
- These fixes were tested on Arch Linux (Omarchy) with
  OpenVPN 2.6.17 and iwd/systemd-networkd
- The watchdog is optional if your VPN is stable, but
  a nice safety net for flaky connections

================================================================
