# --- core --- # Leaf CLI / editor / multiplexer / git stack / json+yaml / system viewers / # net / debug+trace / docs / secrets — all provisioned via Home-Manager # from nix/common.nix and live under ~/.nix-profile/bin (first in PATH). # What stays on pacman in this section is the pieces tightly coupled to # the distro, the system runtime (sudo-rs, base), and things needed # pre-bootstrap or by other system packages transitively. User-leaf # CLIs/daemons/docs (chezmoi, man-db/man-pages, qrencode, torsocks, # lshw, xdg-utils, syncthing) now come from nix. acpid arch-audit base btrfs-progs cpupower dosfstools fwupd iwd kernel-modules-hook linux-firmware linux-hardened linux-hardened-headers linux-lts linux-lts-headers lostfiles nfs-utils nftables ocl-icd # Provides paccache for the repo-owned cache cleanup hook under # etc/pacman.d/hooks/. pacman-contrib pkgstats rebuild-detector reflector sbctl smartmontools sudo-rs systemd-resolvconf tlp wireguard-tools zram-generator # --- bluetooth --- bluez bluez-utils ell # --- thunderbolt --- bolt # --- nix (multi-user daemon mode for hermetic per-project dev shells via # `nix develop` + direnv `use flake`. Not a replacement for pacman, # not home-manager, not NixOS — just a sandboxed second package manager # that gives every project a reproducible toolchain pinned in its own # flake.lock. Pairs with: systemd-units/system.txt (enables # nix-daemon.socket), etc/nix/nix.conf, dot_config/direnv/direnvrc, # dot_config/nix/templates/. nix-direnv itself is loaded at runtime via # direnv's source_url with a content hash, so no extra package needed.) --- nix # --- dev (system-coupled runtime only). No base-devel: AUR/makepkg is not # part of the normal system, and project toolchains come from direnv + nix # devShells. Build orchestrators, debuggers, and user CLIs live in # nix/common.nix. --- perf # links against running kernel ABI; must match kernel pkg # --- sound --- alsa-utils pipewire pipewire-alsa pipewire-jack pipewire-pulse # noisetorch # optional # --- fonts --- noto-fonts-emoji otf-font-awesome otf-latinmodern-math ttf-dejavu ttf-fira-code ttf-noto-nerd woff2-font-awesome # --- wayland session --- # Compositor (ships /usr/share/wayland-sessions/sway.desktop — login-manager # coupled, must stay on pacman). The user-leaf session tools — waybar, # fuzzel, wofi, mako, swayidle, swayr, inhibridge, bemoji, grim, # slurp, wf-recorder, wtype, wl-clipboard, cliphist, wob, # poweralertd, playerctl, pulsemixer — now come from nix/host.nix. sway # GPU/OpenGL & EGL apps kept on pacman (not nix/host.nix): nix-built GL apps # on a non-NixOS host can't find the system Mesa/DRI driver and die with # "missing OpenGL context". On pacman they link against system Mesa. ghostty # GPU/OpenGL terminal imv # OpenGL image viewer wl-mirror # EGL output mirror xdg-desktop-portal-wlr xdg-desktop-portal-gtk qt5-wayland qt6-wayland # Notifications: libnotify provides the system shared lib that other # pacman packages link against; the user-facing mako daemon is nix. libnotify # Lock screen (setuid; PAM-coupled) swaylock # Ships ZSA's upstream udev rules (50-oryx.rules, 50-wally.rules) to # /usr/lib/udev/rules.d/ so VID 3297 hidraw nodes get TAG+=uaccess. # Required for VIA / usevia.app (WebHID) and Wally flashing of the # ErgoDox EZ / Moonlander / Voyager. zsa-udev # QR (system lib used by zbarcam; the qrencode CLI is in nix/host.nix) zbar xorg-xwayland # needed for zbarcam's X11 preview # Document viewer is the org.pwmt.zathura flatpak (see meta/flatpak.txt) so # PDFs handed off from the browser/mail sandbox stay sandboxed. # Misc brightnessctl # Userspace sandbox helper (firejail-less). Used by ~/.local/bin wrappers # for mpv/yt-dlp/streamlink to hide secrets from network parsers; also # pulled transitively by flatpak. bubblewrap libfido2 qt5ct qt6ct xdg-user-dirs # --- mail (host-side bits the org.mozilla.thunderbird flatpak depends on) --- # protonmail-bridge now comes from nix/host.nix (the bridge binary + its # repo-owned user unit dot_config/systemd/user/protonmail-bridge.service). # git-send-email support is provided by nix/common.nix's git package, which # wraps git-send-email with the needed SMTP/SASL Perl libraries. # (External Editor Revived's native-messaging host is installed via nix # on the host — see nix/host.nix — so we don't pay the AUR variant's # hard `thunderbird` dependency. The bridge into the TB flatpak is # wired up by run_onchange_after_deploy-tb-eer.sh.tmpl.) # --- media (mpv is the io.mpv.Mpv flatpak in meta/flatpak.txt; streamlink # and yt-dlp now come from nix/host.nix and pipe/launch into the flatpak # mpv via `flatpak run io.mpv.Mpv`, see dot_config/streamlink/config. # Bitcoin wallet comes from nix/host.nix.) --- # --- desktop extras --- udisks2 tor # Flatpak runtime (apps tracked in meta/flatpak.txt) flatpak # Smartcard stack (cartão de cidadão reader + PKCS#11 bridge into flatpak # browsers). pcscd.socket is enabled by systemd-units/system.txt. pcsclite # itself is also needed by Home-Manager's gnupg/scdaemon (see nix/host.nix's # scdaemon.conf — points scdaemon at /usr/lib/libpcsclite.so.1). pcsclite ccid # --- OCR + STT moved to nix/host.nix --- # tesseract (+ eng/por language data merged via override) and whisper-cpp # (+ vulkan support, + inline ggml-base.bin model derivation) now come # from nix/host.nix. The ~/.local/bin/dictate script defaults to # ~/.nix-profile/share/whisper-cpp-models/ggml-base.bin (overridable via # WHISPER_MODEL).