# --- core --- # Leaf CLI / editor / multiplexer / git stack / json+yaml / system viewers / # net / debug+trace / docs / secrets — all provisioned via Home-Manager # from nix/common.nix and live under ~/.nix-profile/bin (first in PATH). # What stays on pacman in this section is the pieces tightly coupled to # the distro (man-db/man-pages files), the system runtime (sudo-rs, # base/base-devel), and things needed pre-bootstrap or by other system # packages transitively. acpid arch-audit base base-devel chezmoi cpupower dashbinsh fwupd iwd kernel-modules-hook linux-firmware lostfiles lshw man-db man-pages nfs-utils nftables ocl-icd overdue pacman-cleanup-hook pacman-contrib paru pbzip2 pigz pkgstats qrencode rebuild-detector reflector sbctl smartmontools sudo-rs systemd-resolvconf tlp torsocks wireguard-tools zram-generator # --- bluetooth --- bluez bluez-utils ell # --- nix (multi-user daemon mode for hermetic per-project dev shells via # `nix develop` + direnv `use flake`. Not a replacement for paru/pacman, # not home-manager, not NixOS — just a sandboxed second package manager # that gives every project a reproducible toolchain pinned in its own # flake.lock. Pairs with: systemd-units/system.txt (enables # nix-daemon.socket), etc/nix/nix.conf, dot_config/direnv/direnvrc, # dot_config/nix/templates/. nix-direnv itself is loaded at runtime via # direnv's source_url with a content hash, so no extra package needed.) --- nix # --- dev (system-coupled runtimes only — base-devel ships gcc/ld/as/make # for general-purpose builds; the orchestrators (cmake/ninja/ccache/ # sccache), debuggers and toolchain-specific compilers/linkers live in # nix instead. clang/lld/mold/rustup/go are intentionally absent — when # a project needs them, the project's flake.nix + direnv `.envrc` # provide them.) --- perf # links against running kernel ABI; must match kernel pkg podman-compose podman-docker # --- sound --- alsa-utils pipewire pipewire-alsa pipewire-jack pipewire-pulse playerctl pulsemixer # noisetorch # optional # --- fonts --- noto-fonts-emoji otf-font-awesome otf-latinmodern-math ttf-dejavu ttf-fira-code ttf-font-awesome ttf-noto-nerd woff2-font-awesome # --- wayland session --- # Compositor sway # Auto-tile daemon: splits new containers along the focused window's # longest side via sway IPC. Configured in ~/.config/swayr/config.toml # ([layout].auto_tile = true). Daemon runs as swayrd.service under # sway-session.target. swayr xdg-desktop-portal-wlr xdg-desktop-portal-gtk qt5-wayland qt6-wayland # Bar & launcher waybar fuzzel # wofi: secondary picker used only by mako-history.sh — needs --hide-search # and per-key custom bindings, neither of which fuzzel supports. wofi # Terminal ghostty # Notifications mako libnotify poweralertd # Lock screen swaylock swayidle # Bridge browsers' org.freedesktop.ScreenSaver inhibits to systemd-inhibit # so swayidle honors them (e.g. video calls, fullscreen video). Without # this swayidle would still time out and lock during a Meet call. inhibridge # org.freedesktop.secrets D-Bus implementation backed by pass. Required # by Signal Desktop (flatpak) and other libsecret consumers. Ships both # a D-Bus activation file and a systemd user unit; we enable the unit # explicitly so it's visible in `systemctl --user status`. Stores # secrets under ~/.password-store/secret-service/. pass-secret-service-bin # Ships ZSA's upstream udev rules (50-oryx.rules, 50-wally.rules) to # /usr/lib/udev/rules.d/ so VID 3297 hidraw nodes get TAG+=uaccess. # Required for VIA / usevia.app (WebHID) and Wally flashing of the # ErgoDox EZ / Moonlander / Voyager. zsa-udev # Clipboard wl-clipboard cliphist # Screenshots & recording grim slurp wf-recorder # Wayland typing (used by dictate, etc) wtype # Emoji picker (AUR; tiny shell script, multi-backend — we drive it through wofi) bemoji # Image viewer imv # QR zbar xorg-xwayland # needed for zbarcam's X11 preview # Document viewer is the org.pwmt.zathura flatpak (see meta/flatpak.txt) so # PDFs handed off from the browser/mail sandbox stay sandboxed. # Misc brightnessctl # Volume/brightness OSD overlay (driven by ~/.config/sway/{vol,brightness}-osd.sh # writing percentages to $XDG_RUNTIME_DIR/wob.sock). wob libfido2 perl-file-mimeinfo qt5ct qt6ct xdg-user-dirs wl-mirror # --- browser (LibreWolf flatpak; arkenfox-user.js is the host-side # hardening overlay deployed by run_onchange_after_deploy-firefox.sh.tmpl) --- arkenfox-user.js # --- mail (host-side bits the org.mozilla.Thunderbird flatpak depends on) --- protonmail-bridge-core # git send-email Perl prereqs (SMTP via local Bridge on 127.0.0.1:1025) perl-authen-sasl perl-mime-tools perl-net-smtp-ssl # Native messaging host binary for External Editor Revived; bridged into # the TB flatpak by run_onchange_after_deploy-tb-eer.sh.tmpl. external-editor-revived # --- media (native mpv kept for streamlink piping and the /tmp/mpvsocket # IPC integration; the io.mpv.Mpv flatpak (meta/flatpak.txt) is set as # the mimeapps default for video/* so files handed off by the # browser/mail sandbox stay sandboxed) --- mpv streamlink yt-dlp # --- desktop extras --- syncthing udisks2 # Flatpak runtime (apps tracked in meta/flatpak.txt) flatpak # Smartcard stack (cartão de cidadão reader + PKCS#11 bridge into flatpak # browsers). pcscd.socket is enabled by systemd-units/system.txt. pcsclite # itself is also needed by Home-Manager's gnupg/scdaemon (see nix/host.nix's # scdaemon.conf — points scdaemon at /usr/lib/libpcsclite.so.1). pcsclite ccid # OCR (used by ~/.local/bin/ocr) tesseract tesseract-data-eng tesseract-data-por # Speech-to-text (used by ~/.local/bin/dictate) # `base` multilingual: ~142 MB, ~7-10x realtime on a 4c CPU. Override # WHISPER_MODEL in the script's environment to use a different ggml model. whisper.cpp-vulkan whisper.cpp-model-base