path: root/meta/base.txt

# --- core ---
# Leaf CLI / editor / multiplexer / git stack / json+yaml / system viewers /
# net / debug+trace / docs / secrets — all provisioned via Home-Manager
# from nix/common.nix and live under ~/.nix-profile/bin (first in PATH).
# What stays on pacman in this section is the pieces tightly coupled to
# the distro (man-db/man-pages files), the system runtime (sudo-rs,
# base/base-devel), and things needed pre-bootstrap or by other system
# packages transitively. User-leaf CLIs (chezmoi, paru, qrencode,
# torsocks, lshw) now come from nix/host.nix.
acpid
arch-audit
base
base-devel
btrfs-progs
cpupower
dashbinsh
dosfstools
fwupd
iwd
kernel-modules-hook
linux-firmware
mkinitcpio-firmware
linux-hardened
linux-hardened-headers
linux-lts
linux-lts-headers
lostfiles
man-db
man-pages
nfs-utils
nftables
ocl-icd
overdue
pacman-cleanup-hook
pacman-contrib
pbzip2
pigz
pkgstats
rebuild-detector
reflector
sbctl
smartmontools
sudo-rs
systemd-resolvconf
tlp
wireguard-tools
zram-generator

# --- bluetooth ---
bluez
bluez-utils
ell

# --- thunderbolt ---
bolt

# --- nix (multi-user daemon mode for hermetic per-project dev shells via
# `nix develop` + direnv `use flake`. Not a replacement for paru/pacman,
# not home-manager, not NixOS — just a sandboxed second package manager
# that gives every project a reproducible toolchain pinned in its own
# flake.lock. Pairs with: systemd-units/system.txt (enables
# nix-daemon.socket), etc/nix/nix.conf, dot_config/direnv/direnvrc,
# dot_config/nix/templates/. nix-direnv itself is loaded at runtime via
# direnv's source_url with a content hash, so no extra package needed.) ---
nix

# --- dev (system-coupled runtimes only — base-devel ships gcc/ld/as/make
# for general-purpose builds; the orchestrators (cmake/ninja/ccache/
# sccache), debuggers and toolchain-specific compilers/linkers live in
# nix instead. clang/lld/mold/rustup/go are intentionally absent — when
# a project needs them, the project's flake.nix + direnv `.envrc`
# provide them. The podman stack (podman, crun, conmon, netavark,
# aardvark-dns, slirp4netns, passt, podman-compose, podman-docker) now
# comes from nix/common.nix — unified across host and VM.) ---
perf             # links against running kernel ABI; must match kernel pkg

# --- sound ---
alsa-utils
pipewire
pipewire-alsa
pipewire-jack
pipewire-pulse
# noisetorch  # optional

# --- fonts ---
noto-fonts-emoji
otf-font-awesome
otf-latinmodern-math
ttf-dejavu
ttf-fira-code
ttf-noto-nerd
woff2-font-awesome

# --- wayland session ---
# Compositor (ships /usr/share/wayland-sessions/sway.desktop — login-manager
# coupled, must stay on pacman). The user-leaf session tools — waybar,
# fuzzel, wofi, mako, swayidle, swayr, inhibridge, bemoji, grim,
# slurp, wf-recorder, wtype, wl-clipboard, cliphist, imv, wl-mirror, wob,
# poweralertd, playerctl, pulsemixer — now come from nix/host.nix.
sway
# ghostty: GPU/OpenGL terminal. Kept on pacman (not nix/host.nix) because
# nix-built GL apps on a non-NixOS host can't find the system Mesa/DRI
# driver and die with "missing OpenGL context".
ghostty
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
qt5-wayland
qt6-wayland

# Notifications: libnotify provides the system shared lib that other
# pacman packages link against; the user-facing mako daemon is nix.
libnotify

# Lock screen (setuid; PAM-coupled)
swaylock

# org.freedesktop.secrets D-Bus implementation backed by pass. Required
# by Signal Desktop (flatpak) and other libsecret consumers. Ships both
# a D-Bus activation file and a systemd user unit; we enable the unit
# explicitly so it's visible in `systemctl --user status`. Stores
# secrets under ~/.password-store/secret-service/.
pass-secret-service-bin

# Ships ZSA's upstream udev rules (50-oryx.rules, 50-wally.rules) to
# /usr/lib/udev/rules.d/ so VID 3297 hidraw nodes get TAG+=uaccess.
# Required for VIA / usevia.app (WebHID) and Wally flashing of the
# ErgoDox EZ / Moonlander / Voyager.
zsa-udev

# QR (system lib used by zbarcam; the qrencode CLI is in nix/host.nix)
zbar
xorg-xwayland # needed for zbarcam's X11 preview

# Document viewer is the org.pwmt.zathura flatpak (see meta/flatpak.txt) so
# PDFs handed off from the browser/mail sandbox stay sandboxed.

# Misc
brightnessctl
# Userspace sandbox helper (firejail-less). Used by ~/.local/bin wrappers
# for mpv/yt-dlp/streamlink to hide secrets from network parsers; also
# pulled transitively by flatpak.
bubblewrap
libfido2
perl-file-mimeinfo
qt5ct
qt6ct
xdg-user-dirs

# --- browser (LibreWolf flatpak; arkenfox-user.js is the host-side
# hardening overlay deployed by run_onchange_after_deploy-firefox.sh.tmpl) ---
arkenfox-user.js

# --- mail (host-side bits the org.mozilla.thunderbird flatpak depends on) ---
protonmail-bridge-core
# git send-email Perl prereqs (SMTP via local Bridge on 127.0.0.1:1025)
perl-authen-sasl
perl-mime-tools
perl-net-smtp-ssl
# (External Editor Revived's native-messaging host is installed via nix
# on the host — see nix/host.nix — so we don't pay the AUR variant's
# hard `thunderbird` dependency. The bridge into the TB flatpak is
# wired up by run_onchange_after_deploy-tb-eer.sh.tmpl.)

# --- media (mpv is the io.mpv.Mpv flatpak in meta/flatpak.txt; streamlink
# and yt-dlp now come from nix/host.nix and pipe/launch into the flatpak
# mpv via `flatpak run io.mpv.Mpv`, see dot_config/streamlink/config.
# Bitcoin wallet — sparrow — also lives in nix/host.nix.) ---

# --- desktop extras ---
syncthing
udisks2

# Flatpak runtime (apps tracked in meta/flatpak.txt)
flatpak

# Smartcard stack (cartão de cidadão reader + PKCS#11 bridge into flatpak
# browsers). pcscd.socket is enabled by systemd-units/system.txt. pcsclite
# itself is also needed by Home-Manager's gnupg/scdaemon (see nix/host.nix's
# scdaemon.conf — points scdaemon at /usr/lib/libpcsclite.so.1).
pcsclite
ccid

# --- OCR + STT moved to nix/host.nix ---
# tesseract (+ eng/por language data merged via override) and whisper-cpp
# (+ vulkan support, + inline ggml-base.bin model derivation) now come
# from nix/host.nix. The ~/.local/bin/dictate script defaults to
# ~/.nix-profile/share/whisper-cpp-models/ggml-base.bin (overridable via
# WHISPER_MODEL).