path: root/meta/base.txt

# --- core ---
# Leaf CLI / editor / multiplexer / git stack / json+yaml / system viewers /
# net / debug+trace / docs / secrets — all provisioned via Home-Manager
# from nix/common.nix and live under ~/.nix-profile/bin (first in PATH).
# What stays on pacman in this section is the pieces tightly coupled to
# the distro (man-db/man-pages files), the system runtime (sudo-rs,
# base/base-devel), and things needed pre-bootstrap or by other system
# packages transitively.
acpid
arch-audit
base
base-devel
btrfs-progs
chezmoi
cpupower
dashbinsh
dosfstools
fwupd
iwd
kernel-modules-hook
linux
linux-firmware
linux-hardened
linux-hardened-headers
lostfiles
lshw
man-db
man-pages
nfs-utils
nftables
ocl-icd
overdue
pacman-cleanup-hook
pacman-contrib
paru
pbzip2
pigz
pkgstats
qrencode
rebuild-detector
reflector
sbctl
smartmontools
sudo-rs
systemd-resolvconf
tlp
torsocks
wireguard-tools
zram-generator

# --- bluetooth ---
bluez
bluez-utils
ell

# --- thunderbolt ---
bolt

# --- nix (multi-user daemon mode for hermetic per-project dev shells via
# `nix develop` + direnv `use flake`. Not a replacement for paru/pacman,
# not home-manager, not NixOS — just a sandboxed second package manager
# that gives every project a reproducible toolchain pinned in its own
# flake.lock. Pairs with: systemd-units/system.txt (enables
# nix-daemon.socket), etc/nix/nix.conf, dot_config/direnv/direnvrc,
# dot_config/nix/templates/. nix-direnv itself is loaded at runtime via
# direnv's source_url with a content hash, so no extra package needed.) ---
nix

# --- dev (system-coupled runtimes only — base-devel ships gcc/ld/as/make
# for general-purpose builds; the orchestrators (cmake/ninja/ccache/
# sccache), debuggers and toolchain-specific compilers/linkers live in
# nix instead. clang/lld/mold/rustup/go are intentionally absent — when
# a project needs them, the project's flake.nix + direnv `.envrc`
# provide them.) ---
perf             # links against running kernel ABI; must match kernel pkg
podman-compose
podman-docker

# --- sound ---
alsa-utils
pipewire
pipewire-alsa
pipewire-jack
pipewire-pulse
playerctl
pulsemixer
# noisetorch  # optional

# --- fonts ---
noto-fonts-emoji
otf-font-awesome
otf-latinmodern-math
ttf-dejavu
ttf-fira-code
ttf-noto-nerd
woff2-font-awesome

# --- wayland session ---
# Compositor
sway
# Auto-tile daemon: splits new containers along the focused window's
# longest side via sway IPC. Configured in ~/.config/swayr/config.toml
# ([layout].auto_tile = true). Daemon runs as swayrd.service under
# sway-session.target.
swayr
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
qt5-wayland
qt6-wayland

# Bar & launcher
waybar
fuzzel
# wofi: secondary picker used only by mako-history.sh — needs --hide-search
# and per-key custom bindings, neither of which fuzzel supports.
wofi

# Terminal
ghostty

# Notifications
mako
libnotify
poweralertd

# Lock screen
swaylock
swayidle
# Bridge browsers' org.freedesktop.ScreenSaver inhibits to systemd-inhibit
# so swayidle honors them (e.g. video calls, fullscreen video). Without
# this swayidle would still time out and lock during a Meet call.
inhibridge

# org.freedesktop.secrets D-Bus implementation backed by pass. Required
# by Signal Desktop (flatpak) and other libsecret consumers. Ships both
# a D-Bus activation file and a systemd user unit; we enable the unit
# explicitly so it's visible in `systemctl --user status`. Stores
# secrets under ~/.password-store/secret-service/.
pass-secret-service-bin

# Ships ZSA's upstream udev rules (50-oryx.rules, 50-wally.rules) to
# /usr/lib/udev/rules.d/ so VID 3297 hidraw nodes get TAG+=uaccess.
# Required for VIA / usevia.app (WebHID) and Wally flashing of the
# ErgoDox EZ / Moonlander / Voyager.
zsa-udev

# Clipboard
wl-clipboard
cliphist

# Screenshots & recording
grim
slurp
wf-recorder

# Wayland typing (used by dictate, etc)
wtype

# Emoji picker (AUR; tiny shell script, multi-backend — we drive it through wofi)
bemoji

# Image viewer
imv

# QR
zbar
xorg-xwayland # needed for zbarcam's X11 preview

# Document viewer is the org.pwmt.zathura flatpak (see meta/flatpak.txt) so
# PDFs handed off from the browser/mail sandbox stay sandboxed.

# Misc
brightnessctl
# Userspace sandbox helper (firejail-less). Used by ~/.local/bin wrappers
# for mpv/yt-dlp/streamlink to hide secrets from network parsers; also
# pulled transitively by flatpak.
bubblewrap
# Volume/brightness OSD overlay (driven by ~/.config/sway/{vol,brightness}-osd.sh
# writing percentages to $XDG_RUNTIME_DIR/wob.sock).
wob
libfido2
perl-file-mimeinfo
qt5ct
qt6ct
xdg-user-dirs
wl-mirror

# --- browser (LibreWolf flatpak; arkenfox-user.js is the host-side
# hardening overlay deployed by run_onchange_after_deploy-firefox.sh.tmpl) ---
arkenfox-user.js

# --- mail (host-side bits the org.mozilla.thunderbird flatpak depends on) ---
protonmail-bridge-core
# git send-email Perl prereqs (SMTP via local Bridge on 127.0.0.1:1025)
perl-authen-sasl
perl-mime-tools
perl-net-smtp-ssl
# Native messaging host binary for External Editor Revived; bridged into
# the TB flatpak by run_onchange_after_deploy-tb-eer.sh.tmpl.
external-editor-revived

# --- media (native mpv kept for streamlink piping and the /tmp/mpvsocket
# IPC integration; the io.mpv.Mpv flatpak (meta/flatpak.txt) is set as
# the mimeapps default for video/* so files handed off by the
# browser/mail sandbox stay sandboxed) ---
mpv
streamlink
yt-dlp

# --- desktop extras ---
syncthing
udisks2

# Flatpak runtime (apps tracked in meta/flatpak.txt)
flatpak

# Smartcard stack (cartão de cidadão reader + PKCS#11 bridge into flatpak
# browsers). pcscd.socket is enabled by systemd-units/system.txt. pcsclite
# itself is also needed by Home-Manager's gnupg/scdaemon (see nix/host.nix's
# scdaemon.conf — points scdaemon at /usr/lib/libpcsclite.so.1).
pcsclite
ccid

# OCR (used by ~/.local/bin/ocr)
tesseract
tesseract-data-eng
tesseract-data-por

# Speech-to-text (used by ~/.local/bin/dictate)
# `base` multilingual: ~142 MB, ~7-10x realtime on a 4c CPU. Override
# WHISPER_MODEL in the script's environment to use a different ggml model.
whisper.cpp-vulkan
whisper.cpp-model-base