Amir Alexander Abdelbaki
dd1cd2b8c7
Policy change: graphical apps now prefer Flatpak > pacman > AUR. Non-graphical
tools keep pacman > AUR > source. This makes installed apps sandboxed, keeps
system packages clean, and gives us a single hook point (apply_flatpak_theme)
to theme every GUI app consistently.
lib/logging.sh — two new helper functions sourced by every module:
ensure_flatpak()
Checks if flatpak is installed (pacman installs it if not) and ensures the
Flathub remote is registered. Called at the top of every Flatpak script so
the module is self-contained and safe to run in any order.
apply_flatpak_theme(app_id)
Copies gtk-themes/cyberqueer/ from the Dotfiles repo into ~/.themes/, then
calls `flatpak override --user --filesystem=~/.themes:ro <id>` so the
sandbox can read it, and `flatpak override --user --env=GTK_THEME=cyberqueer
<id>` to activate it. Gracefully skips with a warning if the theme source
directory is absent.
App scripts converted (pacman/AUR → Flatpak + theme):
ardour org.ardour.Ardour
audacity org.audacityteam.Audacity
chromium org.chromium.Chromium
firefox org.mozilla.firefox
geany org.geany.Geany
gimp org.gimp.GIMP
inkscape org.inkscape.Inkscape
kate org.kde.kate
kdenlive org.kde.kdenlive
krita org.kde.krita
librewolf io.gitlab.librewolf-community.librewolf
lmms io.lmms.LMMS
localsend org.localsend.localsend
min-browser com.github.minbrowser.min
mixxx org.mixxx.Mixxx
onlyoffice org.onlyoffice.desktopeditors
openshot org.openshot.OpenShot
rdp-client org.remmina.Remmina (was pacman remmina + freerdp + libvncserver;
Flatpak bundles all protocols, including VNC and SSH tunnels)
shotcut org.shotcut.Shotcut
steam com.valvesoftware.Steam
vscodium com.vscodium.codium
wireshark org.wireshark.Wireshark
xournal com.github.xournalpp.xournalpp
zed dev.zed.Zed
zen-browser io.github.zen_browser.zen
Special cases:
blender-povray: Blender → Flatpak (org.blender.Blender) + theme; POV-Ray
stays pacman because it has no Flatpak and is a CLI renderer, not a GUI app.
prismlauncher / stuntrally: were already Flatpak installs; added
apply_flatpak_theme so they pick up the cyberqueer theme like everything else.
vesktop: switched from AUR vesktop to Flatpak dev.vencord.Vesktop. The AUR
build requires cargo and takes several minutes; the Flatpak is pre-built.
Vencord config is now deployed to ~/.var/app/dev.vencord.Vesktop/config/
(both Vencord/ and vesktop/ sub-dirs) instead of ~/.config/, which is where
the Flatpak sandbox exposes its config directory.
k8s: kubectl stays pacman (it is a CLI tool with no GUI, no Flatpak needed);
podman-desktop switches from pacman podman-desktop to Flatpak
io.podman_desktop.PodmanDesktop + theme, because it is a full GUI app.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
||
|---|---|---|
| alot | ||
| clamav | ||
| desktopenvs | ||
| docs | ||
| git | ||
| gtk-themes/cyberqueer | ||
| micro | ||
| notes | ||
| nvim | ||
| nvim.old | ||
| qt-themes/deprecated/cyberqueer | ||
| resources | ||
| setup | ||
| spotify-tui | ||
| yazi | ||
| .bashrc | ||
| .gitignore | ||
| .vimrc | ||
| .zshrc | ||
| apply-theme.sh | ||
| colors.conf | ||
| create-webapp.sh | ||
| decrypt.sh | ||
| encrypt.sh | ||
| etc-ly-config.ini | ||
| readme.md | ||
| readme.md.old | ||
| setup-creds-missing.sh | ||
| starship.toml | ||
| sysupdate.sh | ||
| update-aur-onebyone.sh | ||
| update.sh | ||
| wgq-projekt.sh | ||
| zshplugins.sh | ||
readme.md
M-Archy Dotfiles
Arch Linux · Hyprland · Wayland · CyberQueer
Production-grade Arch Linux config for network administration, development, and gaming.
Quick Start
git clone https://git.abdelbaki.eu/The_miro/Dotfiles.git ~/Dotfiles
bash ~/Dotfiles/setup/tui-install.sh
The TUI installer covers: packages, desktop environment, optional apps, and colour palette.
To add modules to an existing system: bash ~/Dotfiles/setup/install-modules.sh
Cliff Notes
- Single source of truth for colours — edit
colors.conf, runapply-theme.shto propagate everywhere. - Answerfile — generate with
setup/generate-answerfile.sh, place at/answerfile.jsonfor a fully automated install. Passwords are never stored in it. - Hostname uniqueness — the MAC address of the primary NIC is appended automatically when an answerfile hostname is set (
myhost→myhost-aabbccddee11). - LUKS encryption — backup key is auto-generated from
/dev/urandom, enrolled in a second LUKS slot, written to/_LUKS_BACKUP_KEY(root-only, inside the encrypted container). Collected by Ansible and stored on the SMBansipa-luks-keysshare (KeyAdmin-only read access). - Custom ISO —
setup/archiso/builds a live USB that can embed a pre-baked answerfile for zero-touch deployment. The live environment also includes a System Reset mode that reinstalls the root subvolume while preserving home data and FIDO2 auth keys. - FreeIPA + Keycloak + Samba container —
setup/modules/FreeipaAnsible/image/ships a singledocker compose upstack: FreeIPA for identity, Keycloak for OIDC, and Samba for scan-result and LUKS-key SMB shares. Host-group-driven policies (binary blocking, daemon enable/disable, daily scans, alert delivery) are enforced on enrolled clients every 30 minutes via Ansible-deployed timers. - Modular — core, shell, services, and desktop are independent components; pick only what you need.
Documentation
Full docs live in docs/md/ (Markdown) and docs/html/ (rendered).
| Topic | Markdown | HTML |
|---|---|---|
| Overview & repo layout | index.md | index.html |
| Installation (TUI, answerfile, ISO) | installation.md | installation.html |
| Hyprland desktop | hyprland.md | hyprland.html |
| Theming & CyberQueer palette | theming.md | theming.html |
| Optional modules & app catalogue | modules.md | modules.html |
| Custom Archiso builder | archiso.md | archiso.html |
| FreeIPA, Ansible, Keycloak & SMB | freeipa-ansible.md | freeipa-ansible.html |
| Editors (Neovim, Micro, Yazi) | editors.md | editors.html |
| Utilities (encrypt, ClamAV, updates) | utilities.md | utilities.html |
The old readme is preserved at
readme.md.old.