├── .gitignore
├── .gitmodules
├── LICENSE
├── README.md
├── art.toml
├── art
    ├── .SRCINFO
    ├── .gitignore
    └── PKGBUILD
├── gofu
    ├── .SRCINFO
    ├── .gitignore
    └── PKGBUILD
├── gron
    ├── .SRCINFO
    └── PKGBUILD
├── holodeck-arcturus.pkg.toml
├── holodeck-damogran.pkg.toml
├── holodeck-kumo.pkg.toml
├── holodeck-magrathea.pkg.toml
├── holodeck-tabibito.pkg.toml
├── holodeck-traal.pkg.toml
├── hologram-amd-ucode.pkg.toml
├── hologram-arcturus-capture-card.pkg.toml
├── hologram-base-accessible.pkg.toml
├── hologram-base-gui-minimal.pkg.toml
├── hologram-base-gui.pkg.toml
├── hologram-base.pkg.toml
├── hologram-bluetooth-audio.pkg.toml
├── hologram-borgbackup-receiver.pkg.toml
├── hologram-dev-tools-minimal.pkg.toml
├── hologram-dev-tools.pkg.toml
├── hologram-dtp.pkg.toml
├── hologram-ferm.pkg.toml
├── hologram-games.pkg.toml
├── hologram-intel-ucode.pkg.toml
├── hologram-kde-desktop.pkg.toml
├── hologram-monitoring-agents.pkg.toml
├── hologram-monitoring-client.pkg.toml
├── hologram-multimedia-base.pkg.toml
├── hologram-nix-daemon.pkg.toml
├── hologram-openssh.pkg.toml
├── hologram-sway-desktop.pkg.toml
├── hologram-uefi-bootloader-with-luks.pkg.toml
├── hologram-uefi-bootloader.pkg.toml
├── jack-autoplug
    ├── .SRCINFO
    └── PKGBUILD
├── libsvg-cairo
    ├── .SRCINFO
    └── PKGBUILD
├── libsvg
    ├── .SRCINFO
    ├── PKGBUILD
    └── libpng14.patch
├── otf-raleway
    ├── .SRCINFO
    └── PKGBUILD
├── pinfo
    ├── .SRCINFO
    ├── ChangeLog
    ├── PKGBUILD
    └── gcc10-stringop.diff
├── prometheus-minimum-viable-sd
    ├── .SRCINFO
    └── PKGBUILD
├── pwget
    ├── .SRCINFO
    └── PKGBUILD
├── pwget2
    ├── .SRCINFO
    └── PKGBUILD
├── screen-message
    ├── .SRCINFO
    └── PKGBUILD
├── src
    ├── bootstrap-devenv.sh
    └── unpack-secrets.sh
├── svg2png
    ├── .SRCINFO
    └── PKGBUILD
├── titillium-fonts
    ├── .SRCINFO
    └── PKGBUILD
├── ttf-montserrat
    ├── .SRCINFO
    └── PKGBUILD
├── units
    ├── .SRCINFO
    ├── PKGBUILD
    ├── units_currency.service
    └── units_currency.timer
├── vendor.sh
└── wev
    ├── .SRCINFO
    ├── .gitignore
    └── PKGBUILD


/.gitignore:
--------------------------------------------------------------------------------
 1 | *.tar
 2 | *.tar.*
 3 | *.zip
 4 | *.tgz
 5 | *.log
 6 | *.log.*
 7 | *.sig
 8 | *.sign
 9 | *.xz
10 | 
11 | pkg/
12 | src/
13 | !/src
14 | 
15 | repo/*.pkg.tar.xz
16 | repo/holograms.db*
17 | repo/holograms.files*
18 | 
19 | /.vendor-cache
20 | /.art-cache
21 | 


--------------------------------------------------------------------------------
/.gitmodules:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/majewsky/system-configuration/0b064a7d8b7ba89cc7a6ef1a30323969e713ad2a/.gitmodules


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                     GNU AFFERO GENERAL PUBLIC LICENSE
  2 |                        Version 3, 19 November 2007
  3 | 
  4 |  Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
  5 |  Everyone is permitted to copy and distribute verbatim copies
  6 |  of this license document, but changing it is not allowed.
  7 | 
  8 |                             Preamble
  9 | 
 10 |   The GNU Affero General Public License is a free, copyleft license for
 11 | software and other kinds of works, specifically designed to ensure
 12 | cooperation with the community in the case of network server software.
 13 | 
 14 |   The licenses for most software and other practical works are designed
 15 | to take away your freedom to share and change the works.  By contrast,
 16 | our General Public Licenses are intended to guarantee your freedom to
 17 | share and change all versions of a program--to make sure it remains free
 18 | software for all its users.
 19 | 
 20 |   When we speak of free software, we are referring to freedom, not
 21 | price.  Our General Public Licenses are designed to make sure that you
 22 | have the freedom to distribute copies of free software (and charge for
 23 | them if you wish), that you receive source code or can get it if you
 24 | want it, that you can change the software or use pieces of it in new
 25 | free programs, and that you know you can do these things.
 26 | 
 27 |   Developers that use our General Public Licenses protect your rights
 28 | with two steps: (1) assert copyright on the software, and (2) offer
 29 | you this License which gives you legal permission to copy, distribute
 30 | and/or modify the software.
 31 | 
 32 |   A secondary benefit of defending all users' freedom is that
 33 | improvements made in alternate versions of the program, if they
 34 | receive widespread use, become available for other developers to
 35 | incorporate.  Many developers of free software are heartened and
 36 | encouraged by the resulting cooperation.  However, in the case of
 37 | software used on network servers, this result may fail to come about.
 38 | The GNU General Public License permits making a modified version and
 39 | letting the public access it on a server without ever releasing its
 40 | source code to the public.
 41 | 
 42 |   The GNU Affero General Public License is designed specifically to
 43 | ensure that, in such cases, the modified source code becomes available
 44 | to the community.  It requires the operator of a network server to
 45 | provide the source code of the modified version running there to the
 46 | users of that server.  Therefore, public use of a modified version, on
 47 | a publicly accessible server, gives the public access to the source
 48 | code of the modified version.
 49 | 
 50 |   An older license, called the Affero General Public License and
 51 | published by Affero, was designed to accomplish similar goals.  This is
 52 | a different license, not a version of the Affero GPL, but Affero has
 53 | released a new version of the Affero GPL which permits relicensing under
 54 | this license.
 55 | 
 56 |   The precise terms and conditions for copying, distribution and
 57 | modification follow.
 58 | 
 59 |                        TERMS AND CONDITIONS
 60 | 
 61 |   0. Definitions.
 62 | 
 63 |   "This License" refers to version 3 of the GNU Affero General Public License.
 64 | 
 65 |   "Copyright" also means copyright-like laws that apply to other kinds of
 66 | works, such as semiconductor masks.
 67 | 
 68 |   "The Program" refers to any copyrightable work licensed under this
 69 | License.  Each licensee is addressed as "you".  "Licensees" and
 70 | "recipients" may be individuals or organizations.
 71 | 
 72 |   To "modify" a work means to copy from or adapt all or part of the work
 73 | in a fashion requiring copyright permission, other than the making of an
 74 | exact copy.  The resulting work is called a "modified version" of the
 75 | earlier work or a work "based on" the earlier work.
 76 | 
 77 |   A "covered work" means either the unmodified Program or a work based
 78 | on the Program.
 79 | 
 80 |   To "propagate" a work means to do anything with it that, without
 81 | permission, would make you directly or secondarily liable for
 82 | infringement under applicable copyright law, except executing it on a
 83 | computer or modifying a private copy.  Propagation includes copying,
 84 | distribution (with or without modification), making available to the
 85 | public, and in some countries other activities as well.
 86 | 
 87 |   To "convey" a work means any kind of propagation that enables other
 88 | parties to make or receive copies.  Mere interaction with a user through
 89 | a computer network, with no transfer of a copy, is not conveying.
 90 | 
 91 |   An interactive user interface displays "Appropriate Legal Notices"
 92 | to the extent that it includes a convenient and prominently visible
 93 | feature that (1) displays an appropriate copyright notice, and (2)
 94 | tells the user that there is no warranty for the work (except to the
 95 | extent that warranties are provided), that licensees may convey the
 96 | work under this License, and how to view a copy of this License.  If
 97 | the interface presents a list of user commands or options, such as a
 98 | menu, a prominent item in the list meets this criterion.
 99 | 
100 |   1. Source Code.
101 | 
102 |   The "source code" for a work means the preferred form of the work
103 | for making modifications to it.  "Object code" means any non-source
104 | form of a work.
105 | 
106 |   A "Standard Interface" means an interface that either is an official
107 | standard defined by a recognized standards body, or, in the case of
108 | interfaces specified for a particular programming language, one that
109 | is widely used among developers working in that language.
110 | 
111 |   The "System Libraries" of an executable work include anything, other
112 | than the work as a whole, that (a) is included in the normal form of
113 | packaging a Major Component, but which is not part of that Major
114 | Component, and (b) serves only to enable use of the work with that
115 | Major Component, or to implement a Standard Interface for which an
116 | implementation is available to the public in source code form.  A
117 | "Major Component", in this context, means a major essential component
118 | (kernel, window system, and so on) of the specific operating system
119 | (if any) on which the executable work runs, or a compiler used to
120 | produce the work, or an object code interpreter used to run it.
121 | 
122 |   The "Corresponding Source" for a work in object code form means all
123 | the source code needed to generate, install, and (for an executable
124 | work) run the object code and to modify the work, including scripts to
125 | control those activities.  However, it does not include the work's
126 | System Libraries, or general-purpose tools or generally available free
127 | programs which are used unmodified in performing those activities but
128 | which are not part of the work.  For example, Corresponding Source
129 | includes interface definition files associated with source files for
130 | the work, and the source code for shared libraries and dynamically
131 | linked subprograms that the work is specifically designed to require,
132 | such as by intimate data communication or control flow between those
133 | subprograms and other parts of the work.
134 | 
135 |   The Corresponding Source need not include anything that users
136 | can regenerate automatically from other parts of the Corresponding
137 | Source.
138 | 
139 |   The Corresponding Source for a work in source code form is that
140 | same work.
141 | 
142 |   2. Basic Permissions.
143 | 
144 |   All rights granted under this License are granted for the term of
145 | copyright on the Program, and are irrevocable provided the stated
146 | conditions are met.  This License explicitly affirms your unlimited
147 | permission to run the unmodified Program.  The output from running a
148 | covered work is covered by this License only if the output, given its
149 | content, constitutes a covered work.  This License acknowledges your
150 | rights of fair use or other equivalent, as provided by copyright law.
151 | 
152 |   You may make, run and propagate covered works that you do not
153 | convey, without conditions so long as your license otherwise remains
154 | in force.  You may convey covered works to others for the sole purpose
155 | of having them make modifications exclusively for you, or provide you
156 | with facilities for running those works, provided that you comply with
157 | the terms of this License in conveying all material for which you do
158 | not control copyright.  Those thus making or running the covered works
159 | for you must do so exclusively on your behalf, under your direction
160 | and control, on terms that prohibit them from making any copies of
161 | your copyrighted material outside their relationship with you.
162 | 
163 |   Conveying under any other circumstances is permitted solely under
164 | the conditions stated below.  Sublicensing is not allowed; section 10
165 | makes it unnecessary.
166 | 
167 |   3. Protecting Users' Legal Rights From Anti-Circumvention Law.
168 | 
169 |   No covered work shall be deemed part of an effective technological
170 | measure under any applicable law fulfilling obligations under article
171 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
172 | similar laws prohibiting or restricting circumvention of such
173 | measures.
174 | 
175 |   When you convey a covered work, you waive any legal power to forbid
176 | circumvention of technological measures to the extent such circumvention
177 | is effected by exercising rights under this License with respect to
178 | the covered work, and you disclaim any intention to limit operation or
179 | modification of the work as a means of enforcing, against the work's
180 | users, your or third parties' legal rights to forbid circumvention of
181 | technological measures.
182 | 
183 |   4. Conveying Verbatim Copies.
184 | 
185 |   You may convey verbatim copies of the Program's source code as you
186 | receive it, in any medium, provided that you conspicuously and
187 | appropriately publish on each copy an appropriate copyright notice;
188 | keep intact all notices stating that this License and any
189 | non-permissive terms added in accord with section 7 apply to the code;
190 | keep intact all notices of the absence of any warranty; and give all
191 | recipients a copy of this License along with the Program.
192 | 
193 |   You may charge any price or no price for each copy that you convey,
194 | and you may offer support or warranty protection for a fee.
195 | 
196 |   5. Conveying Modified Source Versions.
197 | 
198 |   You may convey a work based on the Program, or the modifications to
199 | produce it from the Program, in the form of source code under the
200 | terms of section 4, provided that you also meet all of these conditions:
201 | 
202 |     a) The work must carry prominent notices stating that you modified
203 |     it, and giving a relevant date.
204 | 
205 |     b) The work must carry prominent notices stating that it is
206 |     released under this License and any conditions added under section
207 |     7.  This requirement modifies the requirement in section 4 to
208 |     "keep intact all notices".
209 | 
210 |     c) You must license the entire work, as a whole, under this
211 |     License to anyone who comes into possession of a copy.  This
212 |     License will therefore apply, along with any applicable section 7
213 |     additional terms, to the whole of the work, and all its parts,
214 |     regardless of how they are packaged.  This License gives no
215 |     permission to license the work in any other way, but it does not
216 |     invalidate such permission if you have separately received it.
217 | 
218 |     d) If the work has interactive user interfaces, each must display
219 |     Appropriate Legal Notices; however, if the Program has interactive
220 |     interfaces that do not display Appropriate Legal Notices, your
221 |     work need not make them do so.
222 | 
223 |   A compilation of a covered work with other separate and independent
224 | works, which are not by their nature extensions of the covered work,
225 | and which are not combined with it such as to form a larger program,
226 | in or on a volume of a storage or distribution medium, is called an
227 | "aggregate" if the compilation and its resulting copyright are not
228 | used to limit the access or legal rights of the compilation's users
229 | beyond what the individual works permit.  Inclusion of a covered work
230 | in an aggregate does not cause this License to apply to the other
231 | parts of the aggregate.
232 | 
233 |   6. Conveying Non-Source Forms.
234 | 
235 |   You may convey a covered work in object code form under the terms
236 | of sections 4 and 5, provided that you also convey the
237 | machine-readable Corresponding Source under the terms of this License,
238 | in one of these ways:
239 | 
240 |     a) Convey the object code in, or embodied in, a physical product
241 |     (including a physical distribution medium), accompanied by the
242 |     Corresponding Source fixed on a durable physical medium
243 |     customarily used for software interchange.
244 | 
245 |     b) Convey the object code in, or embodied in, a physical product
246 |     (including a physical distribution medium), accompanied by a
247 |     written offer, valid for at least three years and valid for as
248 |     long as you offer spare parts or customer support for that product
249 |     model, to give anyone who possesses the object code either (1) a
250 |     copy of the Corresponding Source for all the software in the
251 |     product that is covered by this License, on a durable physical
252 |     medium customarily used for software interchange, for a price no
253 |     more than your reasonable cost of physically performing this
254 |     conveying of source, or (2) access to copy the
255 |     Corresponding Source from a network server at no charge.
256 | 
257 |     c) Convey individual copies of the object code with a copy of the
258 |     written offer to provide the Corresponding Source.  This
259 |     alternative is allowed only occasionally and noncommercially, and
260 |     only if you received the object code with such an offer, in accord
261 |     with subsection 6b.
262 | 
263 |     d) Convey the object code by offering access from a designated
264 |     place (gratis or for a charge), and offer equivalent access to the
265 |     Corresponding Source in the same way through the same place at no
266 |     further charge.  You need not require recipients to copy the
267 |     Corresponding Source along with the object code.  If the place to
268 |     copy the object code is a network server, the Corresponding Source
269 |     may be on a different server (operated by you or a third party)
270 |     that supports equivalent copying facilities, provided you maintain
271 |     clear directions next to the object code saying where to find the
272 |     Corresponding Source.  Regardless of what server hosts the
273 |     Corresponding Source, you remain obligated to ensure that it is
274 |     available for as long as needed to satisfy these requirements.
275 | 
276 |     e) Convey the object code using peer-to-peer transmission, provided
277 |     you inform other peers where the object code and Corresponding
278 |     Source of the work are being offered to the general public at no
279 |     charge under subsection 6d.
280 | 
281 |   A separable portion of the object code, whose source code is excluded
282 | from the Corresponding Source as a System Library, need not be
283 | included in conveying the object code work.
284 | 
285 |   A "User Product" is either (1) a "consumer product", which means any
286 | tangible personal property which is normally used for personal, family,
287 | or household purposes, or (2) anything designed or sold for incorporation
288 | into a dwelling.  In determining whether a product is a consumer product,
289 | doubtful cases shall be resolved in favor of coverage.  For a particular
290 | product received by a particular user, "normally used" refers to a
291 | typical or common use of that class of product, regardless of the status
292 | of the particular user or of the way in which the particular user
293 | actually uses, or expects or is expected to use, the product.  A product
294 | is a consumer product regardless of whether the product has substantial
295 | commercial, industrial or non-consumer uses, unless such uses represent
296 | the only significant mode of use of the product.
297 | 
298 |   "Installation Information" for a User Product means any methods,
299 | procedures, authorization keys, or other information required to install
300 | and execute modified versions of a covered work in that User Product from
301 | a modified version of its Corresponding Source.  The information must
302 | suffice to ensure that the continued functioning of the modified object
303 | code is in no case prevented or interfered with solely because
304 | modification has been made.
305 | 
306 |   If you convey an object code work under this section in, or with, or
307 | specifically for use in, a User Product, and the conveying occurs as
308 | part of a transaction in which the right of possession and use of the
309 | User Product is transferred to the recipient in perpetuity or for a
310 | fixed term (regardless of how the transaction is characterized), the
311 | Corresponding Source conveyed under this section must be accompanied
312 | by the Installation Information.  But this requirement does not apply
313 | if neither you nor any third party retains the ability to install
314 | modified object code on the User Product (for example, the work has
315 | been installed in ROM).
316 | 
317 |   The requirement to provide Installation Information does not include a
318 | requirement to continue to provide support service, warranty, or updates
319 | for a work that has been modified or installed by the recipient, or for
320 | the User Product in which it has been modified or installed.  Access to a
321 | network may be denied when the modification itself materially and
322 | adversely affects the operation of the network or violates the rules and
323 | protocols for communication across the network.
324 | 
325 |   Corresponding Source conveyed, and Installation Information provided,
326 | in accord with this section must be in a format that is publicly
327 | documented (and with an implementation available to the public in
328 | source code form), and must require no special password or key for
329 | unpacking, reading or copying.
330 | 
331 |   7. Additional Terms.
332 | 
333 |   "Additional permissions" are terms that supplement the terms of this
334 | License by making exceptions from one or more of its conditions.
335 | Additional permissions that are applicable to the entire Program shall
336 | be treated as though they were included in this License, to the extent
337 | that they are valid under applicable law.  If additional permissions
338 | apply only to part of the Program, that part may be used separately
339 | under those permissions, but the entire Program remains governed by
340 | this License without regard to the additional permissions.
341 | 
342 |   When you convey a copy of a covered work, you may at your option
343 | remove any additional permissions from that copy, or from any part of
344 | it.  (Additional permissions may be written to require their own
345 | removal in certain cases when you modify the work.)  You may place
346 | additional permissions on material, added by you to a covered work,
347 | for which you have or can give appropriate copyright permission.
348 | 
349 |   Notwithstanding any other provision of this License, for material you
350 | add to a covered work, you may (if authorized by the copyright holders of
351 | that material) supplement the terms of this License with terms:
352 | 
353 |     a) Disclaiming warranty or limiting liability differently from the
354 |     terms of sections 15 and 16 of this License; or
355 | 
356 |     b) Requiring preservation of specified reasonable legal notices or
357 |     author attributions in that material or in the Appropriate Legal
358 |     Notices displayed by works containing it; or
359 | 
360 |     c) Prohibiting misrepresentation of the origin of that material, or
361 |     requiring that modified versions of such material be marked in
362 |     reasonable ways as different from the original version; or
363 | 
364 |     d) Limiting the use for publicity purposes of names of licensors or
365 |     authors of the material; or
366 | 
367 |     e) Declining to grant rights under trademark law for use of some
368 |     trade names, trademarks, or service marks; or
369 | 
370 |     f) Requiring indemnification of licensors and authors of that
371 |     material by anyone who conveys the material (or modified versions of
372 |     it) with contractual assumptions of liability to the recipient, for
373 |     any liability that these contractual assumptions directly impose on
374 |     those licensors and authors.
375 | 
376 |   All other non-permissive additional terms are considered "further
377 | restrictions" within the meaning of section 10.  If the Program as you
378 | received it, or any part of it, contains a notice stating that it is
379 | governed by this License along with a term that is a further
380 | restriction, you may remove that term.  If a license document contains
381 | a further restriction but permits relicensing or conveying under this
382 | License, you may add to a covered work material governed by the terms
383 | of that license document, provided that the further restriction does
384 | not survive such relicensing or conveying.
385 | 
386 |   If you add terms to a covered work in accord with this section, you
387 | must place, in the relevant source files, a statement of the
388 | additional terms that apply to those files, or a notice indicating
389 | where to find the applicable terms.
390 | 
391 |   Additional terms, permissive or non-permissive, may be stated in the
392 | form of a separately written license, or stated as exceptions;
393 | the above requirements apply either way.
394 | 
395 |   8. Termination.
396 | 
397 |   You may not propagate or modify a covered work except as expressly
398 | provided under this License.  Any attempt otherwise to propagate or
399 | modify it is void, and will automatically terminate your rights under
400 | this License (including any patent licenses granted under the third
401 | paragraph of section 11).
402 | 
403 |   However, if you cease all violation of this License, then your
404 | license from a particular copyright holder is reinstated (a)
405 | provisionally, unless and until the copyright holder explicitly and
406 | finally terminates your license, and (b) permanently, if the copyright
407 | holder fails to notify you of the violation by some reasonable means
408 | prior to 60 days after the cessation.
409 | 
410 |   Moreover, your license from a particular copyright holder is
411 | reinstated permanently if the copyright holder notifies you of the
412 | violation by some reasonable means, this is the first time you have
413 | received notice of violation of this License (for any work) from that
414 | copyright holder, and you cure the violation prior to 30 days after
415 | your receipt of the notice.
416 | 
417 |   Termination of your rights under this section does not terminate the
418 | licenses of parties who have received copies or rights from you under
419 | this License.  If your rights have been terminated and not permanently
420 | reinstated, you do not qualify to receive new licenses for the same
421 | material under section 10.
422 | 
423 |   9. Acceptance Not Required for Having Copies.
424 | 
425 |   You are not required to accept this License in order to receive or
426 | run a copy of the Program.  Ancillary propagation of a covered work
427 | occurring solely as a consequence of using peer-to-peer transmission
428 | to receive a copy likewise does not require acceptance.  However,
429 | nothing other than this License grants you permission to propagate or
430 | modify any covered work.  These actions infringe copyright if you do
431 | not accept this License.  Therefore, by modifying or propagating a
432 | covered work, you indicate your acceptance of this License to do so.
433 | 
434 |   10. Automatic Licensing of Downstream Recipients.
435 | 
436 |   Each time you convey a covered work, the recipient automatically
437 | receives a license from the original licensors, to run, modify and
438 | propagate that work, subject to this License.  You are not responsible
439 | for enforcing compliance by third parties with this License.
440 | 
441 |   An "entity transaction" is a transaction transferring control of an
442 | organization, or substantially all assets of one, or subdividing an
443 | organization, or merging organizations.  If propagation of a covered
444 | work results from an entity transaction, each party to that
445 | transaction who receives a copy of the work also receives whatever
446 | licenses to the work the party's predecessor in interest had or could
447 | give under the previous paragraph, plus a right to possession of the
448 | Corresponding Source of the work from the predecessor in interest, if
449 | the predecessor has it or can get it with reasonable efforts.
450 | 
451 |   You may not impose any further restrictions on the exercise of the
452 | rights granted or affirmed under this License.  For example, you may
453 | not impose a license fee, royalty, or other charge for exercise of
454 | rights granted under this License, and you may not initiate litigation
455 | (including a cross-claim or counterclaim in a lawsuit) alleging that
456 | any patent claim is infringed by making, using, selling, offering for
457 | sale, or importing the Program or any portion of it.
458 | 
459 |   11. Patents.
460 | 
461 |   A "contributor" is a copyright holder who authorizes use under this
462 | License of the Program or a work on which the Program is based.  The
463 | work thus licensed is called the contributor's "contributor version".
464 | 
465 |   A contributor's "essential patent claims" are all patent claims
466 | owned or controlled by the contributor, whether already acquired or
467 | hereafter acquired, that would be infringed by some manner, permitted
468 | by this License, of making, using, or selling its contributor version,
469 | but do not include claims that would be infringed only as a
470 | consequence of further modification of the contributor version.  For
471 | purposes of this definition, "control" includes the right to grant
472 | patent sublicenses in a manner consistent with the requirements of
473 | this License.
474 | 
475 |   Each contributor grants you a non-exclusive, worldwide, royalty-free
476 | patent license under the contributor's essential patent claims, to
477 | make, use, sell, offer for sale, import and otherwise run, modify and
478 | propagate the contents of its contributor version.
479 | 
480 |   In the following three paragraphs, a "patent license" is any express
481 | agreement or commitment, however denominated, not to enforce a patent
482 | (such as an express permission to practice a patent or covenant not to
483 | sue for patent infringement).  To "grant" such a patent license to a
484 | party means to make such an agreement or commitment not to enforce a
485 | patent against the party.
486 | 
487 |   If you convey a covered work, knowingly relying on a patent license,
488 | and the Corresponding Source of the work is not available for anyone
489 | to copy, free of charge and under the terms of this License, through a
490 | publicly available network server or other readily accessible means,
491 | then you must either (1) cause the Corresponding Source to be so
492 | available, or (2) arrange to deprive yourself of the benefit of the
493 | patent license for this particular work, or (3) arrange, in a manner
494 | consistent with the requirements of this License, to extend the patent
495 | license to downstream recipients.  "Knowingly relying" means you have
496 | actual knowledge that, but for the patent license, your conveying the
497 | covered work in a country, or your recipient's use of the covered work
498 | in a country, would infringe one or more identifiable patents in that
499 | country that you have reason to believe are valid.
500 | 
501 |   If, pursuant to or in connection with a single transaction or
502 | arrangement, you convey, or propagate by procuring conveyance of, a
503 | covered work, and grant a patent license to some of the parties
504 | receiving the covered work authorizing them to use, propagate, modify
505 | or convey a specific copy of the covered work, then the patent license
506 | you grant is automatically extended to all recipients of the covered
507 | work and works based on it.
508 | 
509 |   A patent license is "discriminatory" if it does not include within
510 | the scope of its coverage, prohibits the exercise of, or is
511 | conditioned on the non-exercise of one or more of the rights that are
512 | specifically granted under this License.  You may not convey a covered
513 | work if you are a party to an arrangement with a third party that is
514 | in the business of distributing software, under which you make payment
515 | to the third party based on the extent of your activity of conveying
516 | the work, and under which the third party grants, to any of the
517 | parties who would receive the covered work from you, a discriminatory
518 | patent license (a) in connection with copies of the covered work
519 | conveyed by you (or copies made from those copies), or (b) primarily
520 | for and in connection with specific products or compilations that
521 | contain the covered work, unless you entered into that arrangement,
522 | or that patent license was granted, prior to 28 March 2007.
523 | 
524 |   Nothing in this License shall be construed as excluding or limiting
525 | any implied license or other defenses to infringement that may
526 | otherwise be available to you under applicable patent law.
527 | 
528 |   12. No Surrender of Others' Freedom.
529 | 
530 |   If conditions are imposed on you (whether by court order, agreement or
531 | otherwise) that contradict the conditions of this License, they do not
532 | excuse you from the conditions of this License.  If you cannot convey a
533 | covered work so as to satisfy simultaneously your obligations under this
534 | License and any other pertinent obligations, then as a consequence you may
535 | not convey it at all.  For example, if you agree to terms that obligate you
536 | to collect a royalty for further conveying from those to whom you convey
537 | the Program, the only way you could satisfy both those terms and this
538 | License would be to refrain entirely from conveying the Program.
539 | 
540 |   13. Remote Network Interaction; Use with the GNU General Public License.
541 | 
542 |   Notwithstanding any other provision of this License, if you modify the
543 | Program, your modified version must prominently offer all users
544 | interacting with it remotely through a computer network (if your version
545 | supports such interaction) an opportunity to receive the Corresponding
546 | Source of your version by providing access to the Corresponding Source
547 | from a network server at no charge, through some standard or customary
548 | means of facilitating copying of software.  This Corresponding Source
549 | shall include the Corresponding Source for any work covered by version 3
550 | of the GNU General Public License that is incorporated pursuant to the
551 | following paragraph.
552 | 
553 |   Notwithstanding any other provision of this License, you have
554 | permission to link or combine any covered work with a work licensed
555 | under version 3 of the GNU General Public License into a single
556 | combined work, and to convey the resulting work.  The terms of this
557 | License will continue to apply to the part which is the covered work,
558 | but the work with which it is combined will remain governed by version
559 | 3 of the GNU General Public License.
560 | 
561 |   14. Revised Versions of this License.
562 | 
563 |   The Free Software Foundation may publish revised and/or new versions of
564 | the GNU Affero General Public License from time to time.  Such new versions
565 | will be similar in spirit to the present version, but may differ in detail to
566 | address new problems or concerns.
567 | 
568 |   Each version is given a distinguishing version number.  If the
569 | Program specifies that a certain numbered version of the GNU Affero General
570 | Public License "or any later version" applies to it, you have the
571 | option of following the terms and conditions either of that numbered
572 | version or of any later version published by the Free Software
573 | Foundation.  If the Program does not specify a version number of the
574 | GNU Affero General Public License, you may choose any version ever published
575 | by the Free Software Foundation.
576 | 
577 |   If the Program specifies that a proxy can decide which future
578 | versions of the GNU Affero General Public License can be used, that proxy's
579 | public statement of acceptance of a version permanently authorizes you
580 | to choose that version for the Program.
581 | 
582 |   Later license versions may give you additional or different
583 | permissions.  However, no additional obligations are imposed on any
584 | author or copyright holder as a result of your choosing to follow a
585 | later version.
586 | 
587 |   15. Disclaimer of Warranty.
588 | 
589 |   THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
590 | APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
591 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
592 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
593 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
594 | PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
595 | IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
596 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
597 | 
598 |   16. Limitation of Liability.
599 | 
600 |   IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
601 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
602 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
603 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
604 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
605 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
606 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
607 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
608 | SUCH DAMAGES.
609 | 
610 |   17. Interpretation of Sections 15 and 16.
611 | 
612 |   If the disclaimer of warranty and limitation of liability provided
613 | above cannot be given local legal effect according to their terms,
614 | reviewing courts shall apply local law that most closely approximates
615 | an absolute waiver of all civil liability in connection with the
616 | Program, unless a warranty or assumption of liability accompanies a
617 | copy of the Program in return for a fee.
618 | 
619 |                      END OF TERMS AND CONDITIONS
620 | 
621 |             How to Apply These Terms to Your New Programs
622 | 
623 |   If you develop a new program, and you want it to be of the greatest
624 | possible use to the public, the best way to achieve this is to make it
625 | free software which everyone can redistribute and change under these terms.
626 | 
627 |   To do so, attach the following notices to the program.  It is safest
628 | to attach them to the start of each source file to most effectively
629 | state the exclusion of warranty; and each file should have at least
630 | the "copyright" line and a pointer to where the full notice is found.
631 | 
632 |     <one line to give the program's name and a brief idea of what it does.>
633 |     Copyright (C) <year>  <name of author>
634 | 
635 |     This program is free software: you can redistribute it and/or modify
636 |     it under the terms of the GNU Affero General Public License as published
637 |     by the Free Software Foundation, either version 3 of the License, or
638 |     (at your option) any later version.
639 | 
640 |     This program is distributed in the hope that it will be useful,
641 |     but WITHOUT ANY WARRANTY; without even the implied warranty of
642 |     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
643 |     GNU Affero General Public License for more details.
644 | 
645 |     You should have received a copy of the GNU Affero General Public License
646 |     along with this program.  If not, see <http://www.gnu.org/licenses/>.
647 | 
648 | Also add information on how to contact you by electronic and paper mail.
649 | 
650 |   If your software can interact with users remotely through a computer
651 | network, you should also make sure that it provides a way for users to
652 | get its source.  For example, if your program is a web application, its
653 | interface could display a "Source" link that leads users to an archive
654 | of the code.  There are many ways you could offer source, and different
655 | solutions will be better for different programs; see section 13 for the
656 | specific requirements.
657 | 
658 |   You should also get your employer (if you work as a programmer) or school,
659 | if any, to sign a "copyright disclaimer" for the program, if necessary.
660 | For more information on this, and how to apply and follow the GNU AGPL, see
661 | <http://www.gnu.org/licenses/>.
662 | 
663 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # system-configuration
 2 | 
 3 | This repo contains configuration for my private systems, formatted as Arch
 4 | Linux packages using my minimal configuration management tool
 5 | [Holo](https://github.com/holocm/holo).
 6 | 
 7 | ## License information
 8 | 
 9 | All the stuff that I wrote myself is licensed under AGPLv3, cf. the
10 | [LICENSE](LICENSE) file. If parts of a package or all of a package is licensed
11 | differently, the README for the individual package (found in the package's
12 | subdirectory) will usually say so.
13 | 
14 | # Contents
15 | 
16 | My naming convention draws on Holo's name and includes:
17 | 
18 | * **holograms**: General configuration packages for a certain aspect of a
19 |   system (e.g. a certain service or a certain set of tools).
20 | * **holodecks**: Specific configuration packages for a single system, such that
21 |   the whole system can be re-created by installing just that package. (Of
22 |   course, filesystems etc. still need to be set up manually; a package manager
23 |   cannot and should not do that.)
24 | 
25 | ## Tools
26 | 
27 | The [holo](holo) subdirectory contains the PKGBUILD for
28 | [Holo](https://github.com/holocm/holo) itself. It is identical to the version
29 | found in the AUR, but development happens here first usually.
30 | 
31 | Hologram packages are built with [holo-build](https://github.com/holocm/holo-build).
32 | 
33 | The package repository is built with [art](https://github.com/majewsky/art).
34 | 


--------------------------------------------------------------------------------
/art.toml:
--------------------------------------------------------------------------------
1 | [[source]]
2 | path = "/x/src/github.com/majewsky/system-configuration"
3 | 
4 | [target]
5 | path = "/x/src/github.com/majewsky/system-configuration/repo"
6 | name = "holograms"
7 | 


--------------------------------------------------------------------------------
/art/.SRCINFO:
--------------------------------------------------------------------------------
 1 | pkgbase = art
 2 | 	pkgdesc = Builds Arch Linux package repositories
 3 | 	pkgver = 2.0.1
 4 | 	pkgrel = 1
 5 | 	url = https://github.com/majewsky/art
 6 | 	arch = i686
 7 | 	arch = x86_64
 8 | 	license = GPL3
 9 | 	makedepends = go
10 | 	depends = pacman
11 | 	optdepends = holo-build: to build packages from *.pkg.toml files
12 | 	options = !strip
13 | 	source = https://github.com/majewsky/art/archive/v2.0.1.tar.gz
14 | 	sha256sums = bebc0386117dae0dbbcc4fb15b1973d7e33df1bb931cabdf4832818faeda855f
15 | 
16 | pkgname = art
17 | 
18 | 


--------------------------------------------------------------------------------
/art/.gitignore:
--------------------------------------------------------------------------------
1 | *.pkg.tar.*
2 | *.tar.gz
3 | pkg/
4 | src/
5 | 


--------------------------------------------------------------------------------
/art/PKGBUILD:
--------------------------------------------------------------------------------
 1 | pkgname='art'
 2 | pkgver=2.0.1
 3 | pkgrel=1
 4 | pkgdesc='Builds Arch Linux package repositories'
 5 | arch=('i686' 'x86_64')
 6 | url='https://github.com/majewsky/art'
 7 | license=('GPL3')
 8 | depends=('pacman') # for makepkg, repo-add, repo-remove (also satisfies dependencies on xz and gpg)
 9 | optdepends=(
10 |     'holo-build: to build packages from *.pkg.toml files'
11 | )
12 | makedepends=('go')
13 | source=("${url}/archive/v${pkgver}.tar.gz")
14 | sha256sums=('bebc0386117dae0dbbcc4fb15b1973d7e33df1bb931cabdf4832818faeda855f')
15 | 
16 | options=('!strip') # binaries are already stripped inside the Makefile
17 | 
18 | build() {
19 |     cd "${srcdir}/${pkgname}-${pkgver}"
20 |     make
21 | }
22 | 
23 | package() {
24 |     cd "${srcdir}/${pkgname}-${pkgver}"
25 |     make install DESTDIR="${pkgdir}"
26 | }
27 | 


--------------------------------------------------------------------------------
/gofu/.SRCINFO:
--------------------------------------------------------------------------------
 1 | pkgbase = gofu
 2 | 	pkgdesc = Collection of Go utilities
 3 | 	pkgver = 2021.2
 4 | 	pkgrel = 1
 5 | 	epoch = 2
 6 | 	url = https://github.com/majewsky/gofu
 7 | 	arch = x86_64
 8 | 	license = GPL3
 9 | 	makedepends = go
10 | 	source = https://github.com/majewsky/gofu/archive/v2021.2.tar.gz
11 | 	sha256sums = 0b06b9d746013f3c7267b41ab0d5eed1f174deca46c4b417ed0ff9413b832018
12 | 
13 | pkgname = gofu
14 | 
15 | 


--------------------------------------------------------------------------------
/gofu/.gitignore:
--------------------------------------------------------------------------------
1 | /gofu
2 | 


--------------------------------------------------------------------------------
/gofu/PKGBUILD:
--------------------------------------------------------------------------------
 1 | # novendor
 2 | 
 3 | pkgname=gofu
 4 | epoch=2
 5 | pkgver=2021.2
 6 | pkgrel=1
 7 | pkgdesc='Collection of Go utilities'
 8 | arch=('x86_64')
 9 | url="https://github.com/majewsky/gofu"
10 | license=('GPL3')
11 | depends=()
12 | makedepends=('go')
13 | source=("${url}/archive/v${pkgver}.tar.gz")
14 | sha256sums=('0b06b9d746013f3c7267b41ab0d5eed1f174deca46c4b417ed0ff9413b832018')
15 | 
16 | build() {
17 |   cd "${srcdir}/gofu-${pkgver}"
18 |   make
19 | }
20 | 
21 | package() {
22 |   cd "${srcdir}/gofu-${pkgver}"
23 |   make install DESTDIR="${pkgdir}"
24 | }
25 | 


--------------------------------------------------------------------------------
/gron/.SRCINFO:
--------------------------------------------------------------------------------
 1 | pkgbase = gron
 2 | 	pkgdesc = Makes JSON greppable
 3 | 	pkgver = 0.6.1
 4 | 	pkgrel = 1
 5 | 	url = https://github.com/tomnomnom/gron
 6 | 	arch = x86_64
 7 | 	license = MIT
 8 | 	makedepends = go
 9 | 	source = https://github.com/tomnomnom/gron/archive/v0.6.1.tar.gz
10 | 	sha256sums = eef150a425aa4eaa8b2e36a75ee400d4247525403f79e24ed32ccb346dc653ff
11 | 
12 | pkgname = gron
13 | 
14 | 


--------------------------------------------------------------------------------
/gron/PKGBUILD:
--------------------------------------------------------------------------------
 1 | # Maintainer: Stefan Tatschner <stefan@rumpelsepp.org>
 2 | 
 3 | pkgname=gron
 4 | pkgver=0.6.1
 5 | pkgrel=1
 6 | pkgdesc='Makes JSON greppable'
 7 | arch=('x86_64')
 8 | url="https://github.com/tomnomnom/gron"
 9 | license=('MIT')
10 | makedepends=('go')
11 | source=("https://github.com/tomnomnom/gron/archive/v$pkgver.tar.gz")
12 | sha256sums=('eef150a425aa4eaa8b2e36a75ee400d4247525403f79e24ed32ccb346dc653ff')
13 | 
14 | check() {
15 |   cd $pkgname-$pkgver
16 |   export CGO_CPPFLAGS="${CPPFLAGS}"
17 |   export CGO_CFLAGS="${CFLAGS}"
18 |   export CGO_CXXFLAGS="${CXXFLAGS}"
19 |   export CGO_LDFLAGS="${LDFLAGS}"
20 |   export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw"
21 |   go test .
22 | }
23 | 
24 | build() {
25 |   cd $pkgname-$pkgver
26 |   export CGO_CPPFLAGS="${CPPFLAGS}"
27 |   export CGO_CFLAGS="${CFLAGS}"
28 |   export CGO_CXXFLAGS="${CXXFLAGS}"
29 |   export CGO_LDFLAGS="${LDFLAGS}"
30 |   export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw"
31 |   go build -o $pkgname .
32 | }
33 | 
34 | package() {
35 |   cd $pkgname-$pkgver
36 |   install -Dm755 $pkgname "$pkgdir"/usr/bin/$pkgname
37 |   install -Dm644 completions/gron.fish "$pkgdir"/usr/share/fish/vendor_completions.d/gron.fish
38 | }
39 | 


--------------------------------------------------------------------------------
/holodeck-arcturus.pkg.toml:
--------------------------------------------------------------------------------
  1 | [package]
  2 | name        = "holodeck-arcturus"
  3 | version     = "20241030.1"
  4 | description = "holodeck: services on Arcturus"
  5 | 
  6 | requires = [
  7 |     "secrets", # this uses /usr/bin/replicator
  8 |     "hologram-sway-desktop",
  9 |     "hologram-kde-desktop", # used temporarily to work around <https://github.com/obsproject/obs-studio/issues/8170>
 10 |     "hologram-bluetooth-audio",
 11 |     "hologram-dev-tools",
 12 |     "hologram-games",
 13 |     "hologram-uefi-bootloader-with-luks",
 14 |     "hologram-dtp",
 15 |     "hologram-monitoring-client",
 16 |     "hologram-arcturus-capture-card",
 17 |     "linux-headers", # for wireguard-dkms in hologram-monitoring-client
 18 |     # support for AMD CPU
 19 |     "hologram-amd-ucode",
 20 |     # support for AMD GPU
 21 |     "xf86-video-amdgpu",
 22 |     "libva-mesa-driver",
 23 |     "vulkan-radeon",
 24 |     "lib32-vulkan-radeon",
 25 |     "vulkan-icd-loader",
 26 |     "lib32-vulkan-icd-loader",
 27 |     "mesa-libgl",
 28 |     "lib32-mesa-libgl",
 29 |     "mesa-vdpau",
 30 |     "lib32-mesa-vdpau",
 31 |     # network setup
 32 |     "wpa_supplicant",
 33 |     # scanner setup
 34 |     "sane",
 35 |     "gscan2pdf",
 36 |     # additional apps
 37 |     "mpd",
 38 | ]
 39 | 
 40 | # identity
 41 | 
 42 | [[file]]
 43 | path    = "/etc/hostname"
 44 | content = "arcturus"
 45 | 
 46 | [[file]]
 47 | path    = "/etc/profile.d/prettyprompt.sh"
 48 | content = """
 49 |     export PRETTYPROMPT_COMMONUSER=stefan
 50 |     export PRETTYPROMPT_HOSTCOLOR='0;37'
 51 | """
 52 | 
 53 | [[file]]
 54 | path    = "/etc/profile.d/hardware-video-acceleration.sh"
 55 | content = """
 56 |     export VDPAU_DRIVER=radeonsi
 57 | """
 58 | 
 59 | # network setup: systemd-networkd
 60 | 
 61 | [[file]]
 62 | path    = "/etc/systemd/network/lan.network"
 63 | content = """
 64 |     [Match]
 65 |     Name=en*
 66 | 
 67 |     [Network]
 68 |     Address=10.0.0.2/24
 69 |     Gateway=10.0.0.1
 70 |     DNS=10.0.0.1
 71 | """
 72 | 
 73 | # network setup: systemd-resolved
 74 | 
 75 | [[symlink]]
 76 | path   = "/etc/systemd/system/multi-user.target.wants/systemd-resolved.service"
 77 | target = "/usr/lib/systemd/system/systemd-resolved.service"
 78 | 
 79 | [[symlink]]
 80 | path   = "/usr/share/holo/files/50-arcturus/etc/resolv.conf"
 81 | target = "/run/systemd/resolve/resolv.conf"
 82 | 
 83 | # scanner setup: device permissions
 84 | 
 85 | [[file]]
 86 | path    = "/etc/udev/rules.d/49-custom-sane.rules"
 87 | content = '''
 88 |     # HP PhotoSmart C3180
 89 |     ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="5611", MODE="0664", GROUP="scanner", ENV{libsane_matched}="yes"
 90 | '''
 91 | 
 92 | # audio setup: never use HSP/HFP profile on Bluetooth headsets
 93 | # (i.e. prefer audio input from the mixing console instead)
 94 | #
 95 | # Inspired by: <https://wiki.archlinux.org/title/bluetooth_headset#Disable_PipeWire_HSP/HFP_profile>
 96 | # The full config file as shown there does not work, it just breaks connecting the headset entirely.
 97 | # But this single setting does what I need.
 98 | [[file]]
 99 | path = "/etc/wireplumber/wireplumber.conf.d/50-bluez.conf"
100 | content = '''
101 |     monitor.bluez.properties = {
102 |         bluez5.hfphsp-backend = "none"
103 |     }
104 | '''
105 | 


--------------------------------------------------------------------------------
/holodeck-damogran.pkg.toml:
--------------------------------------------------------------------------------
  1 | [package]
  2 | name        = "holodeck-damogran"
  3 | version     = "20220703.3"
  4 | description = "holodeck: services on Damogran"
  5 | 
  6 | requires = [
  7 |     "secrets", # this uses /usr/bin/replicator
  8 |     "hologram-base-accessible",
  9 |     "hologram-uefi-bootloader",
 10 |     "hologram-monitoring-client",
 11 |     "hologram-borgbackup-receiver",
 12 |     # network setup (local DHCP, local DNS, wireless AP, NAT from internal networks to external internet)
 13 |     "dnsmasq",
 14 |     "iptables",
 15 | ]
 16 | 
 17 | ################################################################################
 18 | # identity
 19 | 
 20 | [[file]]
 21 | path    = "/etc/hostname"
 22 | content = "damogran"
 23 | 
 24 | [[file]]
 25 | path    = "/etc/profile.d/prettyprompt.sh"
 26 | content = """
 27 | export PRETTYPROMPT_COMMONUSER=stefan
 28 | export PRETTYPROMPT_HOSTCOLOR='0;35'
 29 | """
 30 | 
 31 | ################################################################################
 32 | # mask mdmonitor.service (this shows up in `systemctl --failed` otherwise)
 33 | 
 34 | [[symlink]]
 35 | path   = "/etc/systemd/system/mdmonitor.service"
 36 | target = "/dev/null"
 37 | 
 38 | ################################################################################
 39 | # network setup: systemd-{networkd,resolved} to configure interfaces and upstream DNS
 40 | 
 41 | [[symlink]]
 42 | path   = "/etc/systemd/system/multi-user.target.wants/systemd-resolved.service"
 43 | target = "/usr/lib/systemd/system/systemd-resolved.service"
 44 | 
 45 | [[file]]
 46 | path    = "/etc/systemd/network/lan.network"
 47 | content = """
 48 |     [Match]
 49 |     Name={{.Vars.interfaces.lan}}
 50 | 
 51 |     [Network]
 52 |     Description=Internal LAN
 53 |     Address=10.0.0.1/24
 54 |     IPForward=ipv4
 55 | 
 56 |     [Address]
 57 |     # blackhole IP (traffic to this subnet is rejected)
 58 |     Address=10.0.13.13/32
 59 | """
 60 | [[symlink]]
 61 | path   = "/usr/share/holo/files/50-damogran-vars/etc/systemd/network/lan.network.holoscript"
 62 | target = "/usr/bin/replicator"
 63 | 
 64 | [[file]]
 65 | path    = "/etc/systemd/network/wan.network"
 66 | content = """
 67 |     [Match]
 68 |     Name={{.Vars.interfaces.wan}}
 69 | 
 70 |     [Network]
 71 |     Description=External Network (Internet)
 72 |     DHCP=ipv4
 73 | """
 74 | [[symlink]]
 75 | path   = "/usr/share/holo/files/50-damogran-vars/etc/systemd/network/wan.network.holoscript"
 76 | target = "/usr/bin/replicator"
 77 | 
 78 | ################################################################################
 79 | # network setup: an iptables ruleset acts as firewall
 80 | 
 81 | [[symlink]]
 82 | path   = "/etc/systemd/system/multi-user.target.wants/iptables.service"
 83 | target = "/usr/lib/systemd/system/iptables.service"
 84 | 
 85 | [[file]]
 86 | path = "/etc/sysctl.d/90-firewall.conf"
 87 | content = """
 88 |     # filter spoofing of local source addresses from internet locations
 89 |     net.ipv4.conf.all.rp_filter = 1
 90 |     # enable IPv4 forwarding (NAT)
 91 |     net.ipv4.ip_forward = 1
 92 |     net.ipv4.conf.all.forwarding = 1
 93 |     net.ipv4.conf.default.forwarding = 1
 94 |     net.ipv4.conf.{{.Vars.interfaces.lan}}.forwarding = 1
 95 |     net.ipv4.conf.{{.Vars.interfaces.wan}}.forwarding = 1
 96 | 
 97 |     # disable IPv6 for internet-facing interfaces
 98 |     net.ipv6.conf.{{.Vars.interfaces.wan}}.disable_ipv6 = 1
 99 | """
100 | [[symlink]]
101 | path   = "/usr/share/holo/files/50-damogran-vars/etc/sysctl.d/90-firewall.conf.holoscript"
102 | target = "/usr/bin/replicator"
103 | 
104 | [[file]]
105 | path = "/usr/share/holo/files/50-damogran/etc/iptables/iptables.rules"
106 | content = """
107 |     *filter
108 | 
109 |     # standard chains
110 |     :INPUT DROP [0:0]
111 |     :FORWARD DROP [0:0]
112 |     :OUTPUT ACCEPT [0:0]
113 |     # chains for accepting incoming connections
114 |     :TCP - [0:0]
115 |     :UDP - [0:0]
116 | 
117 | 
118 | 
119 |     # accept traffic on established connections
120 |     -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
121 |     # accept all local traffic
122 |     -A INPUT -i lo -j ACCEPT
123 |     # drop all invalid traffic (esp. to avoid attacks from the internet)
124 |     -A INPUT -m conntrack --ctstate INVALID -j DROP
125 |     # accept pings from everywhere
126 |     -A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
127 |     # block traffic to blackhole IP
128 |     -A INPUT --dest 10.0.13.13 -j REJECT --reject-with icmp-port-unreachable
129 |     # attach chains for checking incoming connections
130 |     -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
131 |     -A INPUT -p tcp -m tcp --syn -m conntrack --ctstate NEW -j TCP
132 |     # reject unwanted connections
133 |     -A INPUT -p tcp -j REJECT --reject-with tcp-reset
134 |     -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
135 |     -A INPUT -j REJECT --reject-with icmp-proto-unreachable
136 | 
137 |     # allow SSH via intranet and Wireguard
138 |     -A TCP -i wg-monitoring -p tcp -m tcp --dport 22 -j ACCEPT
139 |     -A TCP -i {{.Vars.interfaces.lan}} -p tcp -m tcp --dport 22 -j ACCEPT
140 |     # allow Prometheus scraping via Wireguard
141 |     -A TCP -i wg-monitoring -p tcp -m tcp --dport 9100 -j ACCEPT
142 | 
143 |     # allow intranet DNS
144 |     -A UDP -i {{.Vars.interfaces.lan}} -p udp -m udp --dport 53 -j ACCEPT
145 |     # allow intranet DHCP
146 |     -A UDP -i {{.Vars.interfaces.lan}} -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
147 |     # allow public Wireguard
148 |     -A UDP -p udp -m udp --dport {{.Vars.wg.port}} -j ACCEPT
149 | 
150 |     # accept traffic on established connections
151 |     -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
152 |     # accept forwarding connections from intranet to public
153 |     -A FORWARD -i {{.Vars.interfaces.lan}} -j ACCEPT
154 |     # reject unwanted connections
155 |     -A FORWARD -j REJECT --reject-with icmp-host-unreachable
156 | 
157 |     COMMIT
158 |     *nat
159 | 
160 |     # standard chains for NAT
161 |     :PREROUTING ACCEPT [0:0]
162 |     :INPUT ACCEPT [0:0]
163 |     :OUTPUT ACCEPT [0:0]
164 |     :POSTROUTING ACCEPT [0:0]
165 | 
166 |     # establish forwarding connections from intranet (IP range) to public ({{.Vars.interfaces.wan}})
167 |     -A POSTROUTING -s 10.0.0.0/24 -o {{.Vars.interfaces.wan}} -j MASQUERADE
168 | 
169 |     COMMIT
170 | """
171 | [[symlink]]
172 | path   = "/usr/share/holo/files/50-damogran-vars/etc/iptables/iptables.rules.holoscript"
173 | target = "/usr/bin/replicator"
174 | 
175 | ################################################################################
176 | # network setup: dnsmasq to provide DHCP and DNS in the internal networks
177 | 
178 | [[symlink]]
179 | path   = "/etc/systemd/system/multi-user.target.wants/dnsmasq.service"
180 | target = "/usr/lib/systemd/system/dnsmasq.service"
181 | 
182 | [[file]]
183 | path    = "/etc/systemd/system/dnsmasq.service.d/reorder.conf"
184 | content = """
185 |     [Unit]
186 |     After=systemd-resolved.service
187 |     Requires=systemd-resolved.service
188 | """
189 | 
190 | [[file]]
191 | path    = "/usr/share/holo/files/50-damogran/etc/dnsmasq.conf"
192 | content = """
193 |     # bind DHCP and DNS servers to all interfaces except external internet
194 |     bind-interfaces
195 |     except-interface={{.Vars.interfaces.wan}}
196 | 
197 |     # allocate IPv4 ranges for DHCP
198 |     dhcp-range=10.0.0.100,10.0.0.199,12h
199 |     # assign static IPs to well-known hosts
200 |     {{ range $host, $cfg := .Vars.hosts }}{{ if $cfg.mac }}
201 |     dhcp-host={{$cfg.mac}},{{$cfg.ip}}
202 |     {{ end }}{{ end }}
203 |     # speed up DHCP by allowing dnsmasq to reject unknown leases
204 |     dhcp-authoritative
205 | 
206 |     # upstream DNS
207 |     server={{.Vars.dns.upstream}}
208 |     # local DNS overrides
209 |     address=/damogran.local/10.0.0.1
210 |     {{- range $host, $cfg := .Vars.hosts }}
211 |     address=/{{$host}}/{{$cfg.ip}}
212 |     {{- end }}
213 | 
214 |     dnssec
215 |     trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
216 | 
217 |     # adblock
218 |     addn-hosts=/var/cache/adblock/hosts.txt
219 | """
220 | [[symlink]]
221 | path   = "/usr/share/holo/files/50-damogran-vars/etc/dnsmasq.conf.holoscript"
222 | target = "/usr/bin/replicator"
223 | 
224 | # break cyclic dependency between dnsmasq and adblock-sync with an initial
225 | # empty host list (dnsmasq needs the host list generated by adblock-sync, which
226 | # can only download the public host lists when dnsmasq is running)
227 | [[action]]
228 | on     = "setup"
229 | script = """
230 |     if [ ! -f /var/cache/adblock/hosts.txt ]; then
231 |         touch /var/cache/adblock/hosts.txt
232 |         chown dnsmasq:dnsmasq /var/cache/adblock/hosts.txt
233 |     fi
234 | """
235 | 
236 | ################################################################################
237 | # network setup: DNS-level adblocking using dnsmasq
238 | 
239 | [[file]]
240 | path    = "/usr/lib/adblock-sync.sh"
241 | mode    = "0755"
242 | content = '''
243 |     #!/bin/bash
244 |     cd /var/cache/adblock/
245 | 
246 |     # source: https://github.com/pi-hole/pi-hole/blob/963eacfe0537a7abddf30441c754c67ca1e40965/gravity.sh
247 |     sources=(
248 |         'https://adaway.org/hosts.txt'
249 |         'http://adblock.gjtech.net/?format=unix-hosts'
250 |         # 'http://adblock.mahakala.is/'
251 |         'http://hosts-file.net/.%5Cad_servers.txt'
252 |         'http://www.malwaredomainlist.com/hostslist/hosts.txt'
253 |         'http://pgl.yoyo.org/adservers/serverlist.php?'
254 |         'http://someonewhocares.org/hosts/hosts'
255 |         'http://winhelp2002.mvps.org/hosts.txt'
256 |     )
257 | 
258 |     # query all sources
259 |     i=0
260 |     for s in ${sources[@]}; do
261 |         i=$((i+1))
262 |         wget -O hosts-$i.txt.new "$s" && mv hosts-$i.txt.new hosts-$i.txt
263 |     done
264 | 
265 |     # select hostnames from hosts files (sed removes the IP, removes comments and trailing whitespace)
266 |     for file in hosts-?.txt; do
267 |         grep -E '^(127\.0\.0\.1|0\.0\.0\.0)\s' $file | sed 's/^\S*\s\+//;s/#.*//;s/\s\+$//'
268 |     # now generate a single addn-hosts file (sed adds the target, a blackhole IP configured on this host)
269 |     done | sort -u | grep -Ev '^local(host(.localdomain)?)?$' | sed 's/^/10.0.13.13 /' > hosts.txt
270 | '''
271 | 
272 | [[directory]]
273 | path  = "/var/cache/adblock"
274 | owner = "dnsmasq"
275 | group = "dnsmasq"
276 | 
277 | [[file]]
278 | path    = "/usr/lib/systemd/system/adblock-sync.service"
279 | content = """
280 |     [Unit]
281 |     Description=Generate domain-level adblock list
282 |     After=network-online.target
283 | 
284 |     [Service]
285 |     Type=oneshot
286 |     ExecStart=/usr/lib/adblock-sync.sh
287 |     ExecStartPost=/usr/bin/systemctl reload dnsmasq.service
288 |     User=dnsmasq
289 |     PermissionsStartOnly=true
290 | """
291 | 
292 | [[file]]
293 | path    = "/usr/lib/systemd/system/adblock-sync.timer"
294 | content = """
295 |     [Unit]
296 |     Description=Renew domain-level adblock list weekly
297 |     After=network-online.target dnsmasq.service
298 |     Wants=network-online.target dnsmasq.service
299 | 
300 |     [Timer]
301 |     OnBootSec=10s
302 |     OnUnitActiveSec=1w
303 | 
304 |     [Install]
305 |     WantedBy=timers.target
306 | """
307 | 
308 | [[symlink]]
309 | path   = "/etc/systemd/system/timers.target.wants/adblock-sync.timer"
310 | target = "/usr/lib/systemd/system/adblock-sync.timer"
311 | 


--------------------------------------------------------------------------------
/holodeck-kumo.pkg.toml:
--------------------------------------------------------------------------------
  1 | [package]
  2 | name        = "holodeck-kumo"
  3 | version     = "1.0.1"
  4 | description = "holodeck: Kumo is my workstation VM in SAP Cloud Infrastructure"
  5 | 
  6 | requires = [
  7 |   "hologram-base-accessible",
  8 |   "hologram-dev-tools-minimal",
  9 |   "hologram-nix-daemon",
 10 |   # hardware support
 11 |   "hologram-uefi-bootloader",
 12 |   "open-vm-tools",
 13 |   # assorted tools
 14 |   "docker",
 15 |   "ipython",
 16 |   "pgcli",
 17 |   "postgresql",
 18 |   "python-pip",
 19 |   "python-virtualenv",
 20 |   "rfc",
 21 |   "sshuttle",
 22 |   "trivy",
 23 |   "vault",
 24 | ]
 25 | 
 26 | ################################################################################
 27 | # base identity
 28 | 
 29 | [[file]]
 30 | path    = "/etc/hostname"
 31 | content = "kumo"
 32 | 
 33 | [[file]]
 34 | path    = "/etc/profile.d/prettyprompt.sh"
 35 | content = '''
 36 |   export PRETTYPROMPT_COMMONUSER=stefan
 37 |   export PRETTYPROMPT_HOSTCOLOR='0;33'
 38 | '''
 39 | 
 40 | # git identity
 41 | [[file]]
 42 | path    = "/usr/share/holo/files/20-sap-office/etc/gitconfig"
 43 | content = '''
 44 |   [user]
 45 |   name = Stefan Majewsky
 46 |   email = stefan.majewsky@sap.com
 47 | '''
 48 | 
 49 | # do not attempt to sign packages (work machines do not get my personal private keys)
 50 | [[file]]
 51 | path    = "/usr/share/holo/files/20-sap-office/etc/makepkg.conf.holoscript"
 52 | mode    = "0755"
 53 | content = '''
 54 |   #!/bin/sh
 55 |   sed '
 56 |     # disable package signing
 57 |     /^BUILDENV=/s/sign/!sign/
 58 |     # remove package signing key
 59 |     s/^GPGKEY=.*/GPGKEY=""/
 60 |   '
 61 | '''
 62 | 
 63 | [[file]]
 64 | path = "/usr/share/holo/ssh-keys/stefan/work.pub"
 65 | content = '''
 66 |   ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPjg4a8jDN94gz8HcNftV+QZDQKAfvrKtOskDqtsaBoY stefan@work
 67 | '''
 68 | 
 69 | ################################################################################
 70 | # virtualized hardware support
 71 | 
 72 | [[symlink]]
 73 | path = "/etc/systemd/system/multi-user.target.wants/vmtoolsd.service"
 74 | target = "/usr/lib/systemd/system/vmtoolsd.service"
 75 | 
 76 | [[symlink]]
 77 | path = "/etc/systemd/system/multi-user.target.wants/vmware-vmblock-fuse.service"
 78 | target = "/usr/lib/systemd/system/vmware-vmblock-fuse.service"
 79 | 
 80 | ################################################################################
 81 | # filesystem setup
 82 | 
 83 | # This VM does not install our usual `secrets` package, so we plug into
 84 | # replicator "manually" here. (TODO: replace disk paths with UUIDs)
 85 | [[file]]
 86 | path = "/etc/replicator.d/holodeck-kumo.toml"
 87 | content = '''
 88 |   [[fstab]]
 89 |   source = "/dev/sda2"
 90 |   target = "/"
 91 |   fstype = "ext4"
 92 |   options = "rw,relatime"
 93 | 
 94 |   [[fstab]]
 95 |   source = "/dev/sda1"
 96 |   target = "/boot"
 97 |   fstype = "vfat"
 98 |   options = "rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro"
 99 | '''
100 | 
101 | ################################################################################
102 | # network setup
103 | 
104 | # this config taken from what the default Ubuntu image sets up
105 | [[file]]
106 | path    = "/etc/systemd/network/ethernet.network"
107 | content = '''
108 |   [Match]
109 |   Name=en*
110 | 
111 |   [Network]
112 |   DHCP=ipv4
113 |   LinkLocalAddressing=ipv6
114 | 
115 |   [DHCP]
116 |   RouteMetric=100
117 |   UseMTU=true
118 | '''
119 | 
120 | # systemd-resolved
121 | [[symlink]]
122 | path   = "/etc/systemd/system/multi-user.target.wants/systemd-resolved.service"
123 | target = "/usr/lib/systemd/system/systemd-resolved.service"
124 | 
125 | [[symlink]]
126 | path   = "/usr/share/holo/files/50-kumo/etc/resolv.conf"
127 | target = "/run/systemd/resolve/resolv.conf"
128 | 
129 | ################################################################################
130 | # misc. services
131 | 
132 | [[user]]
133 | name   = "stefan"
134 | groups = ["docker"]
135 | 
136 | [[symlink]]
137 | path   = "/etc/systemd/system/multi-user.target.wants/docker.service"
138 | target = "/usr/lib/systemd/system/docker.service"
139 | 


--------------------------------------------------------------------------------
/holodeck-magrathea.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "holodeck-magrathea"
 3 | version     = "1.2.2"
 4 | description = "holodeck: services on Magrathea (traveling Minecraft LAN server)"
 5 | 
 6 | requires = [
 7 |     "hologram-base-accessible",
 8 |     "hologram-uefi-bootloader",
 9 |     "hologram-minecraft-server",
10 |     # optional: tools for initial setup via Wifi
11 |     "dhcpcd",
12 |     "wpa_supplicant",
13 | ]
14 | 
15 | [[file]]
16 | path    = "/etc/hostname"
17 | content = "magrathea"
18 | 
19 | [[file]]
20 | path    = "/etc/profile.d/prettyprompt.sh"
21 | content = """
22 | export PRETTYPROMPT_COMMONUSER=stefan
23 | export PRETTYPROMPT_HOSTCOLOR='0;31'
24 | """
25 | 
26 | # boot: add "nomodeset" kernel parameter (tty1 stays all black without this)
27 | 
28 | [[file]]
29 | path    = "/usr/share/holo/files/50-magrathea/boot/loader/entries/arch.conf.holoscript"
30 | mode    = "0755"
31 | content = """
32 |     #!/bin/sed -f
33 |     /^options/s/$/ nomodeset/
34 | """
35 | 
36 | # network setup: systemd-networkd and systemd-resolved
37 | 
38 | [[file]]
39 | path    = "/etc/systemd/network/lan.network"
40 | content = """
41 |     [Match]
42 |     Name=en*
43 | 
44 |     [Network]
45 |     DHCP=yes
46 | 
47 |     [Address]
48 |     Address=10.0.0.42/24
49 | 
50 |     [Address]
51 |     Address=192.168.0.42/24
52 | 
53 |     [Address]
54 |     Address=192.168.1.42/24
55 | """
56 | 
57 | [[symlink]]
58 | path   = "/etc/systemd/system/multi-user.target.wants/systemd-resolved.service"
59 | target = "/usr/lib/systemd/system/systemd-resolved.service"
60 | 
61 | [[symlink]]
62 | path   = "/usr/share/holo/files/50-magrathea/etc/resolv.conf"
63 | target = "/run/systemd/resolve/resolv.conf"
64 | 


--------------------------------------------------------------------------------
/holodeck-tabibito.pkg.toml:
--------------------------------------------------------------------------------
  1 | [package]
  2 | name        = "holodeck-tabibito"
  3 | version     = "20240702.1"
  4 | description = "holodeck: services on Tabibito"
  5 | 
  6 | requires = [
  7 |     "hologram-sway-desktop",
  8 |     "hologram-bluetooth-audio",
  9 |     "hologram-monitoring-client",
 10 |     "hologram-dev-tools",
 11 |     "hologram-games",
 12 |     "hologram-dtp",
 13 |     "hologram-uefi-bootloader-with-luks",
 14 |     # basic hardware support
 15 |     "hologram-intel-ucode",
 16 |     "wpa_supplicant",
 17 |     "xf86-input-synaptics",
 18 |     # support for Intel GPU
 19 |     "xf86-video-intel",
 20 |     "libva-vdpau-driver",
 21 |     "vulkan-intel",
 22 |     "lib32-vulkan-intel",
 23 |     "vulkan-icd-loader",
 24 |     "lib32-vulkan-icd-loader",
 25 |     "mesa-libgl",
 26 |     "lib32-mesa-libgl",
 27 |     "intel-media-driver",
 28 |     # applications
 29 |     "libreoffice-still",
 30 |     "mpd",
 31 |     # TODO: tlp or powertop
 32 | ]
 33 | 
 34 | # identity
 35 | [[file]]
 36 | path    = "/etc/hostname"
 37 | content = "tabibito"
 38 | 
 39 | [[file]]
 40 | path    = "/etc/profile.d/prettyprompt.sh"
 41 | content = """
 42 | export PRETTYPROMPT_COMMONUSER=stefan
 43 | export PRETTYPROMPT_HOSTCOLOR='0;34'
 44 | """
 45 | 
 46 | # network setup: systemd-networkd
 47 | [[file]]
 48 | path    = "/etc/systemd/network/dhcp.network"
 49 | content = """
 50 |     [Match]
 51 |     Name=wl* en*
 52 | 
 53 |     [Network]
 54 |     Description=Use DHCP on physical interfaces
 55 |     DHCP=yes
 56 | 
 57 |     [DHCP]
 58 |     UseDomains=true
 59 | 
 60 |     # the company network's DHCP advertises NTP servers that are bogus and do not work
 61 |     [DHCPv4]
 62 |     UseNTP=false
 63 | """
 64 | 
 65 | # network setup: systemd-resolved
 66 | [[symlink]]
 67 | path   = "/etc/systemd/system/multi-user.target.wants/systemd-resolved.service"
 68 | target = "/usr/lib/systemd/system/systemd-resolved.service"
 69 | 
 70 | [[symlink]]
 71 | path   = "/usr/share/holo/files/50-tabibito/etc/resolv.conf"
 72 | target = "/run/systemd/resolve/resolv.conf"
 73 | 
 74 | # network setup: wpa_supplicant
 75 | [[file]]
 76 | path = "/etc/wpa_supplicant/wpa_supplicant-wlp170s0.conf"
 77 | contentFrom = "/dev/null"
 78 | [[file]]
 79 | path    = "/usr/share/holo/files/50-tabibito/etc/wpa_supplicant/wpa_supplicant-wlp170s0.conf.holoscript"
 80 | mode    = "0755"
 81 | content = '''
 82 |     #!/bin/sh
 83 |     cat /home/stefan/.wpa_supplicant.conf
 84 |     cat /etc/wpa_supplicant/wpa_supplicant.conf
 85 | '''
 86 | 
 87 | [[symlink]]
 88 | path   = "/etc/systemd/system/multi-user.target.wants/wpa_supplicant@wlp170s0.service"
 89 | target = "/usr/lib/systemd/system/wpa_supplicant@.service"
 90 | 
 91 | # no magic suspend
 92 | [[file]]
 93 | path = "/etc/systemd/logind.conf.d/no-magic-suspend.conf"
 94 | content = """
 95 | [Login]
 96 | HandlePowerKey=lock
 97 | HandleLidSwitch=ignore
 98 | """
 99 | 
100 | [[symlink]]
101 | path   = "/etc/systemd/system/NetworkManager.service"
102 | target = "/dev/null"
103 | [[symlink]]
104 | path   = "/etc/systemd/system/systemd-rfkill.service"
105 | target = "/dev/null"
106 | [[symlink]]
107 | path   = "/etc/systemd/system/systemd-rfkill.socket"
108 | target = "/dev/null"
109 | 


--------------------------------------------------------------------------------
/holodeck-traal.pkg.toml:
--------------------------------------------------------------------------------
  1 | [package]
  2 | name        = "holodeck-traal"
  3 | version     = "20211015.1"
  4 | description = "holodeck: services on Traal"
  5 | 
  6 | requires = [
  7 |     "hologram-sway-desktop",
  8 |     "hologram-monitoring-client",
  9 |     "hologram-dev-tools",
 10 |     "hologram-games",
 11 |     "hologram-dtp",
 12 |     "hologram-uefi-bootloader-with-luks",
 13 |     "linux-headers", # for wireguard-dkms
 14 |     # basic hardware support
 15 |     "hologram-amd-ucode",
 16 |     "wpa_supplicant",
 17 |     "xf86-input-synaptics",
 18 |     # power management
 19 |     "tlp",
 20 |     "x86_energy_perf_policy", # optional dependency for tlp
 21 |     # support for AMD GPU
 22 |     "xf86-video-amdgpu",
 23 |     "libva-vdpau-driver",
 24 |     "vulkan-radeon",
 25 |     "lib32-vulkan-radeon",
 26 |     "vulkan-icd-loader",
 27 |     "lib32-vulkan-icd-loader",
 28 |     "mesa-libgl",
 29 |     "lib32-mesa-libgl",
 30 |     "mesa-vdpau",
 31 |     "lib32-mesa-vdpau",
 32 |     "libva-mesa-driver",
 33 |     "lib32-libva-mesa-driver",
 34 |     # applications
 35 |     "libreoffice-still",
 36 |     "mpd",
 37 |     "thunderbird",
 38 |     "thunderbird-extension-enigmail",
 39 | ]
 40 | 
 41 | # identity
 42 | [[file]]
 43 | path    = "/etc/hostname"
 44 | content = "traal"
 45 | 
 46 | [[file]]
 47 | path    = "/etc/profile.d/prettyprompt.sh"
 48 | content = """
 49 | export PRETTYPROMPT_COMMONUSER=stefan
 50 | export PRETTYPROMPT_HOSTCOLOR='0;34'
 51 | """
 52 | 
 53 | # make SD card slot work
 54 | [[file]]
 55 | path    = "/etc/modprobe.d/sdhci.conf"
 56 | content = 'options sdhci debug_quirks2="0x8000"'
 57 | 
 58 | # Xorg: enable palm detection on touchpad, enable tapping, disable coasting
 59 | [[file]]
 60 | path    = "/etc/X11/xorg.conf.d/52-palm-detection.conf"
 61 | content = """
 62 | Section "InputClass"
 63 |     Identifier "touchpad enable palm detection"
 64 |     Driver "synaptics"
 65 |     MatchIsTouchpad "on"
 66 |     MatchDevicePath "/dev/input/event*"
 67 |     Option "CoastingSpeed" "0"
 68 |     Option "PalmDetect" "on"
 69 |     Option "PalmMinWidth" "4"
 70 |     Option "PalmMinZ" "1"
 71 |     Option "TapButton1" "1"
 72 |     Option "TapButton2" "2"
 73 |     Option "TapButton3" "3"
 74 | EndSection
 75 | """
 76 | 
 77 | # network setup: systemd-networkd
 78 | [[file]]
 79 | path    = "/etc/systemd/network/dhcp.network"
 80 | content = """
 81 |     [Match]
 82 |     Name=wl* en*
 83 | 
 84 |     [Network]
 85 |     Description=Use DHCP on physical interfaces
 86 |     DHCP=yes
 87 | 
 88 |     [DHCP]
 89 |     UseDomains=true
 90 | """
 91 | 
 92 | # network setup: systemd-resolved
 93 | [[symlink]]
 94 | path   = "/etc/systemd/system/multi-user.target.wants/systemd-resolved.service"
 95 | target = "/usr/lib/systemd/system/systemd-resolved.service"
 96 | 
 97 | [[symlink]]
 98 | path   = "/usr/share/holo/files/50-krikkit/etc/resolv.conf"
 99 | target = "/run/systemd/resolve/resolv.conf"
100 | 
101 | # network setup: wpa_supplicant
102 | [[file]]
103 | path = "/etc/wpa_supplicant/wpa_supplicant-wlp4s0.conf"
104 | contentFrom = "/dev/null"
105 | [[file]]
106 | path    = "/usr/share/holo/files/50-krikkit/etc/wpa_supplicant/wpa_supplicant-wlp4s0.conf.holoscript"
107 | mode    = "0755"
108 | content = '''
109 |     #!/bin/sh
110 |     cat /home/stefan/.wpa_supplicant.conf
111 |     cat /etc/wpa_supplicant/wpa_supplicant.conf
112 | '''
113 | 
114 | [[symlink]]
115 | path   = "/etc/systemd/system/multi-user.target.wants/wpa_supplicant@wlp4s0.service"
116 | target = "/usr/lib/systemd/system/wpa_supplicant@.service"
117 | 
118 | # no magic suspend
119 | [[file]]
120 | path = "/etc/systemd/logind.conf.d/no-magic-suspend.conf"
121 | content = """
122 | [Login]
123 | HandlePowerKey=lock
124 | HandleLidSwitch=ignore
125 | """
126 | 
127 | # enable TLP (laptop power-saving daemon)
128 | [[symlink]]
129 | path   = "/etc/systemd/system/multi-user.target.wants/tlp.service"
130 | target = "/usr/lib/systemd/system/tlp.service"
131 | [[symlink]]
132 | path   = "/etc/systemd/system/sleep.target.wants/tlp-sleep.service"
133 | target = "/usr/lib/systemd/system/tlp-sleep.service"
134 | 
135 | [[symlink]]
136 | path   = "/etc/systemd/system/NetworkManager.service"
137 | target = "/dev/null"
138 | [[symlink]]
139 | path   = "/etc/systemd/system/systemd-rfkill.service"
140 | target = "/dev/null"
141 | [[symlink]]
142 | path   = "/etc/systemd/system/systemd-rfkill.socket"
143 | target = "/dev/null"
144 | 


--------------------------------------------------------------------------------
/hologram-amd-ucode.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "hologram-amd-ucode"
 3 | version     = "1.0.0"
 4 | description = "hologram: deploy amd-ucode during UEFI boot sequence"
 5 | 
 6 | requires    = [
 7 |     "hologram-uefi-bootloader",
 8 |     "amd-ucode",
 9 | ]
10 | 
11 | [[file]]
12 | path    = "/usr/share/holo/files/10-amd-ucode/boot/loader/entries/arch.conf.holoscript"
13 | mode    = "0755"
14 | content = '''
15 |     #!/bin/sh
16 |     sed '/^initrd/i\initrd    /amd-ucode.img'
17 | '''
18 | 


--------------------------------------------------------------------------------
/hologram-arcturus-capture-card.pkg.toml:
--------------------------------------------------------------------------------
  1 | [package]
  2 | name        = "hologram-arcturus-capture-card"
  3 | version     = "1.0.3"
  4 | description = "hologram: tooling for HDMI capture card on Arcturus"
  5 | 
  6 | requires = [
  7 |   "jack-autoplug",
  8 |   "mpv",
  9 |   "pipewire-jack",
 10 | ]
 11 | 
 12 | # I have a keybinding in Sway that runs this script to either start or stop all the respective services.
 13 | [[file]]
 14 | path = "/usr/bin/capture-card-audio-only-toggle"
 15 | mode = "0755"
 16 | content = '''
 17 |   #!/bin/sh
 18 |   set -euo pipefail
 19 |   if systemctl --user is-active --quiet audio-only-capture-card.target; then
 20 |     systemctl --user stop audio-only-capture-card.target
 21 |   else
 22 |     systemctl --user start audio-only-capture-card.target
 23 |   fi
 24 | '''
 25 | 
 26 | # I have a keybinding in Sway that runs this script to either start or stop all the respective services.
 27 | [[file]]
 28 | path = "/usr/bin/capture-card-mpv-toggle"
 29 | mode = "0755"
 30 | content = '''
 31 |   #!/bin/sh
 32 |   set -euo pipefail
 33 |   if systemctl --user is-active --quiet mpv-capture-card.target; then
 34 |     systemctl --user stop mpv-capture-card.target
 35 |   else
 36 |     systemctl --user start mpv-capture-card.target
 37 |   fi
 38 | '''
 39 | 
 40 | [[file]]
 41 | path = "/usr/lib/systemd/user/audio-only-capture-card.target"
 42 | content = '''
 43 |   [Unit]
 44 |   Description = Deliver audio from capture card via PipeWire
 45 |   Wants = audio-only-capture-card.service jack-autoplug-to-mixing-console.service jack-autoplug-to-headphones.service jack-autoplug-to-earphones.service
 46 |   PropagatesStopTo = audio-only-capture-card.service jack-autoplug-to-mixing-console.service jack-autoplug-to-headphones.service jack-autoplug-to-earphones.service
 47 |   Conflicts = mpv-capture-card.target
 48 | '''
 49 | 
 50 | [[file]]
 51 | path = "/usr/lib/systemd/user/mpv-capture-card.target"
 52 | content = '''
 53 |   [Unit]
 54 |   Description = Deliver video/audio from capture card via mpv and PipeWire
 55 |   Wants = mpv-capture-card.service jack-autoplug-to-mixing-console.service jack-autoplug-to-headphones.service jack-autoplug-to-earphones.service
 56 |   PropagatesStopTo = mpv-capture-card.service jack-autoplug-to-mixing-console.service jack-autoplug-to-headphones.service jack-autoplug-to-earphones.service
 57 |   Conflicts = audio-only-capture-card.target
 58 | '''
 59 | 
 60 | [[file]]
 61 | path = "/usr/lib/systemd/user/audio-only-capture-card.service"
 62 | content = '''
 63 |   [Unit]
 64 |   Description = Enable audio input from capture card while running
 65 |   Conflicts = mpv-capture-card.service
 66 | 
 67 |   [Service]
 68 |   ExecStartPre=capture-card-set-profile input:analog-stereo
 69 |   ExecStart=tail -f /dev/null
 70 |   ExecStopPost=capture-card-set-profile off
 71 |   Restart=always
 72 |   RestartSec=1s
 73 | '''
 74 | 
 75 | [[file]]
 76 | path = "/usr/lib/systemd/user/mpv-capture-card.service"
 77 | content = '''
 78 |   [Unit]
 79 |   Description = Show video input from capture card in mpv
 80 |   Conflicts = audio-only-capture-card.service
 81 | 
 82 |   [Service]
 83 |   ExecStartPre=capture-card-set-profile input:analog-stereo
 84 |   ExecStart=mpv av://v4l2:/dev/video0 --demuxer-lavf-format=video4linux2 --demuxer-lavf-o-set=input_format=mjpeg --profile=low-latency
 85 |   ExecStopPost=capture-card-set-profile off
 86 |   Restart=always
 87 |   RestartSec=1s
 88 | '''
 89 | 
 90 | [[file]]
 91 | path    = "/usr/lib/systemd/user/jack-autoplug-to-mixing-console.service"
 92 | content = '''
 93 |   [Unit]
 94 |   Description = Connect capture card to mixing console with jack-autoplug
 95 | 
 96 |   [Service]
 97 |   ExecStart=pw-jack jack-autoplug -f "Kaptivo Whiteboard  Analog Stereo" -F capture_FL -F capture_FR -t "AG06/AG03 Analog Stereo" -T playback_FL -T playback_FR
 98 |   Restart=always
 99 |   RestartSec=1s
100 | '''
101 | 
102 | [[file]]
103 | path    = "/usr/lib/systemd/user/jack-autoplug-to-headphones.service"
104 | content = '''
105 |   [Unit]
106 |   Description = Connect capture card to headphones with jack-autoplug
107 | 
108 |   [Service]
109 |   ExecStart=pw-jack jack-autoplug -f "Kaptivo Whiteboard  Analog Stereo" -F capture_FL -F capture_FR -t "Jabra Evolve 75" -T playback_FL -T playback_FR
110 |   Restart=always
111 |   RestartSec=1s
112 | '''
113 | 
114 | [[file]]
115 | path    = "/usr/lib/systemd/user/jack-autoplug-to-earphones.service"
116 | content = '''
117 |   [Unit]
118 |   Description = Connect capture card to earphones with jack-autoplug
119 | 
120 |   [Service]
121 |   ExecStart=pw-jack jack-autoplug -f "Kaptivo Whiteboard  Analog Stereo" -F capture_FL -F capture_FR -t "ATH-CKS50TW" -T playback_FL -T playback_FR
122 |   Restart=always
123 |   RestartSec=1s
124 | '''
125 | 
126 | [[file]]
127 | path = "/usr/bin/capture-card-set-profile"
128 | mode = "0755"
129 | content = '''
130 |   #!/bin/sh
131 |   set -euo pipefail
132 |   CARD_NAME="$(pactl list cards | awk '$1=="Name:"{print$2}' | grep Kaptivo | head -n1)"
133 |   pactl set-card-profile "$CARD_NAME" "$1"
134 | '''
135 | 


--------------------------------------------------------------------------------
/hologram-base-accessible.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "hologram-base-accessible"
 3 | version     = "1.5.0"
 4 | description = "hologram: extension of hologram-base for physically accessible systems"
 5 | 
 6 | requires = [
 7 |     "hologram-base",
 8 |     # everything that was formerly in the "base" group and is not covered by the "base" package
 9 |     "inetutils",
10 |     "man-db",
11 |     "man-pages",
12 |     "nano",
13 |     "vi",
14 |     # assorted CLI tools
15 |     "acpi",
16 |     "borg",
17 |     "dosfstools",     # mkfs.vfat
18 |     "hdparm",
19 |     "inotify-tools",
20 |     "iw",
21 |     "mdadm",
22 |     "optipng",
23 |     "p7zip",
24 |     "pwget",
25 |     "pwget2",
26 |     "smartmontools",
27 |     "sshfs",
28 |     "unrar",
29 |     "unzip",
30 |     "whois",
31 |     "zip",
32 | ]
33 | 
34 | [[file]]
35 | path    = "/usr/share/holo/ssh-keys/stefan/internal.pub"
36 | content = '''
37 |     ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQClzW34zaEtGvGpIf4jRRQVnwNLv+nKBhqvW04ggh4fF9ILXvHBnjW3klfwlP9JmSCHK9IJSAsGS9jMZ7ckbgFMir4AJXvZYMlLY7PyuECF7OqOjSCmQGKdhmfnVz7HUrOBNrWM+Kz/KV76jtmxZlRI7gsX0RlZ+EXyjoUm4pA1l3085Pvsl7QXWJQQrbBl83IF/G7QYYGXtmaFXuqDbitj0d5yT01wgawWivlmitEWBUILTjS5pk4OyUlzzebjmd77jZQOenIqEg6ZNtoAludMl2jvxtH9TrCrv+XQh65GoV0dT0gROvG4H4aH7Yh7bxRkBci5G9QvcoRaURNUyjGVQqr8Bm9pfcJEzJa6qN+5RU2IA9WeE1MSaH6imvmU0XMEfJiK0qF//OhXAAoKeVCFu3rJAUIXfViW+EaxTnZlx+NXDmF57Z2ZgA7zxFdmuPhW/ogciDX+g0yMBbKmCURUh4tzhNlCbFksI4io48jXpTDfxVaCJfuzpHCFdxnt+DxQlKE4s4N3Mo+tXna++KP1MWYOjiCm/RTneDzXje1I0+ODNVMNuCaYAMKwqpc3W0d27DuplT4+vILUXCwfdEr3WZabYQH6+n13OKbVTvtuMwBjyZf4g9/wI8UNKRxGJZM87f4hGFbp+2eewIThPDN0CI3rwPUcKh73l8lMNJvXKw== stefan@arcturus
38 |     ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5SglxtK6N9Gfqcly/k5ozXSw4YIcmaWdsXnO40cEZWttTU0uuGxjhJQ2uppW7isHdgv9klQnJ8CE/tJ59i+JC8Hw3lZKYjO4MGEYBAWiEdh6fkszAmE7uDbFz4BpXuLd5f51fB4KlBUxvfq5ty5LSy6lCBUdn9UTO7NUTC/Bi7te3oxPCppHUOz5F/SmKyqrI/lCjhDXBIPUu1JSC38483FWWeZO/YPnoxtEbh9xPcKNeklUIkb03+zFRBsEmpLzSMBaIKDu884HZPK7jVLdthztKKFVLn/n1a6qk64mVm/QG1C+pJV93k+PdhWEXq3oHltYDDgCkaT8Ll//2XacAIP2CE7NTqjrCuNrq6u0yE7xjKj9PhpL1/jl5/4M173bxMv/x8ktK1iIKH0L+VfSj8JzhxIZVF7c9FQm9v4vLk0kcDyQKgnImfkotJjnS1y1HdseIFVogJb1lIz2NDdzB0/nRNZMky4yMTKZyx8vhA+6W9elFu2ofB8g7ONvDaKiMR7dBWE6ScB0tCvmJdygzlHqUzTiMKUUwZ+4EbNkYPchmFOs9COMkUzZ+BvmH/WM2LpGS7fJNXc7ygScrvZaNOxHm3ZEQHWCn3cOE9wBzOKwATimOVRc4f870ZHDyHkMCQVQwfQfKjrlwFIg+rFKWQ7qB1EzM3JxtovBYTIHHcw== stefan@krikkit
39 |     ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWdZozI9nwvho6gTTIJdeRwqRrqLgSyVhVlK1kAbHjU stefan@tabibito
40 | '''
41 | 
42 | # systemd: don't block for 90s when a service does not shut down in a timely fashion
43 | [[file]]
44 | path    = "/etc/systemd/system.conf.d/hologram-base.conf"
45 | content = """
46 |     [Manager]
47 |     DefaultTimeoutStopSec=15s
48 |     CtrlAltDelBurstAction=poweroff-force
49 | """
50 | 
51 | # systemd-journald
52 | [[file]]
53 | path    = "/etc/systemd/journald.conf.d/hologram-base.conf"
54 | content = """
55 |     [Journal]
56 |     # setup volatile storage
57 |     Storage=volatile
58 |     RuntimeMaxUse=100M
59 |     # setup forwarding to tty12
60 |     ForwardToConsole=yes
61 |     TTYPath=/dev/tty12
62 |     MaxLevelConsole=info
63 | """
64 | 
65 | # git identity
66 | [[file]]
67 | path = "/usr/share/holo/files/20-base-accessible/etc/gitconfig"
68 | content = '''
69 |     [user]
70 |     name = Stefan Majewsky
71 |     email = majewsky@gmx.net
72 | '''
73 | 
74 | # ssh-agent
75 | [[symlink]]
76 | path   = "/home/stefan/.config/systemd/user/default.target.wants/ssh-agent.service"
77 | target = "/usr/lib/systemd/user/ssh-agent.service"
78 | [[file]]
79 | path    = "/etc/profile.d/attach-ssh-agent.sh"
80 | content = '''
81 |     if [[ "$(id -un)" = stefan ]]; then
82 |         export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"
83 |     fi
84 | '''
85 | 


--------------------------------------------------------------------------------
/hologram-base-gui-minimal.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "hologram-base-gui-minimal"
 3 | version     = "1.3.8"
 4 | description = "hologram: base GUI installation (variant for space-constrained systems)"
 5 | 
 6 | requires = [
 7 |     "hologram-base-accessible",
 8 |     "xorg-server",
 9 |     # assorted GUI apps
10 |     "group:xorg-apps",
11 |     "firefox",
12 |     "graphviz",
13 |     "gnuplot",
14 |     "gvim", # vim with X11 clipboard support
15 |     "imagemagick",
16 |     "inkscape",
17 |     "mupdf",
18 |     "paprefs",
19 |     "pavucontrol",
20 |     "qgit",
21 |     "screen-message",
22 |     "svgcleaner",
23 |     "sxiv",
24 |     "xsel",
25 |     # helper packages
26 |     "aspell-de",  # to silence complaints in gitk about missing spell check dict
27 |     "tesseract-data-deu", # mupdf depends on tesseract, which needs a choice of one of its data packages
28 |     # font packages
29 |     "adobe-source-code-pro-fonts",
30 |     "adobe-source-sans-pro-fonts",
31 |     "adobe-source-serif-pro-fonts",
32 |     "gnu-free-fonts",
33 |     "ttf-bitstream-vera",
34 |     "ttf-dejavu",
35 |     "ttf-droid",
36 |     "ttf-hack",
37 |     "ttc-iosevka",
38 |     "ttf-liberation",
39 | ]
40 | 
41 | # set keymap for XKB
42 | [[file]]
43 | path = "/etc/X11/xorg.conf.d/keyboard.conf"
44 | content = '''
45 |     Section "InputClass"
46 |         Identifier "system-keyboard"
47 |         MatchIsKeyboard "on"
48 |         Option "XkbLayout" "eu"
49 |         Option "XkbOptions" "caps:escape"
50 |     EndSection
51 | '''
52 | 
53 | # set keymap for Sway
54 | [[file]]
55 | path = "/etc/profile.d/xkb.sh"
56 | content = '''
57 |     export XKB_DEFAULT_LAYOUT=eu
58 |     export XKB_DEFAULT_VARIANT=''
59 |     export XKB_DEFAULT_OPTIONS=caps:escape
60 | '''
61 | 
62 | [[file]]
63 | path = "/etc/profile.d/no-hidpi-please.sh"
64 | content = '''
65 |     unset QT_AUTO_SCREEN_SCALE_FACTOR
66 |     export GDK_SCALE=1
67 | '''
68 | 
69 | # allow graphical user to set screen brightness in sysfs
70 | [[file]]
71 | path = "/etc/udev/rules.d/backlight.rules"
72 | content = '''
73 |     ACTION=="add", SUBSYSTEM=="backlight", GROUP="video", MODE="0664"
74 | '''
75 | 


--------------------------------------------------------------------------------
/hologram-base-gui.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "hologram-base-gui"
 3 | version     = "1.6.0"
 4 | description = "hologram: base GUI installation"
 5 | 
 6 | requires = [
 7 |     "hologram-base-gui-minimal",
 8 |     "hologram-multimedia-base",
 9 |     # assorted GUI apps
10 |     "audacity",
11 |     "gnucash",
12 |     "tk", # for gitk and git-gui
13 |     "vlc",
14 |     # font packages
15 |     "cantarell-fonts",
16 |     "otf-ipafont",
17 |     "otf-raleway",
18 |     "libertinus-font",
19 |     "titillium-fonts",
20 |     "ttf-montserrat",
21 |     "ttf-ubuntu-font-family",
22 | ]
23 | 


--------------------------------------------------------------------------------
/hologram-base.pkg.toml:
--------------------------------------------------------------------------------
  1 | [package]
  2 | name    = "hologram-base"
  3 | version = "20241106.2"
  4 | description = "hologram: base installation"
  5 | 
  6 | requires = [
  7 |     "base",
  8 |     "hologram-openssh",
  9 |     "linux",
 10 |     "linux-firmware",
 11 |     # configuration management
 12 |     "replicator",
 13 |     # assorted CLI tools
 14 |     "age",
 15 |     "dnsutils",
 16 |     "git",
 17 |     "gron",
 18 |     "gofu",
 19 |     "go-yq",
 20 |     "gptfdisk",
 21 |     "htop",
 22 |     "jq",
 23 |     "lsof",
 24 |     "moreutils",      # chronic, sponge, ts, etc.
 25 |     "ncdu",
 26 |     "net-tools",      # netstat
 27 |     "nmap",           # ncat
 28 |     "pciutils",
 29 |     "pinfo",
 30 |     "pwgen",
 31 |     "pv",
 32 |     "python-tabulate",
 33 |     "qrencode",
 34 |     "ripgrep",
 35 |     "rsync",
 36 |     "screen",
 37 |     "socat",
 38 |     "strace",
 39 |     "sudo",
 40 |     "tcpdump",
 41 |     "tk",             # gitk
 42 |     "traceroute",
 43 |     "tree",
 44 |     "units",
 45 |     "up",
 46 |     "usbutils",
 47 |     "vim",
 48 |     "wget",
 49 |     "zsh",
 50 | ]
 51 | 
 52 | # entities
 53 | [[group]]
 54 | name    = "sudo"
 55 | system  = true
 56 | 
 57 | [[user]]
 58 | name    = "stefan"
 59 | comment = "Stefan Majewsky"
 60 | uid     = 1001
 61 | group   = "users"
 62 | groups  = ["sudo"]
 63 | shell   = "/bin/zsh"
 64 | 
 65 | # locale
 66 | [[file]]
 67 | path    = "/etc/locale.conf"
 68 | content = """
 69 |     LANG=de_DE.UTF-8
 70 |     LC_MESSAGES=C
 71 | """
 72 | 
 73 | [[file]]
 74 | path    = "/usr/share/holo/files/00-base/etc/locale.gen"
 75 | content = """
 76 |     de_DE.UTF-8 UTF-8
 77 |     en_US.UTF-8 UTF-8
 78 | """
 79 | 
 80 | [[action]]
 81 | on     = "setup"
 82 | script = "locale-gen"
 83 | 
 84 | [[symlink]]
 85 | path   = "/etc/localtime"
 86 | target = "/usr/share/zoneinfo/Europe/Berlin"
 87 | 
 88 | [[file]]
 89 | path    = "/etc/vconsole.conf"
 90 | content = """
 91 |     KEYMAP=us
 92 | """
 93 | 
 94 | # filesystem
 95 | [[file]]
 96 | path    = "/usr/share/holo/files/00-base/etc/fstab"
 97 | mode    = "0644"
 98 | content = """
 99 |     {{- range .Vars.fstab }}
100 |     {{.source}}	{{.target}}	{{.fstype}}	{{.options}}	0 {{if eq .target "/"}}1{{else if contains "_netdev" .options}}0{{else}}2{{end}}
101 |     {{- end }}
102 | """
103 | [[symlink]]
104 | path   = "/usr/share/holo/files/00-base/etc/fstab.holoscript"
105 | target = "/usr/bin/replicator"
106 | 
107 | [[file]]
108 | path    = "/usr/share/holo/files/00-base/etc/crypttab"
109 | mode    = "0600"
110 | content = """
111 |     {{- range .Vars.crypttab }}
112 |     {{.name}}	UUID={{.uuid}}	{{.keyfile}}	{{.options}}
113 |     {{- end }}
114 | """
115 | [[symlink]]
116 | path   = "/usr/share/holo/files/00-base/etc/crypttab.holoscript"
117 | target = "/usr/bin/replicator"
118 | 
119 | # pacman
120 | [[file]]
121 | path    = "/usr/share/holo/files/00-base/etc/pacman.conf.holoscript"
122 | mode    = "0755"
123 | content = '''
124 |     #!/bin/sh
125 | 
126 |     # skip installation of translations
127 |     echo '[options]'
128 |     echo 'NoExtract = usr/share/locale/*/LC_MESSAGES'
129 |     echo 'NoExtract = usr/share/locale/*/LC_MESSAGES/*'
130 |     # skip installation of ripgrep zsh-completion (https://github.com/BurntSushi/ripgrep/issues/375)
131 |     # completion function is provided by devenv instead
132 |     echo 'NoExtract = usr/share/zsh/site-functions/_rg'
133 | 
134 |     sed '
135 |         # enable additional options
136 |         s/^#\(Color\|VerbosePkgLists\)$/\1/
137 | 
138 |         # enable multilib repo (TODO: move this into a later hologram?)
139 |         /^#\[multilib]/,/^$/s/^#//
140 |     '
141 | 
142 |     # add official holo repo
143 |     echo
144 |     echo '[holo]'
145 |     echo 'Server = https://repo.holocm.org/archlinux/$arch'
146 | 
147 |     # add holograms repo
148 |     echo
149 |     echo '[holograms]'
150 |     echo 'Server = https://repo.holocm.org/archlinux/personal'
151 | '''
152 | 
153 | [[file]]
154 | path    = "/usr/share/holo/files/00-base/etc/pacman.d/mirrorlist.holoscript"
155 | mode    = "0755"
156 | content = """
157 |     #!/bin/sh
158 |     # prefer my own mirror
159 |     echo 'Server=https://mirror.bethselamin.de/$repo/os/$arch'
160 |     # other German mirrors (no shuffling or ranking since this is only a fallback anyway)
161 |     sed '1,/^## Germany/d;s/^#Server/Server/;/^$/,$d'
162 | """
163 | 
164 | # makepkg
165 | [[file]]
166 | path    = "/usr/share/holo/files/00-base/etc/makepkg.conf.holoscript"
167 | mode    = "0755"
168 | content = """
169 |     #!/bin/sh
170 |     sed '
171 |         # enable package signing
172 |         /^BUILDENV=/s/!sign/sign/
173 |         # use my package signing key
174 |         s/^#GPGKEY=.*/GPGKEY="0xF7A9C9DC4631BD1A"/
175 |         # report myself as the packager
176 |         s/^#PACKAGER=.*/PACKAGER="Stefan Majewsky <holo-pacman@posteo.de>"/
177 |     '
178 | """
179 | 
180 | # unpack secrets
181 | [[directory]]
182 | path = "/etc/secrets"
183 | mode = "0700"
184 | 
185 | [[file]]
186 | path = "/etc/secrets/key"
187 | mode = "0600"
188 | contentFrom = "/dev/null" # needs to be filled by root on setup
189 | 
190 | [[file]]
191 | path        = "/usr/bin/unpack-secrets"
192 | mode        = "0755"
193 | contentFrom = "src/unpack-secrets.sh"
194 | 
195 | # sudo
196 | [[file]]
197 | path    = "/usr/share/holo/files/00-base/etc/sudoers"
198 | content = """
199 |     root    ALL=(ALL) ALL
200 |     %sudo   ALL=(ALL) ALL
201 | 
202 |     Defaults env_keep+="http_proxy https_proxy ftp_proxy all_proxy socks_proxy no_proxy"
203 | """
204 | 
205 | # systemd-networkd
206 | [[symlink]]
207 | path   = "/etc/systemd/system/multi-user.target.wants/systemd-networkd.service"
208 | target = "/usr/lib/systemd/system/systemd-networkd.service"
209 | [[symlink]]
210 | path   = "/etc/systemd/system/sockets.target.wants/systemd-networkd.socket"
211 | target = "/usr/lib/systemd/system/systemd-networkd.socket"
212 | 
213 | # systemd-timesyncd
214 | [[file]]
215 | path    = "/etc/systemd/timesyncd.conf.d/hologram-base.conf"
216 | content = """
217 |     [Time]
218 |     FallbackNTP=ptbtime1.ptb.de
219 | """
220 | 
221 | [[symlink]]
222 | path   = "/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service"
223 | target = "/usr/lib/systemd/system/systemd-timesyncd.service"
224 | 
225 | # git is stupid and wants a name/email even when only pulling, even on servers
226 | [[file]]
227 | path = "/etc/gitconfig"
228 | content = '''
229 |     [user]
230 |     name = Fake
231 |     email = fake@example.com
232 | '''
233 | 
234 | # home directory including SSH keys
235 | [[directory]]
236 | path  = "/home/stefan"
237 | mode  = "0700"
238 | owner = 1001 # stefan
239 | group = 100  # users
240 | 
241 | [[directory]]
242 | path  = "/home/stefan/.ssh"
243 | mode  = "0700"
244 | owner = 1001 # stefan
245 | group = 100  # users
246 | 
247 | # development environment bootstrapping
248 | [[directory]]
249 | path  = "/x"
250 | mode  = "0700"
251 | owner = 1001 # stefan
252 | group = 100  # users
253 | 
254 | [[file]]
255 | path = "/usr/bin/bootstrap-devenv"
256 | mode = "0755"
257 | contentFrom = "src/bootstrap-devenv.sh"
258 | 
259 | # disable faillock
260 | [[file]]
261 | path    = "/usr/share/holo/files/00-base/etc/security/faillock.conf.holoscript"
262 | mode = "0755"
263 | content = '''
264 |     #!/bin/sh
265 |     cat
266 |     echo 'deny = 0'
267 | '''
268 | 


--------------------------------------------------------------------------------
/hologram-bluetooth-audio.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name = "hologram-bluetooth-audio"
 3 | version = "1.1.1"
 4 | description = "hologram: Bluetooth support in audio stack"
 5 | requires = [
 6 |   "bluez",
 7 |   "bluez-utils",
 8 | ]
 9 | 
10 | ################################################################################
11 | # start bluetooth.service
12 | 
13 | [[symlink]]
14 | path   = "/etc/systemd/system/bluetooth.target.wants/bluetooth.service"
15 | target = "/usr/lib/systemd/system/bluetooth.service"
16 | 
17 | [[symlink]]
18 | path   = "/etc/systemd/system/dbus-org.bluez.service"
19 | target = "/usr/lib/systemd/system/bluetooth.service"
20 | 
21 | ################################################################################
22 | # configure bluetooth.service
23 | 
24 | [[file]]
25 | path    = "/usr/share/holo/files/20-bluetooth-audio/etc/bluetooth/main.conf.holoscript"
26 | mode    = "0755"
27 | content = '''
28 |   #!/bin/sh
29 |   sed 's/^\s*#\s*AutoEnable\s*=\s*false\s*$/AutoEnable=true/'
30 | '''
31 | 


--------------------------------------------------------------------------------
/hologram-borgbackup-receiver.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "hologram-borgbackup-receiver"
 3 | version     = "1.0.0"
 4 | description = "hologram: backup server using Borg"
 5 | 
 6 | requires = [
 7 |   "borg",
 8 |   "secrets", # this uses /usr/bin/replicator
 9 | ]
10 | 
11 | [[group]]
12 | name   = "borgrecv"
13 | system = true
14 | 
15 | [[user]]
16 | name    = "borgrecv"
17 | system  = true
18 | comment = "Borg Backup Receiver"
19 | group   = "borgrecv"
20 | home    = "/var/lib/borgrecv"
21 | 
22 | [[action]]
23 | on = "setup"
24 | script = """
25 |   echo 'When adding a client, you must `borg init --encryption=repokey-blake2 /var/lib/borgrecv/repo/$CLIENT` manually.'
26 | """
27 | 
28 | [[directory]]
29 | path  = "/var/lib/borgrecv"
30 | owner = "borgrecv"
31 | group = "borgrecv"
32 | mode  = "0700"
33 | 
34 | [[directory]]
35 | path  = "/var/lib/borgrecv/.ssh"
36 | owner = "borgrecv"
37 | group = "borgrecv"
38 | mode  = "0700"
39 | 
40 | [[file]]
41 | path  = "/var/lib/borgrecv/.ssh/authorized_keys"
42 | owner = "borgrecv"
43 | group = "borgrecv"
44 | mode  = "0600"
45 | content = '''
46 |   {{- range $hostname, $sshkey := .Vars.borgrecv.keys }}
47 |   command="borg serve --restrict-to-path /var/lib/borgrecv/repo/{{ $hostname }} --append-only",restrict {{ $sshkey }}
48 |   {{- end }}
49 |   {{- range .Vars.borgrecv.superkeys }}
50 |   command="borg serve --append-only",restrict {{ . }}
51 |   {{- end }}
52 | '''
53 | [[symlink]]
54 | path   = "/usr/share/holo/files/20-borgbackup-receiver/var/lib/borgrecv/.ssh/authorized_keys.holoscript"
55 | target = "/usr/bin/replicator"
56 | 


--------------------------------------------------------------------------------
/hologram-dev-tools-minimal.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "hologram-dev-tools-minimal"
 3 | version     = "1.2.2"
 4 | description = "hologram: compilers and development tools (variant for space-constrained systems)"
 5 | 
 6 | requires = [
 7 |     "art",
 8 |     "base-devel",
 9 |     "cloc",
10 |     "go",
11 |     "go-tools",
12 |     "holo-build",
13 |     "pacman-contrib", # updpkgsums
14 |     "perl-term-readkey", # required for "interactive.singlekey" config of Git
15 |     "shellcheck",
16 |     "shfmt",
17 | ]
18 | 


--------------------------------------------------------------------------------
/hologram-dev-tools.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "hologram-dev-tools"
 3 | version     = "1.4.11"
 4 | description = "hologram: compilers and development tools"
 5 | 
 6 | requires = [
 7 |     "hologram-dev-tools-minimal",
 8 |     "arch-install-scripts",
 9 |     "cargo",
10 |     "cargo-watch",
11 |     "cmake",
12 |     "docker", # NOTE: not enabled (as in "systemctl enable") by default to avoid confusion with networking and stuff
13 |     "postgresql",
14 |     "rfc",
15 |     "rust",
16 |     "sassc",
17 |     "words",
18 | ]
19 | 
20 | [[user]]
21 | name   = "stefan"
22 | groups = ["docker"]
23 | 


--------------------------------------------------------------------------------
/hologram-dtp.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "hologram-dtp"
 3 | version     = "1.0.4"
 4 | description = "hologram: desktop publishing applications"
 5 | 
 6 | requires = [
 7 |     "texlive-core",
 8 |     "texlive-latexextra",
 9 |     "texlive-pictures",
10 |     "texlive-science",
11 | ]
12 | 


--------------------------------------------------------------------------------
/hologram-ferm.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "hologram-ferm"
 3 | version     = "1.1.0"
 4 | description = "hologram: configure firewall using ferm"
 5 | 
 6 | requires = ["ferm"]
 7 | 
 8 | [[symlink]]
 9 | path   = "/etc/systemd/system/multi-user.target.wants/ferm.service"
10 | target = "/usr/lib/systemd/system/ferm.service"
11 | 
12 | [[file]]
13 | path    = "/usr/share/holo/files/10-ferm/etc/ferm.conf"
14 | content = """
15 |     table filter {
16 |         chain INPUT {
17 |             policy DROP;
18 | 
19 |             # connection tracking
20 |             mod state state INVALID DROP;
21 |             mod state state (ESTABLISHED RELATED) ACCEPT;
22 | 
23 |             # allow local connections
24 |             interface lo ACCEPT;
25 | 
26 |             # respond to ping
27 |             proto icmp icmp-type echo-request ACCEPT;
28 | 
29 |             # allow services configured on this machine (the hologram for the service
30 |             # needs to install a snippet to /etc/ferm.d/incoming-$SERVICE)
31 |             @include @glob("ferm.d/incoming-*");
32 | 
33 |             # the rest is dropped by the policy above
34 |         }
35 | 
36 |         # outgoing connections are not limited
37 |         chain OUTPUT policy ACCEPT;
38 | 
39 |         chain FORWARD {
40 |             policy DROP;
41 | 
42 |             # connection tracking
43 |             mod state state INVALID DROP;
44 |             mod state state (ESTABLISHED RELATED) ACCEPT;
45 | 
46 |             # allow routers configured on this machine (the hologram for the router
47 |             # needs to install a snippet to /etc/ferm.d/forwarding-$SERVICE)
48 |             @include @glob("ferm.d/forwarding-*");
49 | 
50 |             # the rest is dropped by the policy above
51 |         }
52 |     }
53 | """
54 | 


--------------------------------------------------------------------------------
/hologram-games.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "hologram-games"
 3 | version     = "1.2.1"
 4 | description = "hologram: games selection"
 5 | 
 6 | requires = [
 7 |     # for Minecraft
 8 |     "jre8-openjdk",
 9 |     # Steam and support libraries
10 |     "steam",
11 |     "lib32-alsa-plugins",
12 |     "lib32-libpulse",
13 |     # assorted games
14 |     "openttd",
15 |     "openttd-opengfx",
16 |     "openttd-opensfx",
17 | ]
18 | 
19 | # enable gamepad emulation for Steam controller; source:
20 | # https://steamcommunity.com/app/353370/discussions/0/490123197956024380/
21 | 
22 | [[file]]
23 | path = "/etc/udev/rules.d/81-steam-controller.rules"
24 | content = """
25 |     KERNEL=="uinput", MODE="0660", GROUP="users", OPTIONS+="static_node=uinput"
26 | """
27 | 
28 | # HiDPI support in Steam
29 | 
30 | [[file]]
31 | path = "/etc/profile.d/steam-hidpi.sh"
32 | content = '''
33 |     export STEAM_FORCE_DESKTOPUI_SCALING=1.5
34 | '''
35 | 
36 | # setup the wg-gaming interface with WireGuard
37 | 
38 | [[file]]
39 | path = "/etc/wireguard/wg-gaming.conf"
40 | content = '''
41 |   [Interface]
42 |   Address = {{.Vars.gamenet.slash16}}.1.{{.Vars.host.id}}/32
43 |   PrivateKey = {{.Vars.gamenet.private_key}}
44 | 
45 |   [Peer]
46 |   PublicKey = {{.Vars.gamenet.server.public_key}}
47 |   Endpoint = {{.Vars.gamenet.server.endpoint}}
48 |   AllowedIPs = {{.Vars.gamenet.slash16}}.0.0/16
49 |   PersistentKeepAlive = 30
50 | '''
51 | [[symlink]]
52 | path   = "/usr/share/holo/files/20-monitoring-server/etc/wireguard/wg-gaming.conf.holoscript"
53 | target = "/usr/bin/replicator"
54 | 
55 | [[symlink]]
56 | path   = "/etc/systemd/system/multi-user.target.wants/wg-quick@wg-gaming.service"
57 | target = "/usr/lib/systemd/system/wg-quick@.service"
58 | 


--------------------------------------------------------------------------------
/hologram-intel-ucode.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "hologram-intel-ucode"
 3 | version     = "1.0.2"
 4 | description = "hologram: deploy intel-ucode during UEFI boot sequence"
 5 | 
 6 | requires    = [
 7 |     "hologram-uefi-bootloader",
 8 |     "intel-ucode",
 9 | ]
10 | 
11 | [[file]]
12 | path    = "/usr/share/holo/files/10-intel-ucode/boot/loader/entries/arch.conf.holoscript"
13 | mode    = "0755"
14 | content = '''
15 |     #!/bin/sh
16 |     sed '/^initrd/i\initrd    /intel-ucode.img'
17 | '''
18 | 


--------------------------------------------------------------------------------
/hologram-kde-desktop.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "hologram-kde-desktop"
 3 | version     = "1.2.4"
 4 | description = "hologram: GUI installation with KDE Plasma desktop"
 5 | 
 6 | requires = [
 7 |     "hologram-base-gui",
 8 |     # desktop
 9 |     "group:plasma",
10 |     "except:plasma-nm",      # pulls in effing NetworkManager
11 |     "except:plasma-welcome", # pulls in plasma-nm
12 |     "except:ksshaskpass",
13 |     "except:powerdevil",
14 |     "except:plasma-vault",
15 |     "except:plasma-workspace-wallpapers", # space saving
16 |     "except:breeze-gtk",                  # hilariously broken with GTK 3.20 ATM
17 |     # KDE 5 applications
18 |     "ark",
19 |     "dolphin",
20 |     "filelight",
21 |     "gwenview",
22 |     "kcharselect",
23 |     "kcolorchooser",
24 |     "kdialog",
25 |     "kid3",
26 |     "kolourpaint",
27 |     "konsole",
28 |     "kruler",
29 |     "kwalletmanager",
30 |     "spectacle",
31 |     "yakuake",
32 |     # helpers
33 |     "gst-plugins-good",  # optional: for WebM support in qt5-webkit
34 |     "qt5-imageformats",
35 | ]
36 | 


--------------------------------------------------------------------------------
/hologram-monitoring-agents.pkg.toml:
--------------------------------------------------------------------------------
  1 | [package]
  2 | name        = "hologram-monitoring-agents"
  3 | version     = "0.2.3"
  4 | description = "hologram: monitoring agents"
  5 | 
  6 | requires = [
  7 |   "prometheus-minimum-viable-sd",
  8 |   "prometheus-node-exporter",
  9 |   "secrets", # this uses /usr/bin/replicator
 10 | ]
 11 | 
 12 | # allow Prometheus access to exporters via private network
 13 | [[file]]
 14 | path    = "/etc/ferm.d/incoming-exporters"
 15 | content = "proto tcp dport 9100 interface wg-monitoring ACCEPT;"
 16 | [[symlink]]
 17 | path   = "/usr/share/holo/files/20-monitoring-server/etc/ferm.d/incoming-exporters.holoscript"
 18 | target = "/usr/bin/replicator"
 19 | 
 20 | ################################################################################
 21 | # node exporter
 22 | 
 23 | [[symlink]]
 24 | path = "/etc/systemd/system/multi-user.target.wants/prometheus-node-exporter.service"
 25 | target = "/usr/lib/systemd/system/prometheus-node-exporter.service"
 26 | 
 27 | [[file]]
 28 | path = "/etc/systemd/system/prometheus-node-exporter.service.d/hardening.conf"
 29 | content = '''
 30 |   [Service]
 31 |   User=nobody
 32 |   Group=nobody
 33 | '''
 34 | 
 35 | [[file]]
 36 | path = "/usr/share/holo/files/20-monitoring-agents/etc/conf.d/prometheus-node-exporter"
 37 | content = 'NODE_EXPORTER_ARGS="--no-collector.wifi"'
 38 | 
 39 | ################################################################################
 40 | # prometheus-minimum-viable-sd announce
 41 | 
 42 | [[file]]
 43 | path    = "/etc/prometheus/services.json"
 44 | content = '''
 45 |   [
 46 |     {
 47 |       "targets": [ "{{.Vars.prometheus.slash24}}.{{.Vars.host.id}}:9100" ],
 48 |       "labels": {
 49 |         "instance": "{{.Vars.host.name}}",
 50 |         "job": "prometheus-node-exporter"
 51 |       }
 52 |     }
 53 |   ]
 54 | '''
 55 | 
 56 | [[symlink]]
 57 | path   = "/usr/share/holo/files/20-monitoring-agents/etc/prometheus/services.json.holoscript"
 58 | target = "/usr/bin/replicator"
 59 | 
 60 | [[file]]
 61 | path    = "/usr/lib/systemd/system/prometheus-minimum-viable-sd.service"
 62 | content = '''
 63 | [Unit]
 64 | Description=Minimum Viable service discovery for Prometheus
 65 | 
 66 | [Service]
 67 | DynamicUser=yes
 68 | ExecStart=/usr/bin/prometheus-minimum-viable-sd announce /etc/prometheus/services.json {{.Vars.prometheus.sd_address}}
 69 | LockPersonality=yes
 70 | MemoryDenyWriteExecute=yes
 71 | NoNewPrivileges=yes
 72 | PrivateDevices=yes
 73 | PrivateTmp=yes
 74 | ProtectControlGroups=yes
 75 | ProtectHome=yes
 76 | ProtectHostname=yes
 77 | ProtectKernelModules=yes
 78 | ProtectKernelTunables=yes
 79 | ProtectSystem=strict
 80 | Restart=always
 81 | RestartSec=10s
 82 | RestrictAddressFamilies=AF_INET AF_INET6
 83 | RestrictNamespaces=yes
 84 | RestrictRealtime=yes
 85 | RestrictSUIDSGID=yes
 86 | SystemCallArchitectures=native
 87 | SystemCallErrorNumber=EPERM
 88 | SystemCallFilter=@system-service
 89 | 
 90 | [Install]
 91 | WantedBy=multi-user.target
 92 | '''
 93 | [[symlink]]
 94 | path   = "/usr/share/holo/files/20-monitoring-agents/usr/lib/systemd/system/prometheus-minimum-viable-sd.service.holoscript"
 95 | target = "/usr/bin/replicator"
 96 | 
 97 | [[symlink]]
 98 | path   = "/etc/systemd/system/multi-user.target.wants/prometheus-minimum-viable-sd.service"
 99 | target = "/usr/lib/systemd/system/prometheus-minimum-viable-sd.service"
100 | 


--------------------------------------------------------------------------------
/hologram-monitoring-client.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "hologram-monitoring-client"
 3 | version     = "0.1.4"
 4 | description = "hologram: connection to monitoring network"
 5 | 
 6 | conflicts = [ 'hologram-monitoring-server' ]
 7 | requires = [
 8 |   'secrets', # this uses /usr/bin/replicator
 9 |   'hologram-monitoring-agents',
10 |   'wireguard-tools',
11 | ]
12 | 
13 | [[directory]]
14 | path = "/etc/wireguard"
15 | mode = "0700" # contains private keys
16 | 
17 | # open port when using hologram-ferm
18 | [[file]]
19 | path    = "/etc/ferm.d/incoming-wireguard"
20 | content = "proto udp dport {{.Vars.wg.port}} ACCEPT;"
21 | [[symlink]]
22 | path   = "/usr/share/holo/files/20-wireguard/etc/ferm.d/incoming-wireguard.holoscript"
23 | target = "/usr/bin/replicator"
24 | 
25 | ################################################################################
26 | # private network for metric collection/Grafana access
27 | 
28 | [[file]]
29 | path = "/etc/wireguard/wg-monitoring.conf"
30 | content = '''
31 |   [Interface]
32 |   Address = {{.Vars.prometheus.slash24}}.{{.Vars.host.id}}/32
33 |   PrivateKey = {{.Vars.wg.private_key}}
34 | 
35 |   [Peer]
36 |   PublicKey = {{.Vars.wg.server.public_key}}
37 |   PresharedKey = {{.Vars.wg.preshared_key}}
38 |   Endpoint = {{.Vars.wg.server.endpoint}}:{{.Vars.wg.port}}
39 |   AllowedIPs = {{.Vars.prometheus.slash24}}.0/24
40 |   PersistentKeepAlive = 15
41 | '''
42 | [[symlink]]
43 | path   = "/usr/share/holo/files/20-monitoring-server/etc/wireguard/wg-monitoring.conf.holoscript"
44 | target = "/usr/bin/replicator"
45 | 
46 | [[symlink]]
47 | path   = "/etc/systemd/system/multi-user.target.wants/wg-quick@wg-monitoring.service"
48 | target = "/usr/lib/systemd/system/wg-quick@.service"
49 | 


--------------------------------------------------------------------------------
/hologram-multimedia-base.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "hologram-multimedia-base"
 3 | version     = "1.0.15"
 4 | description = "hologram: basic multimedia software collection (no GUI required)"
 5 | 
 6 | requires = [
 7 |     "pipewire",
 8 |     "pipewire-alsa",
 9 |     "pipewire-jack",
10 |     "pipewire-pulse",
11 |     "lib32-pipewire-jack",
12 |     # clients
13 |     "mpc",
14 |     "mpv",
15 |     "mpv-mpris",
16 |     "ncmpcpp",
17 |     # tools
18 |     "opus-tools",
19 |     "pamixer",   # used by my Sway keybindings for XF86Audio{Mute,{Lower,Raise}Volume}
20 |     "playerctl", # CLI for MPRIS
21 |     "vorbis-tools",
22 |     "yt-dlp",
23 |     "rtmpdump", # optional for youtube-dl
24 | ]
25 | 
26 | [[file]]
27 | path = "/etc/mpv/mpv.conf"
28 | content = '''
29 |     # never display album covers
30 |     no-audio-display
31 |     # enumerate unfinished videos by examining the watch-later files
32 |     write-filename-in-watch-later-config
33 |     # "Bluetooth is the most widely deployed garbage technology" - Xyrill, all the time
34 |     audio-stream-silence=yes
35 |     # default font size is rather too small for 4K display
36 |     osd-font-size=48
37 | '''
38 | 


--------------------------------------------------------------------------------
/hologram-nix-daemon.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name = "hologram-nix-daemon"
 3 | version = "1.0.1"
 4 | description = "hologram: Nix on Arch Linux"
 5 | requires = [
 6 |     "nix",
 7 | ]
 8 | 
 9 | [[action]]
10 | on = "setup"
11 | script = '''
12 |     echo '>> If not done yet, run `nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs` as user `stefan`.'
13 | '''
14 | 
15 | [[file]]
16 | path = "/usr/share/holo/files/20-nix-daemon/etc/nix/nix.conf.holoscript"
17 | mode = "0755"
18 | content = '''
19 |     #!/bin/sh
20 |     cat
21 |     echo 'max-jobs = auto' # use as many builders as there are CPUs (default: 1)
22 |     echo 'experimental-features = nix-command flakes'
23 | '''
24 | 
25 | [[symlink]]
26 | path   = "/etc/systemd/system/multi-user.target.wants/nix-daemon.service"
27 | target = "/usr/lib/systemd/system/nix-daemon.service"
28 | 
29 | [[user]]
30 | name = "stefan"
31 | groups = [ "nix-users" ]
32 | 


--------------------------------------------------------------------------------
/hologram-openssh.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "hologram-openssh"
 3 | version     = "1.6.0"
 4 | description = "hologram: hardened OpenSSH server"
 5 | requires    = [ "openssh" ]
 6 | 
 7 | # enable SSH daemon
 8 | [[symlink]]
 9 | path   = "/etc/systemd/system/multi-user.target.wants/sshd.service"
10 | target = "/usr/lib/systemd/system/sshd.service"
11 | 
12 | # open SSH port when using hologram-ferm
13 | [[file]]
14 | path = "/etc/ferm.d/incoming-ssh"
15 | content = "proto tcp dport ssh ACCEPT;"
16 | 
17 | # extend the default SSH configuration with recommendations from
18 | # https://stribika.github.io/2015/01/04/secure-secure-shell.html
19 | # NOTE: support for hmac-ripemd160 MAC has been removed in OpenSSH 7.6
20 | #
21 | # XXX WARNING: There's a typo in here; it should be "ed25519" instead of "ed22519".
22 | # I will fix this when I rotate SSH keys the next time.
23 | # Ref: https://github.com/majewsky/system-configuration/issues/3
24 | [[file]]
25 | path   = "/usr/share/holo/files/10-openssh/etc/ssh/sshd_config.holoscript"
26 | mode   = "0755"
27 | content = """
28 |     #!/bin/sh
29 |     cat
30 |     cat <<-'EOF'
31 | 
32 |     # custom settings
33 |     KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
34 | 
35 |     Protocol 2
36 |     HostKey /etc/ssh/ssh_host_ed22519_key
37 |     HostKey /etc/ssh/ssh_host_rsa_key
38 | 
39 |     PasswordAuthentication no
40 |     ChallengeResponseAuthentication no
41 |     PubkeyAuthentication yes
42 | 
43 |     Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
44 | 
45 |     MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
46 |     EOF
47 | """
48 | 
49 | # filter weak moduli
50 | [[file]]
51 | path   = "/usr/share/holo/run-scripts/10-openssh-filter-weak-moduli.sh"
52 | mode   = "0755"
53 | content = """
54 |     #!/bin/sh
55 |     awk '$5 > 2000' < /etc/ssh/moduli > /tmp/ssh-moduli
56 |     mv /tmp/ssh-moduli /etc/ssh/moduli
57 | """
58 | 
59 | # disable weak host keys by placing invalid symlinks at their location
60 | [[symlink]]
61 | path   = "/etc/ssh/ssh_host_key"
62 | target = "ssh_host_key"
63 | [[symlink]]
64 | path   = "/etc/ssh/ssh_host_key.pub"
65 | target = "ssh_host_key.pub"
66 | [[symlink]]
67 | path   = "/etc/ssh/ssh_host_dsa_key"
68 | target = "ssh_host_dsa_key"
69 | [[symlink]]
70 | path   = "/etc/ssh/ssh_host_dsa_key.pub"
71 | target = "ssh_host_dsa_key.pub"
72 | [[symlink]]
73 | path   = "/etc/ssh/ssh_host_ecdsa_key"
74 | target = "ssh_host_ecdsa_key"
75 | [[symlink]]
76 | path   = "/etc/ssh/ssh_host_ecdsa_key.pub"
77 | target = "ssh_host_ecdsa_key.pub"
78 | 


--------------------------------------------------------------------------------
/hologram-sway-desktop.pkg.toml:
--------------------------------------------------------------------------------
  1 | [package]
  2 | name        = "hologram-sway-desktop"
  3 | version     = "1.0.10"
  4 | description = "hologram: Wayland desktop using Sway compositor and selected KDE apps"
  5 | 
  6 | requires = [
  7 |   "hologram-base-gui",
  8 |   "sway",
  9 |   "swaybg",
 10 |   "swaylock",
 11 |   "sddm",
 12 |   "xorg-server-xwayland",
 13 |   "xdg-desktop-portal-wlr",
 14 |   # Wayland tools
 15 |   "bemenu",
 16 |   "bemenu-wayland",
 17 |   "grim",
 18 |   "i3status-rust",
 19 |   "mako",
 20 |   "slurp",
 21 |   "wl-clipboard",
 22 |   "wev",
 23 |   "wtype",
 24 |   # terminal
 25 |   "alacritty",
 26 |   # selected KDE applications
 27 |   "dolphin", # for drag-and-drop of images into kid3
 28 |   "filelight",
 29 |   "gwenview", # for cropping screenshots
 30 |   "kcharselect",
 31 |   "kcolorchooser",
 32 |   "kolourpaint",
 33 |   "kid3",
 34 |   # platform integration for non-KDE desktop
 35 |   "qt5ct",
 36 |   "qt5-wayland",
 37 |   # cursor theme
 38 |   "breeze",
 39 |   # IME
 40 |   "fcitx",
 41 |   "fcitx-configtool",
 42 |   "fcitx-mozc",
 43 |   "fcitx-ui-light",
 44 | ]
 45 | 
 46 | [[symlink]]
 47 | path   = "/etc/systemd/system/display-manager.service"
 48 | target = "/usr/lib/systemd/system/sddm.service"
 49 | 
 50 | [[file]]
 51 | path    = "/etc/sddm.conf.d/30-sway-desktop.conf"
 52 | content = """
 53 |     [Autologin]
 54 |     User=stefan
 55 |     Session=sway.desktop
 56 | 
 57 |     [Theme]
 58 |     Current=breeze
 59 | """
 60 | 
 61 | ################################################################################
 62 | # set several environment variables only when running under Sway
 63 | 
 64 | [[file]]
 65 | path = "/etc/profile.d/sway-env.sh"
 66 | content = '''
 67 |     if [[ "${DESKTOP_SESSION}" == *sway* ]]; then
 68 |         # make xdg-desktop-portal choose the wlr portal
 69 |         export XDG_CURRENT_DESKTOP=sway
 70 |         # set theme for Qt 5 applications
 71 |         export QT_QPA_PLATFORMTHEME=qt5ct
 72 |         # make Firefox use Wayland
 73 |         export MOZ_ENABLE_WAYLAND=1
 74 |         # setup for IME daemon (will be started as part of sway config)
 75 |         export GTK_IM_MODULE=fcitx QT_IM_MODULE=fcitx XMODIFIERS=@im=fcitx
 76 |     fi
 77 | '''
 78 | 
 79 | ################################################################################
 80 | # declare a target for services that only need to be started under Sway, not
 81 | # under Plasma
 82 | 
 83 | [[file]]
 84 | path    = "/home/stefan/.config/systemd/user/sway-session.target"
 85 | content = '''
 86 |     [Unit]
 87 |     Description=Services that are only run within Sway
 88 |     Wants=mako.service xdg-desktop-portal-wlr.service
 89 | '''
 90 | 
 91 | [[file]]
 92 | path    = "/home/stefan/.config/systemd/user/mako.service"
 93 | content = '''
 94 |     [Unit]
 95 |     Description=Mako notification daemon
 96 | 
 97 |     [Service]
 98 |     ExecStart=/usr/bin/mako --font 'Hack 12' --width 400 --default-timeout 10000
 99 |     Restart=always
100 | '''
101 | 


--------------------------------------------------------------------------------
/hologram-uefi-bootloader-with-luks.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "hologram-uefi-bootloader-with-luks"
 3 | version     = "1.0.1"
 4 | description = "hologram: addon to hologram-uefi-bootloader for LUKS-encrypted root partition"
 5 | 
 6 | requires = [
 7 |     "hologram-uefi-bootloader",
 8 |     "mkinitcpio",
 9 | ]
10 | 
11 | [[file]]
12 | path    = "/usr/share/holo/files/20-encrypted-root/boot/loader/entries/arch.conf.holoscript"
13 | mode    = "0755"
14 | content = '''
15 |     #!/bin/sh
16 |     sed '/options/s+root=PARTUUID=\${PARTUUID}+cryptdevice=PARTUUID=${PARTUUID}:root:allow-discards root=/dev/mapper/root+'
17 | '''
18 | 
19 | [[file]]
20 | path    = "/usr/share/holo/files/20-encrypted-root/etc/mkinitcpio.conf.holoscript"
21 | mode    = "0755"
22 | content = '''
23 |     #!/bin/sh
24 |     sed '/^HOOKS=/s/filesystems/encrypt filesystems/'
25 | '''
26 | 
27 | [[action]]
28 | on     = "setup"
29 | script = "mkinitcpio -p linux"
30 | 


--------------------------------------------------------------------------------
/hologram-uefi-bootloader.pkg.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name        = "hologram-uefi-bootloader"
 3 | version     = "1.2.0"
 4 | description = "hologram: UEFI bootloader using systemd-boot"
 5 | 
 6 | requires    = [
 7 |     "systemd",       # for bootctl
 8 |     "util-linux",    # for blkid
 9 |     "device-mapper", # for dmsetup
10 | ]
11 | 
12 | [[action]]
13 | on     = "setup"
14 | script = '''
15 |     echo 'If this package is installed for the first time, run `bootctl install`.'
16 | '''
17 | 
18 | [[file]]
19 | path    = "/boot/loader/loader.conf"
20 | content = """
21 |     default arch
22 |     timeout 1
23 | """
24 | 
25 | [[file]]
26 | path    = "/boot/loader/entries/arch.conf"
27 | content = """
28 |     title     Arch Linux
29 |     linux     /vmlinuz-linux
30 |     initrd    /initramfs-linux.img
31 |     options   root=PARTUUID=${PARTUUID} rw
32 | """
33 | 
34 | # This interpolation happens very late because other holograms might want to
35 | # use the "${PARTUUID}" placeholder when rewriting the bootloader entry.
36 | # See e.g. hologram-uefi-bootloader-with-luks.
37 | [[file]]
38 | path    = "/usr/share/holo/files/99-root-partuuid/boot/loader/entries/arch.conf.holoscript"
39 | mode    = "0755"
40 | content = '''
41 |     #!/bin/bash
42 | 
43 |     ROOTDEVICE="$(mount | grep 'on / ' | cut -d' ' -f1)"
44 |     if [[ "$ROOTDEVICE" == /dev/mapper/* ]]; then
45 |         # root FS is encrypted -- find underlying block device
46 |         ROOTDEVICE="/dev/$(dmsetup deps -o blkdevname "$ROOTDEVICE" | cut -d'(' -f2 | cut -d')' -f1)"
47 |     fi
48 |     if [ "$ROOTDEVICE" == "" ]; then
49 |         echo "ERROR: cannot find root filesystem" >&2
50 |         exit 1
51 |     fi
52 | 
53 |     PARTUUID="$(blkid -s PARTUUID -o value "$ROOTDEVICE")"
54 |     if [ "$PARTUUID" == "" ]; then
55 |         echo "ERROR: cannot find partition UUID" >&2
56 |         exit 1
57 |     fi
58 | 
59 |     sed 's/\${PARTUUID}/'"$PARTUUID"'/g'
60 | '''
61 | 


--------------------------------------------------------------------------------
/jack-autoplug/.SRCINFO:
--------------------------------------------------------------------------------
 1 | pkgbase = jack-autoplug
 2 | 	pkgdesc = Ensures that certain JACK ports are always connected to each other
 3 | 	pkgver = 1.0.0
 4 | 	pkgrel = 2
 5 | 	url = https://github.com/majewsky/jack-autoplug
 6 | 	arch = x86_64
 7 | 	license = AGPL3
 8 | 	makedepends = rust
 9 | 	depends = jack
10 | 	source = https://github.com/majewsky/jack-autoplug/archive/v1.0.0.tar.gz
11 | 	sha256sums = 8ed8bb5b374db3fb7b52b59cf4fc186253455f1c2bd7ce5e220fca142e7a6617
12 | 
13 | pkgname = jack-autoplug
14 | 


--------------------------------------------------------------------------------
/jack-autoplug/PKGBUILD:
--------------------------------------------------------------------------------
 1 | # novendor
 2 | 
 3 | pkgname=jack-autoplug
 4 | pkgver=1.0.0
 5 | pkgrel=2
 6 | pkgdesc='Ensures that certain JACK ports are always connected to each other'
 7 | arch=('x86_64')
 8 | url="https://github.com/majewsky/jack-autoplug"
 9 | license=('AGPL3')
10 | depends=('jack')
11 | makedepends=('rust')
12 | source=("${url}/archive/v${pkgver}.tar.gz")
13 | sha256sums=('8ed8bb5b374db3fb7b52b59cf4fc186253455f1c2bd7ce5e220fca142e7a6617')
14 | 
15 | build() {
16 |   cd "${srcdir}/jack-autoplug-${pkgver}"
17 |   cargo build --release
18 | }
19 | 
20 | package() {
21 |   cd "${srcdir}/jack-autoplug-${pkgver}"
22 |   install -D -m 0755 target/release/jack-autoplug "${pkgdir}/usr/bin/jack-autoplug"
23 | }
24 | 


--------------------------------------------------------------------------------
/libsvg-cairo/.SRCINFO:
--------------------------------------------------------------------------------
 1 | pkgbase = libsvg-cairo
 2 | 	pkgdesc = A library for rendering SVG documents
 3 | 	pkgver = 0.1.6
 4 | 	pkgrel = 11
 5 | 	url = http://cairographics.org/snapshots
 6 | 	arch = i686
 7 | 	arch = x86_64
 8 | 	license = LGPL
 9 | 	makedepends = libpng
10 | 	depends = cairo>=1.4.6
11 | 	depends = libjpeg
12 | 	depends = libsvg
13 | 	options = !libtool
14 | 	source = https://cairographics.org/snapshots/libsvg-cairo-0.1.6.tar.gz
15 | 	md5sums = d79da7b3a60ad8c8e4b902c9b3563047
16 | 
17 | pkgname = libsvg-cairo
18 | 
19 | 


--------------------------------------------------------------------------------
/libsvg-cairo/PKGBUILD:
--------------------------------------------------------------------------------
 1 | # Contributor: Jan de Groot <jgc@archlinux.org>
 2 | # Contributor: Stefan Husmann <stefan-husmann@t-online.de>
 3 | pkgname=libsvg-cairo
 4 | pkgver=0.1.6
 5 | pkgrel=11
 6 | pkgdesc="A library for rendering SVG documents"
 7 | arch=('i686' 'x86_64')
 8 | license=('LGPL')
 9 | url="http://cairographics.org/snapshots"
10 | depends=('cairo>=1.4.6' 'libjpeg' 'libsvg')
11 | makedepends=('libpng')
12 | source=(https://cairographics.org/snapshots/$pkgname-$pkgver.tar.gz)
13 | md5sums=('d79da7b3a60ad8c8e4b902c9b3563047')
14 | options=(!libtool)
15 | 
16 | build() {
17 |   cd $srcdir/$pkgname-$pkgver
18 |   ./configure --prefix=/usr --disable-static 
19 |   make 
20 | }
21 | package() {
22 |   cd $srcdir/$pkgname-$pkgver
23 |   make DESTDIR=$pkgdir install 
24 | }
25 | 


--------------------------------------------------------------------------------
/libsvg/.SRCINFO:
--------------------------------------------------------------------------------
 1 | pkgbase = libsvg
 2 | 	pkgdesc = A library for rendering SVG documents
 3 | 	pkgver = 0.1.4
 4 | 	pkgrel = 6
 5 | 	url = http://cairographics.org/
 6 | 	arch = i686
 7 | 	arch = x86_64
 8 | 	license = LGPL
 9 | 	depends = libxml2
10 | 	options = !libtool
11 | 	source = https://cairographics.org/snapshots/libsvg-0.1.4.tar.gz
12 | 	source = libpng14.patch
13 | 	md5sums = ce0715e3013f78506795fba16e8455d3
14 | 	md5sums = 76eee76d69e79dddbe6de8c75ed0ac1c
15 | 
16 | pkgname = libsvg
17 | 
18 | 


--------------------------------------------------------------------------------
/libsvg/PKGBUILD:
--------------------------------------------------------------------------------
 1 | # Maintainer: Stefan Husmann <stefan-husmann@t-online.de>
 2 | # Contributor: Jan de Groot <jgc@archlinux.org>
 3 | 
 4 | pkgname=libsvg
 5 | pkgver=0.1.4
 6 | pkgrel=6
 7 | pkgdesc="A library for rendering SVG documents"
 8 | arch=('i686' 'x86_64')
 9 | license=('LGPL')
10 | url="http://cairographics.org/"
11 | depends=('libxml2')
12 | source=(https://cairographics.org/snapshots/$pkgname-$pkgver.tar.gz \
13 |   libpng14.patch)
14 | md5sums=('ce0715e3013f78506795fba16e8455d3'
15 |          '76eee76d69e79dddbe6de8c75ed0ac1c')
16 | options=('!libtool')
17 | 
18 | build() {
19 |   cd $pkgname-$pkgver
20 |   ./configure --prefix=/usr
21 |   patch -p1 < "$srcdir"/libpng14.patch
22 |   make
23 | }
24 | package() {
25 |   cd $pkgname-$pkgver
26 |   make DESTDIR="$pkgdir" install
27 | }
28 | 


--------------------------------------------------------------------------------
/libsvg/libpng14.patch:
--------------------------------------------------------------------------------
 1 | diff -Naur libsvg-0.1.4.orig//src/svg_image.c libsvg-0.1.4.new/src/svg_image.c
 2 | --- libsvg-0.1.4.orig//src/svg_image.c	2010-03-26 20:10:48.000000000 +0100
 3 | +++ libsvg-0.1.4.new/src/svg_image.c	2010-03-26 20:14:10.000000000 +0100
 4 | @@ -228,7 +228,7 @@
 5 |  	return SVG_STATUS_FILE_NOT_FOUND;
 6 |  
 7 |      sig_bytes = fread (png_sig, 1, PNG_SIG_SIZE, file);
 8 | -    if (png_check_sig (png_sig, sig_bytes) == 0) {
 9 | +    if (!png_sig_cmp (png_sig, 0, sig_bytes) == 0) {
10 |  	fclose (file);
11 |  	return SVGINT_STATUS_IMAGE_NOT_PNG;
12 |      }
13 | @@ -271,7 +271,7 @@
14 |  
15 |      /* expand gray bit depth if needed */
16 |      if (color_type == PNG_COLOR_TYPE_GRAY && depth < 8)
17 | -	png_set_gray_1_2_4_to_8 (png);
18 | +	png_set_expand_gray_1_2_4_to_8 (png);
19 |  
20 |      /* transform transparency to alpha */
21 |      if (png_get_valid(png, info, PNG_INFO_tRNS))
22 | 


--------------------------------------------------------------------------------
/otf-raleway/.SRCINFO:
--------------------------------------------------------------------------------
 1 | pkgbase = otf-raleway
 2 | 	pkgdesc = An elegant sans-serif font, originally designed in a single thin weight
 3 | 	pkgver = 3.0
 4 | 	pkgrel = 2
 5 | 	url = https://www.theleagueofmoveabletype.com/raleway
 6 | 	arch = any
 7 | 	license = OFL
 8 | 	conflicts = ttf-raleway
 9 | 	source = https://raw.githubusercontent.com/google/fonts/master/ofl/raleway/OFL.txt
10 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Black-Italic-Original.otf
11 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Black-Original.otf
12 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Bold-Italic-Original.otf
13 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Bold-Original.otf
14 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-ExtraBold-Italic-Original.otf
15 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-ExtraBold-Original.otf
16 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-ExtraLight-Italic-Original.otf
17 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-ExtraLight-Original.otf
18 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Light-Italic-Original.otf
19 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Light-Original.otf
20 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Medium-Italic-Original.otf
21 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Medium-Original.otf
22 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Regular-Italic-Original.otf
23 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Regular-Original.otf
24 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-SemiBold-Italic-Original.otf
25 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-SemiBold-Original.otf
26 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Thin-Italic-Original.otf
27 | 	source = https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Thin-Original.otf
28 | 	sha256sums = e588abf45ca2b19c340c4b27349c9b6b6e5e198316fd965128ed9f4422942cbe
29 | 	sha256sums = e9bc1e494db53bf75cd1b473dbbfb56d97c5ac8a46250e13660c3445b80d794f
30 | 	sha256sums = ecc6a566e02eede718c381346335fd7ea641041d8dc5efe2429704de43cf3c5b
31 | 	sha256sums = bcd81fbd6fca5a94d7974328298b3b8ba00b257c6d4ef7f36aba7f4a7acef7a1
32 | 	sha256sums = 8ab3eae9c6e7223cd75b0c63e5df991878744b4ec2e9be9ef5b5a0603af218ed
33 | 	sha256sums = 0cf83b586a099526083ea7d71b656e8f8cc222e727b76dba76679de1692e67ed
34 | 	sha256sums = 2b5b02a483eb52fbbbf9500c900cc01b0948601abf0a20c184973c31491a62cf
35 | 	sha256sums = 01b89eb72a3af9a8de257b8e7e35d13478930ad54051fe5b44e94a563c1258e9
36 | 	sha256sums = 2f825a260beea7fc8666be9e4b3c8fb4676bba02a5ecbe724377ca8d9be51af1
37 | 	sha256sums = e8ffff5a4e2e60f6ab41bae833015ea44925e9fa66a608c8fa788c430b893f60
38 | 	sha256sums = 719e1d5fddf54d77bebec412ee35a305d1f4b0de600b116d763412d42612d5ad
39 | 	sha256sums = 208d6042c17111ac8665c8da855db272fffc2c4760a7632c4438b3be0f719e8b
40 | 	sha256sums = 67891be122c37bf63cc1895d4ec5d6b84e4f5988d1b746da49250ea052a7b062
41 | 	sha256sums = b326e6b9ba787f13ce1050f8fcf70082631be70cdf4fe17613a565479d020ec6
42 | 	sha256sums = 339e4923e0cfd6d378ce58df1a82017ce5e06c33ac15b568c9b026de1c887976
43 | 	sha256sums = 96497d40c232a3fed800c0c9e98662af19b3bd7b545d701194600f38df5c2746
44 | 	sha256sums = 4f11647c0efaea39446099fe5bd2351c183b868072b6b1b470b137c8f93e6340
45 | 	sha256sums = 84463eefb38e858242d8944063125058f0b987799669102f2fabcb8edddf230b
46 | 	sha256sums = 0b31399835977f952ca112db90620109b82a1aa182bd2334e07e0d721d38fb6a
47 | 
48 | pkgname = otf-raleway
49 | 
50 | 


--------------------------------------------------------------------------------
/otf-raleway/PKGBUILD:
--------------------------------------------------------------------------------
 1 | # Maintainer: Caleb Maclennan <caleb@alerque.com>
 2 | # Contributor: LightDot <lightdot@gmail.com>
 3 | # Contributor: Martin C. Doege <mdoege@compuserve.com>
 4 | # Contributor: Martin Florén <martin.floren@gmail.com>
 5 | 
 6 | _ffname=raleway
 7 | pkgname=otf-"$_ffname"
 8 | pkgver=3.0
 9 | pkgrel=2
10 | pkgdesc='An elegant sans-serif font, originally designed in a single thin weight'
11 | arch=('any')
12 | url="https://www.theleagueofmoveabletype.com/$_ffname"
13 | license=('OFL')
14 | conflicts=('ttf-raleway')
15 | source=("https://raw.githubusercontent.com/google/fonts/master/ofl/$_ffname/OFL.txt"
16 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Black-Italic-Original.otf"
17 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Black-Original.otf"
18 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Bold-Italic-Original.otf"
19 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Bold-Original.otf"
20 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-ExtraBold-Italic-Original.otf"
21 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-ExtraBold-Original.otf"
22 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-ExtraLight-Italic-Original.otf"
23 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-ExtraLight-Original.otf"
24 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Light-Italic-Original.otf"
25 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Light-Original.otf"
26 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Medium-Italic-Original.otf"
27 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Medium-Original.otf"
28 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Regular-Italic-Original.otf"
29 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Regular-Original.otf"
30 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-SemiBold-Italic-Original.otf"
31 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-SemiBold-Original.otf"
32 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Thin-Italic-Original.otf"
33 |     "https://raw.githubusercontent.com/impallari/Raleway/master/fonts/v3.000%20Fontlab/OTF/Raleway-Thin-Original.otf")
34 | sha256sums=('e588abf45ca2b19c340c4b27349c9b6b6e5e198316fd965128ed9f4422942cbe'
35 |             'e9bc1e494db53bf75cd1b473dbbfb56d97c5ac8a46250e13660c3445b80d794f'
36 |             'ecc6a566e02eede718c381346335fd7ea641041d8dc5efe2429704de43cf3c5b'
37 |             'bcd81fbd6fca5a94d7974328298b3b8ba00b257c6d4ef7f36aba7f4a7acef7a1'
38 |             '8ab3eae9c6e7223cd75b0c63e5df991878744b4ec2e9be9ef5b5a0603af218ed'
39 |             '0cf83b586a099526083ea7d71b656e8f8cc222e727b76dba76679de1692e67ed'
40 |             '2b5b02a483eb52fbbbf9500c900cc01b0948601abf0a20c184973c31491a62cf'
41 |             '01b89eb72a3af9a8de257b8e7e35d13478930ad54051fe5b44e94a563c1258e9'
42 |             '2f825a260beea7fc8666be9e4b3c8fb4676bba02a5ecbe724377ca8d9be51af1'
43 |             'e8ffff5a4e2e60f6ab41bae833015ea44925e9fa66a608c8fa788c430b893f60'
44 |             '719e1d5fddf54d77bebec412ee35a305d1f4b0de600b116d763412d42612d5ad'
45 |             '208d6042c17111ac8665c8da855db272fffc2c4760a7632c4438b3be0f719e8b'
46 |             '67891be122c37bf63cc1895d4ec5d6b84e4f5988d1b746da49250ea052a7b062'
47 |             'b326e6b9ba787f13ce1050f8fcf70082631be70cdf4fe17613a565479d020ec6'
48 |             '339e4923e0cfd6d378ce58df1a82017ce5e06c33ac15b568c9b026de1c887976'
49 |             '96497d40c232a3fed800c0c9e98662af19b3bd7b545d701194600f38df5c2746'
50 |             '4f11647c0efaea39446099fe5bd2351c183b868072b6b1b470b137c8f93e6340'
51 |             '84463eefb38e858242d8944063125058f0b987799669102f2fabcb8edddf230b'
52 |             '0b31399835977f952ca112db90620109b82a1aa182bd2334e07e0d721d38fb6a')
53 | 
54 | package() {
55 |     install -Dm644 -t "$pkgdir/usr/share/fonts/OTF/" ${_ffname^}-*.otf
56 |     install -Dm644 -t "$pkgdir/usr/share/licenses/" OFL.txt
57 | }
58 | 


--------------------------------------------------------------------------------
/pinfo/.SRCINFO:
--------------------------------------------------------------------------------
 1 | pkgbase = pinfo
 2 | 	pkgdesc = A hypertext info file viewer
 3 | 	pkgver = 0.6.13
 4 | 	pkgrel = 2
 5 | 	url = http://pinfo.sourceforge.net/
 6 | 	arch = x86_64
 7 | 	license = GPL
 8 | 	depends = ncurses
 9 | 	depends = readline
10 | 	source = pinfo-0.6.13.tgz::https://github.com/baszoetekouw/pinfo/archive/v0.6.13.tar.gz
11 | 	source = gcc10-stringop.diff
12 | 	source = https://github.com/baszoetekouw/pinfo/commit/ab604fdb.patch
13 | 	sha256sums = 9dc5e848a7a86cb665a885bc5f0fdf6d09ad60e814d75e78019ae3accb42c217
14 | 	sha256sums = 876fd9e3fbb6e129abe183dceb4db03cbd152467e7f0b7edd7cb03c5bc201c32
15 | 	sha256sums = 7690ed298a139b82b763979e59998afdac88b4265d867f746811e317a152f57d
16 | 
17 | pkgname = pinfo
18 | 


--------------------------------------------------------------------------------
/pinfo/ChangeLog:
--------------------------------------------------------------------------------
1 | 2007-06-28 tardo <tardo@nagi-fanboi.net>
2 | * Built for x86_64
3 | 
4 | 


--------------------------------------------------------------------------------
/pinfo/PKGBUILD:
--------------------------------------------------------------------------------
 1 | # Maintainer: Kyle Keen <keenerd@gmail.com>
 2 | # Contributor: Sergej Pupykin <pupykin.s+arch@gmail.com>
 3 | # Contributor: Jaroslaw Swierczynski <swiergot@aur.archlinux.org>
 4 | 
 5 | pkgname=pinfo
 6 | pkgver=0.6.13
 7 | pkgrel=2
 8 | pkgdesc="A hypertext info file viewer"
 9 | arch=('x86_64')
10 | url="http://pinfo.sourceforge.net/"
11 | # https://fossies.org/linux/misc/pinfo-0.6.10.tar.gz/
12 | license=('GPL')
13 | depends=('ncurses' 'readline')
14 | #source=("https://alioth.debian.org/frs/download.php/file/3351/$pkgname-$pkgver.tar.bz2")
15 | #source=("https://arch.p5n.pp.ru/~sergej/dl/2014/pinfo-$pkgver.tar.bz2")
16 | #source=("https://fossies.org/linux/misc/old/pinfo-$pkgver.tar.bz2")
17 | source=("pinfo-$pkgver.tgz::https://github.com/baszoetekouw/pinfo/archive/v$pkgver.tar.gz"
18 |         gcc10-stringop.diff
19 |         https://github.com/baszoetekouw/pinfo/commit/ab604fdb.patch)
20 | sha256sums=('9dc5e848a7a86cb665a885bc5f0fdf6d09ad60e814d75e78019ae3accb42c217'
21 |             '876fd9e3fbb6e129abe183dceb4db03cbd152467e7f0b7edd7cb03c5bc201c32'
22 |             '7690ed298a139b82b763979e59998afdac88b4265d867f746811e317a152f57d')
23 | 
24 | prepare() {
25 |   cd "$srcdir/$pkgname-$pkgver"
26 |   # remove on 0.6.14
27 |   patch -Np1 -i ../gcc10-stringop.diff
28 |   # Fix build with -Werror=format
29 |   patch -p1 -i ../ab604fdb.patch
30 | }
31 | 
32 | build() {
33 |   cd "$srcdir/$pkgname-$pkgver"
34 |   CFLAGS+=' -fcommon' # https://wiki.gentoo.org/wiki/Gcc_10_porting_notes/fno_common
35 |   unset LDFLAGS
36 |   [ -x configure ] || ./autogen.sh
37 |   sed -i 's|nogroup|nobody|' src/pinforc.in src/utils.c
38 |   [ -f Makefile ] || ./configure --prefix=/usr --sysconfdir=/etc --enable-cursor \
39 | 	--mandir=/usr/share/man --infodir=/usr/share/info
40 |   make
41 | }
42 | 
43 | package() {
44 |   cd "$srcdir/$pkgname-$pkgver"
45 |   make DESTDIR="$pkgdir" install
46 |   rm -f "$pkgdir/usr/share/info/dir"
47 | }
48 | 


--------------------------------------------------------------------------------
/pinfo/gcc10-stringop.diff:
--------------------------------------------------------------------------------
 1 | diff --git a/src/utils.c b/src/utils.c
 2 | index cb2fe76..2e4139c 100644
 3 | --- a/src/utils.c
 4 | +++ b/src/utils.c
 5 | @@ -848,10 +848,9 @@ char *
 6 |  make_tempfile()
 7 |  {
 8 |  	char *filename;
 9 | -	size_t len;
10 |  
11 |  	/* TODO: fix hardcoded /tmp */
12 | -	char tmpfile_template[] = "/tmp/pinfo.XXXXXX";
13 | +	char tmpfile_template[32] = "/tmp/pinfo.XXXXXX";
14 |  
15 |  	/* create a tmpfile */
16 |  	int fd = mkstemp(tmpfile_template);
17 | @@ -864,9 +863,8 @@ make_tempfile()
18 |  	}
19 |  
20 |  	/* allocate a new string and copy the filename there */
21 | -	len = strlen(tmpfile_template)+1;
22 | -	filename = xmalloc(len+1); /* guarenteerd to be set to \0's */
23 | -	strncpy(filename, tmpfile_template, len);
24 | +	filename = xmalloc(33); /* guarenteerd to be set to \0's */
25 | +	strncpy(filename, tmpfile_template, 32);
26 |  
27 |  	/* close the file */
28 |  	close(fd);
29 | 


--------------------------------------------------------------------------------
/prometheus-minimum-viable-sd/.SRCINFO:
--------------------------------------------------------------------------------
 1 | pkgbase = prometheus-minimum-viable-sd
 2 | 	pkgdesc = Minimum Viable service discovery for Prometheus
 3 | 	pkgver = 1.0.0
 4 | 	pkgrel = 1
 5 | 	url = https://github.com/majewsky/prometheus-minimum-viable-sd
 6 | 	arch = x86_64
 7 | 	license = GPL3
 8 | 	makedepends = go
 9 | 	source = https://github.com/majewsky/prometheus-minimum-viable-sd/archive/v1.0.0.tar.gz
10 | 	sha256sums = 20907fad8f5844ea129fa1b6b4c5cac7406d84e2ffae20d7340295305265ba40
11 | 
12 | pkgname = prometheus-minimum-viable-sd
13 | 
14 | 


--------------------------------------------------------------------------------
/prometheus-minimum-viable-sd/PKGBUILD:
--------------------------------------------------------------------------------
 1 | # novendor
 2 | 
 3 | pkgname=prometheus-minimum-viable-sd
 4 | pkgver=1.0.0
 5 | pkgrel=1
 6 | pkgdesc='Minimum Viable service discovery for Prometheus'
 7 | arch=('x86_64')
 8 | url='https://github.com/majewsky/prometheus-minimum-viable-sd'
 9 | license=('GPL3')
10 | depends=()
11 | makedepends=('go')
12 | source=("${url}/archive/v${pkgver}.tar.gz")
13 | sha256sums=('20907fad8f5844ea129fa1b6b4c5cac7406d84e2ffae20d7340295305265ba40')
14 | 
15 | build() {
16 |   ls "${srcdir}"
17 |   cd "${srcdir}/${pkgname}-${pkgver}"
18 |   make
19 | }
20 | 
21 | package() {
22 |   cd "${srcdir}/${pkgname}-${pkgver}"
23 |   make install DESTDIR="${pkgdir}"
24 | }
25 | 


--------------------------------------------------------------------------------
/pwget/.SRCINFO:
--------------------------------------------------------------------------------
 1 | # Generated by mksrcinfo v8
 2 | # Thu Jun  8 15:51:47 UTC 2017
 3 | pkgbase = pwget
 4 | 	pkgdesc = Stateless password manager with support for password revocation
 5 | 	pkgver = 1.2
 6 | 	pkgrel = 1
 7 | 	url = https://github.com/majewsky/pwget
 8 | 	arch = i686
 9 | 	arch = x86_64
10 | 	license = GPL3
11 | 	makedepends = go
12 | 	depends = openssl
13 | 	source = https://github.com/majewsky/pwget/archive/v1.2.tar.gz
14 | 	md5sums = 55e4388af9293fbda4b9dde23bc4cfb7
15 | 	sha256sums = 0a866c820f1f2ef922b8dbf85c90d3c90a8de4ae158dc3b9e284bfad75abc2fb
16 | 
17 | pkgname = pwget
18 | 
19 | 


--------------------------------------------------------------------------------
/pwget/PKGBUILD:
--------------------------------------------------------------------------------
 1 | # novendor
 2 | 
 3 | pkgname='pwget'
 4 | pkgver=1.2
 5 | pkgrel=1
 6 | pkgdesc='Stateless password manager with support for password revocation'
 7 | arch=('i686' 'x86_64')
 8 | url='https://github.com/majewsky/pwget'
 9 | license=('GPL3')
10 | depends=('openssl')
11 | makedepends=('go')
12 | source=("https://github.com/majewsky/${pkgname}/archive/v${pkgver}.tar.gz")
13 | md5sums=('55e4388af9293fbda4b9dde23bc4cfb7')
14 | sha256sums=('0a866c820f1f2ef922b8dbf85c90d3c90a8de4ae158dc3b9e284bfad75abc2fb')
15 | 
16 | build() {
17 |     cd "${srcdir}/${pkgname}-${pkgver}"
18 |     make
19 | }
20 | 
21 | package() {
22 |     cd "${srcdir}/${pkgname}-${pkgver}"
23 |     make install DESTDIR="${pkgdir}"
24 | }
25 | 


--------------------------------------------------------------------------------
/pwget2/.SRCINFO:
--------------------------------------------------------------------------------
 1 | # Generated by mksrcinfo v8
 2 | # Tue Dec 26 21:05:56 UTC 2017
 3 | pkgbase = pwget2
 4 | 	pkgdesc = Stateless password manager with support for password revocation - 2.x series
 5 | 	pkgver = 2.0
 6 | 	pkgrel = 1
 7 | 	url = https://github.com/majewsky/pwget
 8 | 	arch = i686
 9 | 	arch = x86_64
10 | 	license = GPL3
11 | 	makedepends = go
12 | 	depends = openssl
13 | 	source = https://github.com/majewsky/pwget/archive/v2.0.tar.gz
14 | 	md5sums = bbea34f376bcac63a7979826fa1328b3
15 | 	sha256sums = 052f167455e09b1c37f5e7db399952a8e8cd69661d5fff8462f39de7db0c5bf8
16 | 
17 | pkgname = pwget2
18 | 
19 | 


--------------------------------------------------------------------------------
/pwget2/PKGBUILD:
--------------------------------------------------------------------------------
 1 | # novendor
 2 | 
 3 | pkgname='pwget2'
 4 | _pkgorigname='pwget'
 5 | pkgver=2.0
 6 | pkgrel=1
 7 | pkgdesc='Stateless password manager with support for password revocation - 2.x series'
 8 | arch=('i686' 'x86_64')
 9 | url='https://github.com/majewsky/pwget'
10 | license=('GPL3')
11 | depends=('openssl')
12 | makedepends=('go')
13 | source=("${url}/archive/v${pkgver}.tar.gz")
14 | md5sums=('bbea34f376bcac63a7979826fa1328b3')
15 | sha256sums=('052f167455e09b1c37f5e7db399952a8e8cd69661d5fff8462f39de7db0c5bf8')
16 | 
17 | build() {
18 |     cd "${srcdir}/${_pkgorigname}-${pkgver}"
19 |     make
20 | }
21 | 
22 | package() {
23 |     cd "${srcdir}/${_pkgorigname}-${pkgver}"
24 |     make install DESTDIR="${pkgdir}"
25 | }
26 | 


--------------------------------------------------------------------------------
/screen-message/.SRCINFO:
--------------------------------------------------------------------------------
 1 | # Generated by mksrcinfo v8
 2 | # Mon Jul 24 09:52:36 UTC 2017
 3 | pkgbase = screen-message
 4 | 	pkgdesc = Displays a short text fullscreen as large and as quickly as possible.
 5 | 	pkgver = 0.25
 6 | 	pkgrel = 1
 7 | 	url = http://www.joachim-breitner.de/projects
 8 | 	arch = i686
 9 | 	arch = x86_64
10 | 	license = GPL
11 | 	depends = gtk3
12 | 	source = http://www.joachim-breitner.de/archive/screen-message/screen-message-0.25.tar.gz
13 | 	sha256sums = 60291a493a6e30714c8704c614b37ef94621a917c3a9fa290800df82712989d3
14 | 
15 | pkgname = screen-message
16 | 
17 | 


--------------------------------------------------------------------------------
/screen-message/PKGBUILD:
--------------------------------------------------------------------------------
 1 | # Maintainer : speps <speps at aur dot archlinux dot org>
 2 | # Contributor: Andrew LeCain dread@csh.rit.edu
 3 | 
 4 | pkgname=screen-message
 5 | pkgver=0.25
 6 | pkgrel=1
 7 | pkgdesc="Displays a short text fullscreen as large and as quickly as possible."
 8 | arch=('i686' 'x86_64')
 9 | url="http://www.joachim-breitner.de/projects"
10 | license=('GPL')
11 | depends=('gtk3')
12 | source=("http://www.joachim-breitner.de/archive/$pkgname/$pkgname-$pkgver.tar.gz")
13 | sha256sums=('60291a493a6e30714c8704c614b37ef94621a917c3a9fa290800df82712989d3')
14 | 
15 | build() {
16 |   cd "$srcdir/$pkgname-$pkgver"
17 | 
18 |   # install to /usr/bin
19 |   sed -i "s|/games|/bin|g" Makefile.*
20 | 
21 |   ./configure --prefix=/usr
22 |   make
23 | }
24 | 
25 | package() {
26 |   cd "$srcdir/$pkgname-$pkgver"
27 |   make DESTDIR="$pkgdir/" install
28 | }
29 | 


--------------------------------------------------------------------------------
/src/bootstrap-devenv.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -euo pipefail
 3 | 
 4 | REPO_URL=github.com/majewsky/devenv
 5 | REPO_SHORT_URL=gh:majewsky/devenv
 6 | export GOPATH=/x
 7 | 
 8 | # clone devenv repo into the (not yet populated) repo tree
 9 | REPO_PATH="${GOPATH}/src/${REPO_URL}"
10 | if [ ! -d "${REPO_PATH}/.git" ]; then
11 |     git clone "https://${REPO_URL}" "${REPO_PATH}"
12 |     # this remote URL will become valid as soon as the devenv is installed
13 |     git -C "${REPO_PATH}" remote set-url origin "${REPO_SHORT_URL}"
14 | fi
15 | 
16 | # run setup script for devenv
17 | "${REPO_PATH}/install.sh"
18 | 
19 | # add the devenv repo to the rtree index (if not done yet)
20 | rtree get "${REPO_SHORT_URL}" > /dev/null
21 | 


--------------------------------------------------------------------------------
/src/unpack-secrets.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -euo pipefail
 3 | 
 4 | KEY="$(cat /etc/secrets/key)"
 5 | if [ -z "${KEY}" ]; then
 6 |   echo "Cannot unpack secrets because /etc/secrets/key is empty." >&2
 7 |   exit 1
 8 | fi
 9 | 
10 | find /etc/replicator.d -name \*.toml -delete
11 | 
12 | gpg --pinentry-mode loopback --quiet --decrypt --passphrase-fd 3 -o /etc/replicator.d/unpacked.toml \
13 |   <(base64 -d < "/etc/secrets/$(echo -n "$(cat /etc/hostname)" | sha256sum | cut -d' ' -f1).gpg.b64") \
14 |   3< /etc/secrets/key
15 | 
16 | chmod 0600 /etc/replicator.d/unpacked.toml
17 | 


--------------------------------------------------------------------------------
/svg2png/.SRCINFO:
--------------------------------------------------------------------------------
 1 | pkgbase = svg2png
 2 | 	pkgdesc = Conversion of SVGs to PNGs via cairo
 3 | 	pkgver = 0.1.3
 4 | 	pkgrel = 7
 5 | 	url = http://cairographics.org/
 6 | 	arch = i686
 7 | 	arch = x86_64
 8 | 	license = custom
 9 | 	depends = libsvg-cairo
10 | 	source = https://cairographics.org/snapshots/svg2png-0.1.3.tar.gz
11 | 	sha256sums = e658fde141eb7ce981ad63d319339be5fa6d15e495d1315ee310079cbacae52b
12 | 
13 | pkgname = svg2png
14 | 
15 | 


--------------------------------------------------------------------------------
/svg2png/PKGBUILD:
--------------------------------------------------------------------------------
 1 | # Maintainer: Stefan Husmann <stefan dot husmann at t minus online dot de>
 2 | 
 3 | pkgname=svg2png
 4 | pkgver=0.1.3
 5 | pkgrel=7
 6 | pkgdesc="Conversion of SVGs to PNGs via cairo"
 7 | url="http://cairographics.org/"
 8 | license=('custom')
 9 | depends=('libsvg-cairo')
10 | arch=('i686' 'x86_64')
11 | source=("https://cairographics.org/snapshots/$pkgname-$pkgver.tar.gz")
12 | sha256sums=('e658fde141eb7ce981ad63d319339be5fa6d15e495d1315ee310079cbacae52b')
13 | 
14 | build() {
15 |   cd $pkgname-$pkgver
16 |   unset LDFLAGS
17 |   ./configure --prefix=/usr --mandir=/usr/share/man
18 |   sed -i "s/-Wl,--as-needed//g" src/Makefile 
19 |   make 
20 | }
21 | package() {
22 |   cd $pkgname-$pkgver
23 |   make prefix="$pkgdir"/usr mandir="$pkgdir"/usr/share/man install
24 |   install -Dm644 COPYING \
25 |     "$pkgdir"/usr/share/licenses/$pkgname/COPYING
26 | }
27 | 


--------------------------------------------------------------------------------
/titillium-fonts/.SRCINFO:
--------------------------------------------------------------------------------
 1 | pkgbase = titillium-fonts
 2 | 	pkgdesc = Sans serif type family designed inside Campi Visivi’s Type Design course
 3 | 	pkgver = 2.0
 4 | 	pkgrel = 1
 5 | 	url = http://www.campivisivi.net/titillium/
 6 | 	arch = any
 7 | 	license = custom
 8 | 	source = https://src.fedoraproject.org/repo/extras/campivisivi-titillium-fonts/Titillium_roman_upright_italic_2_0_OT.zip/258e06fe34c35320321f0458e6625bba/Titillium_roman_upright_italic_2_0_OT.zip
 9 | 	sha512sums = ee10b5551ac58f4b61d5b88e9992fc86e342b8e79e23caec42ffc7d6c94f676a82fff6ee343ee0b372d7d7b2d6471eae047b31dc21a402d7570d432877c20533
10 | 
11 | pkgname = titillium-fonts
12 | 
13 | 


--------------------------------------------------------------------------------
/titillium-fonts/PKGBUILD:
--------------------------------------------------------------------------------
 1 | # Maintainer: Patrick Lühne <patrick-arch@luehne.de>
 2 | 
 3 | pkgname=titillium-fonts
 4 | pkgver=2.0
 5 | pkgrel=1
 6 | pkgdesc="Sans serif type family designed inside Campi Visivi’s Type Design course"
 7 | url="http://www.campivisivi.net/titillium/"
 8 | arch=(any)
 9 | license=(custom)
10 | source=("https://src.fedoraproject.org/repo/extras/campivisivi-titillium-fonts/Titillium_roman_upright_italic_2_0_OT.zip/258e06fe34c35320321f0458e6625bba/Titillium_roman_upright_italic_2_0_OT.zip")
11 | sha512sums=('ee10b5551ac58f4b61d5b88e9992fc86e342b8e79e23caec42ffc7d6c94f676a82fff6ee343ee0b372d7d7b2d6471eae047b31dc21a402d7570d432877c20533')
12 | 
13 | package() {
14 | 	cd "Titillium_roman_upright_italic_${pkgver//./_}_OT/"
15 | 	install -d "$pkgdir/usr/share/fonts/${pkgname%-fonts}"
16 | 	install -t "$pkgdir/usr/share/fonts/${pkgname%-fonts}" -m644 *.otf
17 | 	install -Dm644 "OFL-titillium.txt" "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
18 | }
19 | 


--------------------------------------------------------------------------------
/ttf-montserrat/.SRCINFO:
--------------------------------------------------------------------------------
 1 | pkgbase = ttf-montserrat
 2 | 	pkgdesc = Geometric font with Cyrillic and extended Latin support by Julieta Ulanovsky
 3 | 	pkgver = 7.200
 4 | 	pkgrel = 4
 5 | 	url = https://github.com/JulietaUla/Montserrat
 6 | 	arch = any
 7 | 	license = OFL
 8 | 	source = https://github.com/JulietaUla/Montserrat/archive/v7.200.tar.gz
 9 | 	sha256sums = 340125df4700876c5adf4df98c885dbe9b96c8a6a0ee634a520934c77ee097dc
10 | 
11 | pkgname = ttf-montserrat
12 | 
13 | 


--------------------------------------------------------------------------------
/ttf-montserrat/PKGBUILD:
--------------------------------------------------------------------------------
 1 | # Maintainer:  Caleb Maclennan <caleb@alerque.com>
 2 | # Contributor: scolobb <scolobb@colimite.fr>
 3 | # Contributor: EEva <eeva+aur@marvid.fr>
 4 | 
 5 | pkgname=ttf-montserrat
 6 | _pkgname=Montserrat
 7 | pkgver=7.200
 8 | pkgrel=4
 9 | pkgdesc='Geometric font with Cyrillic and extended Latin support by Julieta Ulanovsky'
10 | url="https://github.com/JulietaUla/$_pkgname"
11 | arch=('any')
12 | license=('OFL')
13 | source=("https://github.com/JulietaUla/$_pkgname/archive/v$pkgver.tar.gz")
14 | sha256sums=('340125df4700876c5adf4df98c885dbe9b96c8a6a0ee634a520934c77ee097dc')
15 | 
16 | package() {
17 |   cd "$_pkgname-$pkgver"
18 |   install -Dm644 -t "$pkgdir/usr/share/fonts/TTF/" fonts/ttf/$_pkgname*.ttf
19 |   install -Dm644 -t "$pkgdir/usr/share/licenses/$pkgname/" OFL.txt AUTHOR.txt CONTRIBUTORS.txt
20 |   install -Dm644 -t "$pkgdir/usr/share/doc/$pkgname/" README.md DESCRIPTION.en_us.html
21 | }
22 | 


--------------------------------------------------------------------------------
/units/.SRCINFO:
--------------------------------------------------------------------------------
 1 | pkgbase = units
 2 | 	pkgdesc = converts between different units
 3 | 	pkgver = 2.22
 4 | 	pkgrel = 1
 5 | 	url = https://www.gnu.org/software/units/units.html
 6 | 	arch = x86_64
 7 | 	license = GPL
 8 | 	makedepends = python-unidecode
 9 | 	makedepends = python-requests
10 | 	depends = readline
11 | 	optdepends = python-unidecode: for live currency rates
12 | 	optdepends = python-requests: for live currency rates
13 | 	options = !makeflags
14 | 	source = https://ftp.gnu.org/gnu/units/units-2.22.tar.gz
15 | 	source = units_currency.timer
16 | 	source = units_currency.service
17 | 	validpgpkeys = 9AD8FC4162D7937CF64F972E1889D5F0E0636F49
18 | 	sha256sums = 5d13e1207721fe7726d906ba1d92dc0eddaa9fc26759ed22e3b8d1a793125848
19 | 	sha256sums = c1cb48a6157c850a0b7ecbf4387b82820d6e42f4a2c7ff0eb9de293bad6b128f
20 | 	sha256sums = 52e8cd68110e797e3ee3737f06200505225039b18f3f9b87ae38b6c539c9ccb2
21 | 
22 | pkgname = units
23 | 


--------------------------------------------------------------------------------
/units/PKGBUILD:
--------------------------------------------------------------------------------
 1 | # Maintainer: Kyle Keen <keenerd@gmail.com>
 2 | # Maintainer: Sergej Pupykin <pupykin.s+arch@gmail.com>
 3 | # Maintainer: Jeff Mickey <jeff@archlinux.org>
 4 | # Contributor: Steve Sansom <snsansom@gmail.com>
 5 | 
 6 | pkgname=units
 7 | pkgver=2.22
 8 | pkgrel=1
 9 | pkgdesc="converts between different units"
10 | arch=('x86_64')
11 | url="https://www.gnu.org/software/units/units.html"
12 | depends=('readline')
13 | optdepends=('python-unidecode: for live currency rates'
14 |             'python-requests: for live currency rates')
15 | makedepends=('python-unidecode' 'python-requests')
16 | license=("GPL")
17 | options=('!makeflags')
18 | validpgpkeys=('9AD8FC4162D7937CF64F972E1889D5F0E0636F49')
19 | source=(https://ftp.gnu.org/gnu/units/$pkgname-$pkgver.tar.gz
20 |         'units_currency.timer'
21 |         'units_currency.service')
22 | sha256sums=('5d13e1207721fe7726d906ba1d92dc0eddaa9fc26759ed22e3b8d1a793125848'
23 |             'c1cb48a6157c850a0b7ecbf4387b82820d6e42f4a2c7ff0eb9de293bad6b128f'
24 |             '52e8cd68110e797e3ee3737f06200505225039b18f3f9b87ae38b6c539c9ccb2')
25 | 
26 | build() {
27 |   cd "$pkgname-$pkgver"
28 |   ./configure --prefix=/usr --datadir=/usr/share --sharedstatedir=/var/lib
29 |   make
30 | }
31 | 
32 | package() {
33 |   cd "$pkgname-$pkgver"
34 |   make DESTDIR="$pkgdir" install
35 |   rm "$pkgdir/usr/share/units/currency.units"
36 |   ln -s /var/lib/units/currency.units "$pkgdir/usr/share/units/currency.units"
37 |   install -Dm644 ../units_currency.timer "$pkgdir/usr/lib/systemd/system/units_currency.timer"
38 |   install -Dm644 ../units_currency.service "$pkgdir/usr/lib/systemd/system/units_currency.service"
39 | }
40 | 


--------------------------------------------------------------------------------
/units/units_currency.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Update units currency rates database
3 | After=network-online.target
4 | Wants=network-online.target
5 | 
6 | [Service]
7 | Type=oneshot
8 | ExecStart=/usr/bin/units_cur
9 | 


--------------------------------------------------------------------------------
/units/units_currency.timer:
--------------------------------------------------------------------------------
 1 | [Unit]
 2 | Description=Daily units currency rates database update
 3 | 
 4 | [Timer]
 5 | OnCalendar=daily
 6 | AccuracySec=12h
 7 | Persistent=true
 8 | 
 9 | [Install]
10 | WantedBy=timers.target
11 | 


--------------------------------------------------------------------------------
/vendor.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -euo pipefail
 3 | cd "$(readlink -f "$(dirname "$0")")"
 4 | 
 5 | vendor() {
 6 |   mkdir -p "${TARGET_DIR}"
 7 |   SOURCE_DIR=".vendor-cache/${TARGET_DIR}"
 8 | 
 9 |   if [ -d "${SOURCE_DIR}" ]; then
10 |     git -C "${SOURCE_DIR}" remote update origin
11 |   else
12 |     git clone "https://aur.archlinux.org/${TARGET_DIR}.git" "${SOURCE_DIR}"
13 |   fi
14 | 
15 |   git clean -dXf "${TARGET_DIR}"
16 |   git ls-files -- "${TARGET_DIR}" | xargs -r rm
17 |   git -C "${SOURCE_DIR}" archive --prefix="${TARGET_DIR}/" origin/master | tar xf -
18 | }
19 | 
20 | if [ $# -eq 0 ]; then
21 |   # default: vendor all packages
22 |   for TARGET_DIR in $(grep -L novendor */PKGBUILD | xargs -n1 dirname); do
23 |     printf '\x1B[1;36m>> \x1B[0;36mVendoring %s...\x1B[0m\n' "${TARGET_DIR}"
24 |     vendor "${TARGET_DIR}"
25 |   done
26 | else
27 |   # if args given: vendor only these packages
28 |   for TARGET_DIR in "$@"; do
29 |     vendor "${TARGET_DIR}"
30 |   done
31 | fi
32 | 


--------------------------------------------------------------------------------
/wev/.SRCINFO:
--------------------------------------------------------------------------------
 1 | pkgbase = wev
 2 | 	pkgdesc = tool for debugging wayland events, similar to xev
 3 | 	pkgver = 1.0.0
 4 | 	pkgrel = 7
 5 | 	url = https://git.sr.ht/~sircmpwn/wev
 6 | 	arch = i686
 7 | 	arch = x86_64
 8 | 	arch = aarch64
 9 | 	license = MIT
10 | 	makedepends = scdoc
11 | 	makedepends = wayland-protocols
12 | 	depends = wayland
13 | 	depends = libxkbcommon
14 | 	conflicts = wev-git
15 | 	source = wev-1.0.0.tar.gz::https://git.sr.ht/~sircmpwn/wev/archive/1.0.0.tar.gz
16 | 	b2sums = e777cf1f19a5ad051b81ccd878067ba043c5121f460aed26fa41c999812d9c52e30837cbcb72351de4e532f0427cb2e8f707ca1ddaa09d992cdff3c422638ec2
17 | 
18 | pkgname = wev
19 | 


--------------------------------------------------------------------------------
/wev/.gitignore:
--------------------------------------------------------------------------------
1 | /src
2 | /pkg
3 | *.tar.gz
4 | *.tar.xz
5 | *.tar.zst
6 | 


--------------------------------------------------------------------------------
/wev/PKGBUILD:
--------------------------------------------------------------------------------
 1 | # Maintainer: Thayne McCombs <astrothayne at gmail dot com>
 2 | pkgname=wev
 3 | pkgver=1.0.0
 4 | pkgrel=7
 5 | pkgdesc="tool for debugging wayland events, similar to xev"
 6 | url='https://git.sr.ht/~sircmpwn/wev'
 7 | license=(MIT)
 8 | arch=('i686' 'x86_64' 'aarch64')
 9 | depends=('wayland' 'libxkbcommon')
10 | makedepends=('scdoc' 'wayland-protocols')
11 | conflicts=('wev-git')
12 | source=("$pkgname-$pkgver.tar.gz::https://git.sr.ht/~sircmpwn/wev/archive/$pkgver.tar.gz")
13 | b2sums=('e777cf1f19a5ad051b81ccd878067ba043c5121f460aed26fa41c999812d9c52e30837cbcb72351de4e532f0427cb2e8f707ca1ddaa09d992cdff3c422638ec2')
14 | 
15 | build() {
16 |   cd "$pkgname-$pkgver"
17 |   make CFLAGS="$CFLAGS $LDFLAGS"
18 | }
19 | 
20 | package() {
21 |   cd "$pkgname-$pkgver"
22 |   make DESTDIR="$pkgdir/" PREFIX=/usr MANDIR=/usr/share/man install
23 |   install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
24 | }
25 | 


--------------------------------------------------------------------------------