ref: 422129b72ce19c95e2dad47472a624d399f74165 dotfiles/sysconfig/README.md -rw-r--r-- 2.8 KiB
422129b7Hugo Osvaldo Barrera packages: Minor tidy-up a month ago


This pseudo-package contains all my desktop system configuration. I've taken a declarative approach for this; this package depends on others that I want installed, and includes files to be placed into the root filesystem in order to achieve the configuration desired.

This includes not only configuration files, but also hooks that are installed when installing or updating certain other packages.

This allows not only easily replicating my desktop setup, but also results in much easier to understand history of changes.

#Hooks + Patches

Altering files outside of $HOME is highly problematic. If the file is owned by a package, it will be overwritten on next update, at which point whatever configuration had been done is lost forever.

Fortunately, a lot of software nowadays supports drop-in files: files that you place in a defined directory, and are appended to the software's configuration.

For software that doesn't support drop-ins and expects you to edit package-supplied files, I include a pacman hook to apply the changes. The hook runs on each updated, and will show a clear error if/when it fails for any reason.

Note that this package only contain configuration files that need to be installed as root. User-level settings are handled as simple dotfiles.


While I often install and un-install packages via my package manager, many times they're for a short time, or I'm testing something. When I want to commit something and also make sure it's in all my systems, I list in as a dependency here.

A nice side effect of this, is that I can merely install this package onto a new system to have it up and ready to go with all my applications.

It also allows keeping pacman's "List of explicitly packages" short, since packages declared as dependencies of this on won't show up and clutter that list. This changes how packages are visualised: other "explicitly installed" packages are not part of the declared system and just transient installations.


systemd-boot (formerly known as gummyboot) is used as a bootloader. It will auto-discover the only bootloader entry (an EFI bundle) and boot straight into that. The default timeout is 0s, so no UI is shown. Spamming the spacebar during boot will show its UI.

#Secure Boot

See this article for how SecureBoot is set up.


I have a small UEFI partition, an LUKS+ext4, and a LUKS+sway partition. Systemd will prompt for the disk decryption partition, which will decrypt both drives.

The rest of the OS is read from the main, encrypted partition.


Can't fully replace podman with docker due to some incompatibilities. For the moment, I'm using rootless docker (mostly for docker-compose) and rootless podman (for anything else).