This pseudo-package contains all my desktop system configuration. I've taken a declarative approach for this; this package depends on others that I want installed, and includes files to be placed into the root filesystem in order to achieve the configuration desired.
This includes not only configuration files, but also hooks that are installed when installing or updating certain other packages.
This allows not only easily replicating my desktop setup, but also results in much easier to understand history of changes.
Altering files outside of
$HOME is highly problematic. If the file is owned
by a package, it will be overwritten on next update, at which point whatever
configuration had been done is lost forever.
Fortunately, a lot of software nowadays supports drop-in files: files that you place in a defined directory, and are appended to the software's configuration.
For software that doesn't support drop-ins and expects you to edit package-supplied files, I include a pacman hook to apply the changes. The hook runs on each updated, and will show a clear error if/when it fails for any reason.
Note that this package only contain configuration files that need to be installed as root. User-level settings are handled as simple dotfiles.
While I often install and un-install packages via my package manager, many times they're for a short time, or I'm testing something. When I want to commit something and also make sure it's in all my systems, I list in as a dependency here.
A nice side effect of this, is that I can merely install this package onto a new system to have it up and ready to go with all my applications.
It also allows keeping pacman's "List of explicitly packages" short, since packages declared as dependencies of this on won't show up and clutter that list. This changes how packages are visualised: other "explicitly installed" packages are not part of the declared system and just transient installations.
systemd-boot (formerly known as
gummyboot) is used as a bootloader. It will
auto-discover the only bootloader entry (an EFI bundle) and boot straight into
that. The default timeout is 0s, so no UI is shown. Spamming the spacebar
during boot will show its UI.
See this article for how SecureBoot is set up.
I have a small UEFI partition, an LUKS+ext4, and a LUKS+sway partition. Systemd will prompt for the disk decryption partition, which will decrypt both drives.
The rest of the OS is read from the main, encrypted partition.
Can't fully replace
docker due to some incompatibilities. For
the moment, I'm using rootless docker (mostly for docker-compose) and rootless
podman (for anything else).