Fix audit findings, replace wlogout with moonset

Bug fixes from quality and security audits:
- moonarch-capsnote: use value[0] instead of value[2]
- moonarch-btnote: guard empty PER_INT before integer comparison
- moonarch-clipboard + niri config: use XDG_RUNTIME_DIR instead of UID 1000
- moonarch-waybar-hidpp: use charging icon when charging
- moonarch-waybar-gpustat: find gpu_busy_percent dynamically across hwmon*
- post-install/transform: use systemctl --user cat for service detection
- post-install/transform: install paru from [extra] instead of AUR clone

Replace wlogout with moonset in niri keybind and waybar on-click.
Remove moonarch-session (dead code, replaced by moonset) and wlogout
layout config.

defaults/bin/moonarch-btnote

@@ -11,7 +11,7 @@ for d in $(upower -e); do
   PER_INT=$(echo "${PERCENTAGE//%}")
   DEVICE_NAME=$(echo $DEVICE_DATA | grep -Po '(?<=(model: )).*(?= serial)')
 
-  if [ ! -z "$DEVICE_NAME" ] && [ "$PER_INT" -lt "$NOTIFY_AT_PERCENTAGE" ]; then
+  if [ -n "$DEVICE_NAME" ] && [ -n "$PER_INT" ] && [ "$PER_INT" -lt "$NOTIFY_AT_PERCENTAGE" ]; then
     notify-send -t 5000 -e "Low battery $DEVICE_NAME $PER_INT%" -i "$ICON" \
       -h string:x-canonical-private-synchronous:battery \
       -h int:value:"$PER_INT" -u critical

defaults/bin/moonarch-capsnote

@@ -4,9 +4,9 @@
 
 sleep 0.2
 
-value=($(cat /sys/class/leds/input*::capslock/brightness | cut -f1 -d,))
+value=($(cat /sys/class/leds/input*::capslock/brightness 2>/dev/null | cut -f1 -d,))
 
-if [ ${value[2]} == 1 ]; then
+if [ "${value[0]:-0}" == 1 ]; then
   icon_name="capslock-enabled-symbolic"
   output="caps lock on"
 else
@@ -16,4 +16,4 @@ fi
 
 notify-send -e "$output" -i "$icon_name" \
   -h string:x-canonical-private-synchronous:state \
-  -h boolean:value:"${value[2]}" -r 555
+  -h boolean:value:"${value[0]:-0}" -r 555

defaults/bin/moonarch-clipboard

@@ -2,7 +2,7 @@
 # ABOUTME: Rofi-based clipboard history manager using cliphist and wl-copy.
 # ABOUTME: Lists clipboard entries and copies the selected one.
 
-CLIPHIST_DB="/run/user/1000/cliphist/db"
+CLIPHIST_DB="${XDG_RUNTIME_DIR:-/run/user/$(id -u)}/cliphist/db"
 
 function start_rofi() {
     local content="$1"

defaults/bin/moonarch-session

@@ -1,43 +0,0 @@
-#!/usr/bin/env bash
-# ABOUTME: Rofi-based session menu with horizontal icon layout.
-# ABOUTME: Replaces wlogout — provides lock, logout, suspend, hibernate, reboot, shutdown.
-
-declare -A actions
-declare -a order
-
-order=("lock" "logout" "suspend" "hibernate" "reboot" "shutdown")
-
-actions[lock]="gtklock"
-actions[logout]="niri msg action quit"
-actions[suspend]="systemctl suspend"
-actions[hibernate]="systemctl hibernate"
-actions[reboot]="systemctl reboot"
-actions[shutdown]="systemctl poweroff"
-
-# GTK icon theme names
-declare -A icons
-icons[lock]="system-lock-screen"
-icons[logout]="system-log-out"
-icons[suspend]="system-suspend"
-icons[hibernate]="system-suspend-hibernate"
-icons[reboot]="system-reboot"
-icons[shutdown]="system-shutdown"
-
-# Build menu — use rofi icon protocol
-menu=""
-for key in "${order[@]}"; do
-    [[ -n "$menu" ]] && menu+="\n"
-    menu+="${key}\x00icon\x1f${icons[$key]}"
-done
-
-selected=$(echo -e "$menu" | rofi -dmenu \
-    -theme /etc/xdg/rofi/themes/session.rasi \
-    -show-icons \
-    -p "")
-
-[[ -z "$selected" ]] && exit 0
-
-# Execute the selected action
-if [[ -n "${actions[$selected]+x}" ]]; then
-    eval "${actions[$selected]}"
-fi

defaults/bin/moonarch-waybar-gpustat

@@ -4,7 +4,8 @@
 
 while :
 do
-  GPU_STAT=$(cat /sys/class/hwmon/hwmon5/device/gpu_busy_percent 2>/dev/null || echo "0")
+  GPU_STAT=$(cat /sys/class/hwmon/hwmon*/device/gpu_busy_percent 2>/dev/null | head -1 || echo "0")
+  GPU_STAT="${GPU_STAT:-0}"
   ICON="<span color='#69ff94' size='8pt' rise='1.5pt'>▁</span>"
 
   if [ "$GPU_STAT" -lt 10 ]; then

defaults/bin/moonarch-waybar-hidpp

@@ -28,7 +28,7 @@ for dev in /sys/class/power_supply/hidpp_battery_*; do
         fi
 
         if [ "$status" = "Charging" ]; then
-            text="${capacity}% 󰌌"
+            text="${capacity}% 󰂄"
         else
             text="${capacity}% 󰌌"
         fi

defaults/xdg/niri/config.kdl

@@ -84,8 +84,8 @@ spawn-at-startup "/usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1"
 spawn-sh-at-startup "waypaper --restore"
 // spawn-sh-at-startup "nemo . &> /dev/null &"
 spawn-sh-at-startup "foot --server"
-spawn-sh-at-startup "mkdir -p /run/user/1000/cliphist && wl-paste --watch cliphist -db-path /run/user/1000/cliphist/db store"
-spawn-sh-at-startup "mkdir -p /run/user/1000/cliphist && wl-paste --type image --watch cliphist -db-path /run/user/1000/cliphist/db store"
+spawn-sh-at-startup "mkdir -p $XDG_RUNTIME_DIR/cliphist && wl-paste --watch cliphist -db-path $XDG_RUNTIME_DIR/cliphist/db store"
+spawn-sh-at-startup "mkdir -p $XDG_RUNTIME_DIR/cliphist && wl-paste --type image --watch cliphist -db-path $XDG_RUNTIME_DIR/cliphist/db store"
 
 hotkey-overlay {
     hide-not-bound
@@ -134,7 +134,7 @@ binds {
 
     Mod+Return hotkey-overlay-title="Open a Terminal: foot" { spawn "foot"; }
     Mod+Space hotkey-overlay-title="Run an Application: rofi" { spawn-sh "pkill rofi || moonarch-launcher"; }
-    Super+Alt+L hotkey-overlay-title="Lock/Logout: wlogout" { spawn-sh "wlogout -P 1 -s -r 10 -c 10"; }
+    Super+Alt+L hotkey-overlay-title="Session Menu: moonset" { spawn "moonset"; }
 
     Mod+A { spawn-sh "pkill rofi || moonarch-volume"; }
 

defaults/xdg/waybar/config

@@ -177,7 +177,7 @@
     },
     "custom/power": {
         "format": "󰣇",
-        "on-click": "wlogout",
+        "on-click": "moonset",
         "tooltip-format": "Session Menu"
     },
     "gamemode": {

defaults/xdg/wlogout/layout

@@ -1,38 +0,0 @@
-// ABOUTME: Moonarch default wlogout layout.
-// ABOUTME: User overrides go in ~/.config/wlogout/layout
-{
-    "label" : "lock",
-    "action" : "gtklock",
-    "text" : "Lock",
-    "keybind" : "l"
-}
-{
-    "label" : "hibernate",
-    "action" : "systemctl hibernate",
-    "text" : "Hibernate",
-    "keybind" : "h"
-}
-{
-    "label" : "logout",
-    "action" : "niri msg action quit",
-    "text" : "Logout",
-    "keybind" : "e"
-}
-{
-    "label" : "shutdown",
-    "action" : "systemctl poweroff",
-    "text" : "Shutdown",
-    "keybind" : "s"
-}
-{
-    "label" : "suspend",
-    "action" : "systemctl suspend",
-    "text" : "Suspend",
-    "keybind" : "u"
-}
-{
-    "label" : "reboot",
-    "action" : "systemctl reboot",
-    "text" : "Reboot",
-    "keybind" : "r"
-}

scripts/post-install.sh

@@ -15,10 +15,7 @@ check_pacman
 
 if ! command -v paru &>/dev/null; then
     log "Installing paru..."
-    PARU_TMPDIR=$(mktemp -d)
-    git clone https://aur.archlinux.org/paru.git "$PARU_TMPDIR/paru"
-    (cd "$PARU_TMPDIR/paru" && makepkg -si --noconfirm)
-    rm -rf "$PARU_TMPDIR"
+    sudo pacman -S --needed --noconfirm paru
 else
     log "paru already installed."
 fi
@@ -111,7 +108,7 @@ USER_SERVICES=(
 )
 
 for service in "${USER_SERVICES[@]}"; do
-    if systemctl --user list-unit-files "${service}.service" &>/dev/null; then
+    if systemctl --user cat "${service}.service" &>/dev/null; then
         systemctl --user enable "$service"
         log "  + $service (user)"
     else

scripts/transform.sh

@@ -194,10 +194,7 @@ fi
 # Install paru if not present
 if ! command -v paru &>/dev/null; then
     log "Installing paru..."
-    PARU_TMPDIR=$(mktemp -d)
-    git clone https://aur.archlinux.org/paru.git "$PARU_TMPDIR/paru"
-    (cd "$PARU_TMPDIR/paru" && makepkg -si --noconfirm)
-    rm -rf "$PARU_TMPDIR"
+    sudo pacman -S --needed --noconfirm paru
 else
     log "paru already installed."
 fi
@@ -300,7 +297,7 @@ USER_SERVICES=(
 )
 
 for service in "${USER_SERVICES[@]}"; do
-    if systemctl --user list-unit-files "${service}.service" &>/dev/null; then
+    if systemctl --user cat "${service}.service" &>/dev/null; then
         systemctl --user enable "$service"
         log "  + $service (user)"
     else