- moonarch-waybar: on merge failure, remove the stale output so waybar
falls back to the system config (previously it kept running with stale
merged data despite the error notification claiming otherwise).
- moonarch-doctor: hoist INSTALLED assignment above both OFFICIAL and AUR
blocks so the script survives set -u when only aur.txt is present.
- zshrc parse_git_branch: gate on git rev-parse and replace three grep
subshells with bash pattern matching, cutting prompt latency from
~5 subprocesses per render to 2 (status + symbolic-ref).
- moonarch-batsaver.service: validate the threshold is an integer 1-100
before writing to sysfs, add NoNewPrivileges and protection directives
instead of relying on kernel validation alone.
- ci/act-runner/Dockerfile: drop the broad "pacman -Sy *" sudoers entry
(only -S --needed is required by makepkg), and pin run.sh to
act_runner:0.3.1 so it cannot drift ahead of the pinned binary.
- .gitea/workflows/update-pkgver.yaml: push via credential.helper=store
with a chmod 600 temp file instead of `git -c http.extraHeader=...`,
so the token no longer shows up in /proc/PID/cmdline.
Pacman/paru can drain or close stdin, so after the first interactive step
the EXIT trap's pause was silently skipped (the `-t 0` check failed) and
every subsequent confirm() prompt hit EOF — which with `[[ -z $response ]]`
auto-accepted, letting install/remove actions run unattended.
- _pause_on_exit: drop the `-t 0` guard and read from /dev/tty
- confirm(): read from /dev/tty so EOF on stdin can't masquerade as "yes"
- Move the trap installation above the gettext i18n init so an early
failure (e.g. missing gettext) still triggers the pause message.
The `[moonarch-pkgbuilds]` paru-repo check was a false failure: that
mechanism was retired on 2026-04-20 and the install hook strips the
legacy paru.conf section on upgrade.
Audit of the rest of the doctor surfaced two related gaps — the
user-services loop skipped `walker.service` and `nautilus.service`,
even though moonarch-git ships both and enables them via
graphical-session.target.wants. Added them to the loop and filled in
the missing `wlsunset` in the CLAUDE.md listing.
Stasis ignores /etc/xdg/ and only reads ~/.config/stasis/stasis.rune
(primary) or /etc/stasis/stasis.rune (fallback). On first start with no
user config it writes its own hardcoded default, so Moonarch's tuned
idle plans were never active on fresh installs.
Seed the template from /etc/xdg/stasis/stasis.rune into the user home
before stasis ever starts, only if the user file is missing. See
DECISIONS.md for verification against upstream v1.1.0.
The previous end-of-script `read` never ran when `set -e` aborted mid-way
(pacman conflict, paru failure, Ctrl+C), so foot closed on errors —
exactly when the user most needs to see the output.
Move the pause into a trap on EXIT, gated by `MOONUP_WAIT=1` so CLI use
stays non-interactive. Waybar on-click now sets the env var.
Long-standing gaps in post-install.sh plus cleanup:
- post-install.sh:18 was `sudo pacman -S paru` on the wrong
assumption paru had landed in [extra]. Verified: paru/paru-bin
are AUR-only. Restored the original git-clone + makepkg
bootstrap, added the rust buildep that archinstall does not
pull in.
- post-install.sh never installed AUR extras — walker, elephant,
waypaper, stasis, themes all silently skipped. Now pulls
packages/aur.txt after moonarch-git.
- packages/official.txt: drop glab, go, npm (unused) and rustup
(only needed for the paru build, handled imperatively now).
- packages/aur.txt: add walker-bin (was missing entirely).
- transform.sh + legacy update.sh shim removed — transform was
never used in practice.
- Apollo persona block out of CLAUDE.md, prior DECISIONS entries
rewritten from Apollo/Ragnar to ClaudeCode.
- README Transform section and scripts/ listing trimmed.
- lib.sh ABOUTME updated — only post-install.sh sources it now.
post-install.sh and transform.sh no longer write paru.conf entries for
the PKGBUILD repo — the Arch registry is the single source of truth.
pacman -Sy + paru -S moonarch-git now suffices. See DECISIONS.md.
Prompts and log lines now follow the user's LANG. Reuses pacman's
gettext catalog for strings with matching upstream msgids
(Proceed with installation?, [Y/n], Starting full system upgrade...,
Do you want to remove these packages?). Moonarch-specific strings
go through an inline _t "en" "de" helper keyed off ${LANG%%.*}.
confirm() switches to pacman-style: :: prefix, default Y, accepts
y/Y/j/J. No PKGBUILD change — gettext ships with base.
Move nightlight from niri spawn-at-startup to a systemd user service
with After=kanshi.service to ensure all outputs are configured before
wlsunset starts. Toggle now uses enable/disable --now for persistent
state across reboots.
transform.sh was hard-copying /etc/xdg/niri/config.kdl to ~/.config/niri/,
causing the user config to go stale after system updates. Now seeds a minimal
user config with `include "/etc/xdg/niri/config.kdl"` so system defaults
always stay current and users can add overrides below the include.
Docker is a dev dependency, not a desktop environment default. Remove
from package list, archinstall config, services and README.
Fix systemd ordering cycle that prevented cliphist-image from starting:
cliphist-text had After=graphical-session.target which combined with
PartOf= and cliphist-image's After=cliphist-text created a cycle.
Diagnostic script that verifies services, configs, packages and paths
against the expected moonarch system state. Reports pass/fail/warn with
colored output and summary. Deployed as moonarch-doctor (alias: moondoc).
- Remove defaults/user/ and the user-defaults copy loop from
post-install.sh and transform.sh — Waybar falls back to
/etc/xdg/waybar/ via XDG spec, no provisioning needed.
- Remove USER_DEFAULTS constant from lib.sh.
- Clean up style.css: remove dead selectors (#net, #cava,
#custom-updates, #custom-notification), commented-out blocks,
empty rules, duplicate properties, and hardcoded hex color.
- Restructure module styling: generic top-level box via
> widget > *, group children reset via widget widget > *,
explicit exceptions for workspaces/taskbar/window.
- Normalize section comments and whitespace.
- Update README to remove user/waybar/ from project structure.
Remove ABOUTME comments from kanshi default config — they broke
the profile parser in wdisplays-persistent store.c, preventing
config saves. Also skip kanshi in transform.sh when user profiles
already exist, since display layouts are machine-specific.
- Add cliphist.service that wipes clipboard history on session start
(crash-safe: cleans up at next boot, not at shutdown)
- Move kanshi, walker, nautilus services from ~/.config/systemd/user/
to /etc/systemd/user/ (system-level defaults, consistent with
moonarch's config philosophy)
- Remove cliphist spawn-sh-at-startup from niri config (managed by
systemd service now)
- Add cliphist to USER_SERVICES in post-install.sh and transform.sh
Closes#1
The paru PKGBUILD repo config was only set up by post-install.sh and
transform.sh. If the config was missing on an existing system,
moonarch-git couldn't update — the fix required the package that
delivers the fix.
Now moonarch.install sets up the config on every install/upgrade.
post-install.sh keeps it for first-time bootstrap (before moonarch-git
exists). transform.sh no longer manages it.
The registry signing key was imported without verifying its fingerprint,
allowing a MITM or compromised server to inject a rogue key. Now checks
the downloaded key against a pinned fingerprint before import. Also adds
trap EXIT for tempfile cleanup and rejects empty curl responses.
Both the pacman package registry and the paru PKGBUILD repo used
[moonarch] as section name, causing paru to fail resolving PKGBUILD
upgrade targets against the wrong repo. Renamed PKGBUILD repo to
[moonarch-pkgbuilds] and moved config from ~/.config/paru/paru.conf
to system-wide /etc/paru.conf.
Import Gitea Arch registry key dynamically and configure pacman
with SigLevel = Required DatabaseOptional. Key ID is extracted
from the downloaded key file to avoid hardcoding.
- Set kernels to linux-zen in user_configuration.json to skip
interactive kernel selection during install
- Add post-install step to append quiet to non-fallback systemd-boot
entries for clean boot output
Audit fixes for command injection risks in helper scripts:
- moonarch-cpugov: eval for quoted COMMANDS expansion (pkexec context)
- moonarch-btnote: while+read with process substitution, quoted vars
- moonarch-vpn: -- guard before connection name in nmcli calls
- post-install.sh: else-logging when USER_DEFAULTS dir missing
These configs are owned by their respective packages in /etc/xdg/ so
the XDG copy loop installs the package defaults instead of ours.
Overwrite with moonarch versions from /usr/share/moonarch/ after the
loop.
cp -r from /etc/xdg/ preserved root ownership on directories,
causing rm -rf to fail on subsequent runs. Add --no-preserve=ownership
to cp and escalated rm fallback for existing root-owned dirs.
Walker (GTK4 + Elephant backend) replaces rofi-lbonn-wayland-git as the
central launcher and menu framework.
Native Walker providers replace 5 custom rofi scripts:
- App launcher (desktopapplications provider)
- Clipboard (clipboard provider, replaces cliphist frontend)
- Bluetooth (bluetooth provider, replaces bluetoothctl script)
- Volume/audio (wireplumber provider)
- Sink switcher (wireplumber provider)
3 scripts ported to Walker dmenu mode:
- moonarch-vpn (nmcli)
- moonarch-cpugov (auto-cpufreq)
- moonarch-sink-switcher (pactl)
Settings menu (moonarch-setmen) removed — apps are findable via Walker
app search directly.
Walker theme (gtk-inherit) inherits all colors from the active GTK4
theme instead of hardcoding Catppuccin values.
Walker and Elephant run as systemd user services for instant startup.
Also standardizes GTK theme to Colloid-Grey-Dark-Catppuccin across all
config files (was inconsistent between gsettings and file configs).
Old rofi configs preserved in legacy/rofi/ for reference.
Bug fixes from quality and security audits:
- moonarch-capsnote: use value[0] instead of value[2]
- moonarch-btnote: guard empty PER_INT before integer comparison
- moonarch-clipboard + niri config: use XDG_RUNTIME_DIR instead of UID 1000
- moonarch-waybar-hidpp: use charging icon when charging
- moonarch-waybar-gpustat: find gpu_busy_percent dynamically across hwmon*
- post-install/transform: use systemctl --user cat for service detection
- post-install/transform: install paru from [extra] instead of AUR clone
Replace wlogout with moonset in niri keybind and waybar on-click.
Remove moonarch-session (dead code, replaced by moonset) and wlogout
layout config.
Refactor post-install.sh and transform.sh to install moonarch-git via
paru instead of manually copying configs, scripts, and themes. Remove
install-themes.sh (replaced by sweet-cursors-git dependency). Replace
update.sh with deprecation notice that forwards to the package-provided
moonarch-update in /usr/bin/.
Simplified updater that reads package lists from /usr/share/moonarch/
instead of syncing a git repo. Designed to be shipped by the
moonarch-git package as /usr/bin/moonarch-update.
Remove chown from archinstall custom-commands so the repo stays
root:root. Use sudo for git operations in update.sh. Any user with
sudo can now run moonarch-update without owning the repo.
Extract shared helpers into lib.sh (log, err, confirm, path constants)
and refactor post-install.sh + update.sh to source it.
New transform.sh converts an existing Arch+Wayland system to Moonarch:
pre-flight summary, config backup, DM conflict resolution, PulseAudio
removal, full package install, and hard overwrite of all configs.
Also migrate kanshi from niri spawn-at-startup to systemd user service.
swww was renamed to awww (codeberg.org/LGFae/awww). Update package
list, README references, and add compatibility symlinks in post-install
so waypaper keeps working until it supports awww natively.
Also add per-user ~/.config/gtk-4.0/ symlinks — libadwaita ignores the
system-wide /etc/xdg/ fallback, so apps like Nautilus need user-level
CSS links to pick up the Catppuccin theme.
- Add wl-clipboard, libnotify, upower, bluez, bluez-utils to official.txt
- Remove stow (installed but never used)
- Remove dead moonlock.service cp block from post-install.sh
- Rewrite moonarch-sink-switcher and moonarch-volume to use pactl
instead of ponymix (already available via libpulse)
Enforce the repo convention that committed text is English.
Translates ABOUTME headers, code comments, log/error messages,
shell prompts, and documentation across all files.
CLAUDE.md files remain in German per policy.
The old fallbacks used git clone + makepkg and uv pip install, which
are fragile and bypass the moonarch-pkgbuilds repo. Now sets up the
paru custom repo and installs all three packages via paru -S.
Post-Install kopiert defaults/user/ nach ~/.config/, aber nur wenn
die Dateien noch nicht existieren. Waybar-Beispiele zeigen wie man
die systemweite Config per include/import erweitert (z.B. Peripherie-Akkus).
- GTK-Theme von catppuccin-mocha-lavender auf Colloid-Catppuccin umgestellt
- Systemweite GTK4-Symlinks in /etc/xdg/gtk-4.0/ für libadwaita Dark-Mode
- gsettings für Theme, Color-Scheme, Icon-Theme und Font im post-install
- Alle Fonts (Hack, JetBrainsMono, MonarchOS) auf UbuntuSans Nerd Font
- Paketlisten: Colloid-Pakete statt catppuccin-gtk/newaita, ttf-ubuntusans-nerd
Greeter von regreet (niri-Wrapper) auf moongreet (GTK4 + gtk4-layer-shell)
umgestellt. moongreet wird direkt aus dem Gitea-Repo gebaut.
Ein einziges Wallpaper unter /usr/share/moonarch/wallpaper.jpg dient jetzt
als Default fuer Desktop (waypaper), Lockscreen (gtklock) und Greeter
(moongreet).
Niri-basierter Wayland-Desktop mit greetd/regreet, Catppuccin Mocha
Theming, Rofi-Menus, Waybar und vollstaendiger Post-Install-Automatisierung.
Archinstall-Config klont das Repo automatisch via custom-commands,
danach genuegt ein einzelner Befehl fuer die komplette Einrichtung.
