Audit fixes for command injection risks in helper scripts:
- moonarch-cpugov: eval for quoted COMMANDS expansion (pkexec context)
- moonarch-btnote: while+read with process substitution, quoted vars
- moonarch-vpn: -- guard before connection name in nmcli calls
- post-install.sh: else-logging when USER_DEFAULTS dir missing
nm-applet replaces the foot terminal workaround for VPN authentication,
providing a proper NetworkManager secret agent. moonarch-vpn now handles
both VPN and WireGuard connection types. Waybar indicator switched from
tun0 interface check to nmcli active connection query with signal-based
instant refresh.
Walker (GTK4 + Elephant backend) replaces rofi-lbonn-wayland-git as the
central launcher and menu framework.
Native Walker providers replace 5 custom rofi scripts:
- App launcher (desktopapplications provider)
- Clipboard (clipboard provider, replaces cliphist frontend)
- Bluetooth (bluetooth provider, replaces bluetoothctl script)
- Volume/audio (wireplumber provider)
- Sink switcher (wireplumber provider)
3 scripts ported to Walker dmenu mode:
- moonarch-vpn (nmcli)
- moonarch-cpugov (auto-cpufreq)
- moonarch-sink-switcher (pactl)
Settings menu (moonarch-setmen) removed — apps are findable via Walker
app search directly.
Walker theme (gtk-inherit) inherits all colors from the active GTK4
theme instead of hardcoding Catppuccin values.
Walker and Elephant run as systemd user services for instant startup.
Also standardizes GTK theme to Colloid-Grey-Dark-Catppuccin across all
config files (was inconsistent between gsettings and file configs).
Old rofi configs preserved in legacy/rofi/ for reference.
Simplified updater that reads package lists from /usr/share/moonarch/
instead of syncing a git repo. Designed to be shipped by the
moonarch-git package as /usr/bin/moonarch-update.
Remove chown from archinstall custom-commands so the repo stays
root:root. Use sudo for git operations in update.sh. Any user with
sudo can now run moonarch-update without owning the repo.
