dev: automated commit - 2025-05-31 16:03:53

run

@@ -0,0 +1,377 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# ═══════════════════════════════════════════════════════════
+# 🔧 SETUP
+# ═══════════════════════════════════════════════════════════
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+ENV_FILE="$SCRIPT_DIR/.env"
+RUNS_DIR="$SCRIPT_DIR/runs"
+LOGS_DIR="$SCRIPT_DIR/logs"
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+YELLOW='\033[0;33m'
+NC='\033[0m'
+
+# ═══════════════════════════════════════════════════════════
+# 🛠️ HELPERS
+# ═══════════════════════════════════════════════════════════
+log() { echo -e "${GREEN}[RUN]${NC} $*"; }
+warn() { echo -e "${YELLOW}[WARN]${NC} $*"; }
+error() { echo -e "${RED}[ERROR]${NC} $*" >&2; }
+
+# ═══════════════════════════════════════════════════════════
+# 🔍 DEPENDENCY VALIDATION
+# ═══════════════════════════════════════════════════════════
+check_dependencies() {
+    local missing=()
+
+    # Required tools
+    local required_tools=("git" "find" "grep")
+
+    # Optional but recommended tools
+    local optional_tools=("gitleaks")
+
+    log "Checking dependencies..."
+
+    # Check required tools
+    for tool in "${required_tools[@]}"; do
+        if ! command -v "$tool" &>/dev/null; then
+            missing+=("$tool")
+        fi
+    done
+
+    # Check optional tools
+    for tool in "${optional_tools[@]}"; do
+        if ! command -v "$tool" &>/dev/null; then
+            warn "Optional tool missing: $tool (recommended for security scanning)"
+        else
+            log "✓ Found: $tool"
+        fi
+    done
+
+    # Report missing required tools
+    if [[ ${#missing[@]} -gt 0 ]]; then
+        error "Missing required tools: ${missing[*]}"
+        error "Please install missing dependencies"
+        exit 1
+    fi
+
+    log "✓ All required dependencies found"
+}
+
+# ═══════════════════════════════════════════════════════════
+# 🔒 SECURITY SCANNING
+# ═══════════════════════════════════════════════════════════
+run_security_scan() {
+    log "Running security scan..."
+
+    if command -v gitleaks &>/dev/null; then
+        log "Using GitLeaks for secret detection..."
+        if gitleaks detect --verbose --exit-code 1; then
+            log "✅ No secrets detected"
+            return 0
+        else
+            error "❌ Secrets detected! Review before pushing."
+            return 1
+        fi
+    else
+        warn "GitLeaks not installed - skipping security scan"
+        warn "Install with: paru -S gitleaks"
+        echo
+        read -p "Continue without security scan? (y/N): " -r answer
+        if [[ ! "$answer" =~ ^[Yy]$ ]]; then
+            error "Push cancelled for security"
+            exit 1
+        fi
+        return 0
+    fi
+}
+
+# ═══════════════════════════════════════════════════════════
+# 📤 PUSH COMMAND
+# ═══════════════════════════════════════════════════════════
+handle_push() {
+    log "Preparing to push repository..."
+
+    # Check if we're in a git repository
+    if ! git rev-parse --git-dir &>/dev/null; then
+        error "Not in a git repository"
+        exit 1
+    fi
+
+    # Check for uncommitted changes
+    if ! git diff-index --quiet HEAD --; then
+        warn "You have uncommitted changes"
+        echo
+        git status --short
+        echo
+
+        # Generate default commit message
+        local default_msg="dev: automated commit - $(date '+%Y-%m-%d %H:%M:%S')"
+
+        read -p "Commit all changes? (Y/n): " -r answer
+        if [[ ! "$answer" =~ ^[Nn]$ ]]; then
+            echo
+            echo "Default: $default_msg"
+            read -p "Custom commit message (or press Enter for default): " -r commit_msg
+
+            # Use default if empty
+            if [[ -z "$commit_msg" ]]; then
+                commit_msg="$default_msg"
+            fi
+
+            git add .
+            git commit -m "$commit_msg"
+            log "✓ Changes committed: $commit_msg"
+        fi
+    fi
+
+    # Run security scan
+    if ! run_security_scan; then
+        exit 1
+    fi
+
+    # Get current branch
+    local current_branch
+    current_branch=$(git branch --show-current)
+
+    # Push to origin
+    log "Pushing branch '$current_branch' to origin..."
+    if git push origin "$current_branch"; then
+        log "✅ Successfully pushed to origin/$current_branch"
+    else
+        error "❌ Push failed"
+        exit 1
+    fi
+}
+
+show_help() {
+    cat <<EOF
+Usage: $0 [OPTIONS] [COMMAND|FILTERS...]
+
+COMMANDS:
+  push              Commit, scan for secrets, and push to git origin
+  deps, check       Check for required dependencies
+  help              Show this help message
+
+SCRIPT EXECUTION:
+  [FILTERS...]      Run scripts matching filters from runs/ directory
+
+OPTIONS:
+  --dry             Show what would run without executing
+  --verbose         Show detailed output during execution
+
+EXAMPLES:
+  $0 deps           # Check dependencies
+  $0 push           # Secure git push with secret scanning
+  $0 docker         # Run scripts containing 'docker'
+  $0 --dry base     # Show what base scripts would run
+  $0 --verbose all  # Run all scripts with detailed output
+
+SECURITY:
+  The push command automatically scans for secrets using GitLeaks
+  before pushing to prevent accidental credential exposure.
+
+EOF
+}
+
+get_description() {
+    local script="$1"
+    grep '^# NAME:' "$script" 2>/dev/null | cut -d: -f2- | sed 's/^ *//' || echo "No description"
+}
+
+matches_filters() {
+    local script_name="$1"
+    shift
+    local filters=("$@")
+
+    [[ ${#filters[@]} -eq 0 ]] && return 0
+
+    for filter in "${filters[@]}"; do
+        if [[ "$script_name" == *"$filter"* ]] || [[ "${script_name,,}" == *"${filter,,}"* ]]; then
+            return 0
+        fi
+    done
+    return 1
+}
+
+# ═══════════════════════════════════════════════════════════
+# 🚦 INITIALIZATION
+# ═══════════════════════════════════════════════════════════
+# Create runs directory if missing
+if [[ ! -d "$RUNS_DIR" ]]; then
+    log "Creating runs directory at: $RUNS_DIR"
+    mkdir -p "$RUNS_DIR"
+
+    # Create example script
+    cat >"$RUNS_DIR/example.sh" <<'EOF'
+#!/usr/bin/env bash
+# NAME: Example script
+echo "Hello from runs/example.sh!"
+echo "Edit this script or add your own to $RUNS_DIR"
+EOF
+    chmod +x "$RUNS_DIR/example.sh"
+
+    log "✅ Created runs/ directory with example script"
+    exit 0
+fi
+
+# Create logs directory
+mkdir -p "$LOGS_DIR"
+
+# Load environment
+[[ -f "$ENV_FILE" ]] && source "$ENV_FILE"
+
+# ═══════════════════════════════════════════════════════════
+# 📝 PARSE ARGUMENTS
+# ═══════════════════════════════════════════════════════════
+DRY_RUN=0
+VERBOSE=0
+FILTERS=()
+COMMAND=""
+
+while [[ $# -gt 0 ]]; do
+    case "$1" in
+    --dry) DRY_RUN=1 ;;
+    --verbose) VERBOSE=1 ;;
+    --help | help)
+        show_help
+        exit 0
+        ;;
+    push) COMMAND="push" ;;
+    deps | check) COMMAND="deps" ;;
+    -*)
+        error "Unknown option: $1"
+        show_help
+        exit 1
+        ;;
+    *) FILTERS+=("$1") ;;
+    esac
+    shift
+done
+
+# ═══════════════════════════════════════════════════════════
+# 🚦 HANDLE COMMANDS
+# ═══════════════════════════════════════════════════════════
+# Handle special commands first
+case "$COMMAND" in
+"push")
+    handle_push
+    exit 0
+    ;;
+"deps")
+    check_dependencies
+    exit 0
+    ;;
+"")
+    # No command, continue with script execution
+    ;;
+*)
+    error "Unknown command: $COMMAND"
+    show_help
+    exit 1
+    ;;
+esac
+
+# ═══════════════════════════════════════════════════════════
+# 🔍 FIND SCRIPTS TO RUN
+# ═══════════════════════════════════════════════════════════
+mapfile -t ALL_SCRIPTS < <(find "$RUNS_DIR" -type f -executable | sort)
+
+if [[ ${#ALL_SCRIPTS[@]} -eq 0 ]]; then
+    warn "No executable scripts found in $RUNS_DIR"
+    exit 0
+fi
+
+SCRIPTS_TO_RUN=()
+for script in "${ALL_SCRIPTS[@]}"; do
+    script_name="$(basename "$script")"
+    if matches_filters "$script_name" "${FILTERS[@]}"; then
+        SCRIPTS_TO_RUN+=("$script")
+    fi
+done
+
+if [[ ${#SCRIPTS_TO_RUN[@]} -eq 0 ]]; then
+    warn "No scripts match the given filters: ${FILTERS[*]}"
+    exit 0
+fi
+
+# ═══════════════════════════════════════════════════════════
+# ⚠️ CONFIRMATION FOR RUNNING ALL SCRIPTS
+# ═══════════════════════════════════════════════════════════
+if [[ ${#FILTERS[@]} -eq 0 && $DRY_RUN -eq 0 ]]; then
+    echo -e "${RED}⚠️  About to run ALL scripts:${NC}"
+    for script in "${SCRIPTS_TO_RUN[@]}"; do
+        name="$(basename "$script")"
+        desc="$(get_description "$script")"
+        echo "  • $name - $desc"
+    done
+    echo
+    read -p "Continue? (y/N): " -r answer
+    if [[ ! "$answer" =~ ^[Yy]$ ]]; then
+        echo "Cancelled"
+        exit 0
+    fi
+fi
+
+# ═══════════════════════════════════════════════════════════
+# 🚀 EXECUTE SCRIPTS
+# ═══════════════════════════════════════════════════════════
+EXECUTED=()
+FAILED=()
+
+for script in "${SCRIPTS_TO_RUN[@]}"; do
+    name="$(basename "$script")"
+    desc="$(get_description "$script")"
+    log_file="$LOGS_DIR/${name%.*}.log"
+
+    if [[ $DRY_RUN -eq 1 ]]; then
+        echo -e "${BLUE}[DRY]${NC} Would run: $name - $desc"
+        continue
+    fi
+
+    echo -e "\n${BLUE}▶${NC} Running: $name"
+    [[ "$desc" != "No description" ]] && echo "  $desc"
+
+    if [[ $VERBOSE -eq 1 ]]; then
+        if "$script" 2>&1 | tee "$log_file"; then
+            log "✅ $name completed"
+            EXECUTED+=("$name")
+        else
+            error "❌ $name failed (see $log_file)"
+            FAILED+=("$name")
+        fi
+    else
+        if "$script" &>"$log_file"; then
+            log "✅ $name completed"
+            EXECUTED+=("$name")
+        else
+            error "❌ $name failed (see $log_file)"
+            FAILED+=("$name")
+        fi
+    fi
+done
+
+# ═══════════════════════════════════════════════════════════
+# 📊 SUMMARY
+# ═══════════════════════════════════════════════════════════
+if [[ $DRY_RUN -eq 0 ]]; then
+    echo -e "\n${BLUE}═══ SUMMARY ═══${NC}"
+    echo "✅ Completed: ${#EXECUTED[@]}"
+    [[ ${#FAILED[@]} -gt 0 ]] && echo "❌ Failed: ${#FAILED[@]}"
+
+    if [[ ${#FAILED[@]} -gt 0 ]]; then
+        echo -e "\n${RED}Failed scripts:${NC}"
+        for failed in "${FAILED[@]}"; do
+            echo "  • $failed"
+        done
+        exit 1
+    fi
+fi
+
+exit 0

runs/base

@@ -0,0 +1,197 @@
+#!/usr/bin/env bash
+# NAME: Install base system packages (organized and cleaned)
+
+set -euo pipefail
+
+AUR_HELPER="paru"
+
+if ! command -v $AUR_HELPER &>/dev/null; then
+	echo "[ERROR] $AUR_HELPER not found. Install it first."
+	exit 1
+fi
+
+echo "Installing organized system packages..."
+
+# ═══════════════════════════════════════════════════════════
+# 🔧 DETECT HARDWARE
+# ═══════════════════════════════════════════════════════════
+CPU_VENDOR=$(lscpu | grep "Vendor ID" | awk '{print $3}')
+GPU_INFO=$(lspci | grep -i vga)
+
+echo "Detected CPU: $CPU_VENDOR"
+echo "Detected GPU: $GPU_INFO"
+
+# Determine microcode package
+if [[ "$CPU_VENDOR" == "GenuineIntel" ]]; then
+	MICROCODE="intel-ucode"
+	echo "→ Using Intel microcode"
+elif [[ "$CPU_VENDOR" == "AuthenticAMD" ]]; then
+	MICROCODE="amd-ucode"
+	echo "→ Using AMD microcode"
+else
+	MICROCODE=""
+	echo "→ Unknown CPU vendor, skipping microcode"
+fi
+
+# Determine GPU drivers
+GPU_PACKAGES=""
+if echo "$GPU_INFO" | grep -qi "amd\|radeon"; then
+	GPU_PACKAGES="xf86-video-amdgpu vulkan-radeon lib32-vulkan-radeon opencl-mesa lib32-opencl-mesa"
+	echo "→ Using AMD GPU drivers"
+elif echo "$GPU_INFO" | grep -qi "intel"; then
+	GPU_PACKAGES="xf86-video-intel vulkan-intel lib32-vulkan-intel intel-media-driver"
+	echo "→ Using Intel GPU drivers"
+elif echo "$GPU_INFO" | grep -qi "nvidia"; then
+	GPU_PACKAGES="nvidia nvidia-utils lib32-nvidia-utils nvidia-settings"
+	echo "→ Using NVIDIA drivers (you may want to review this)"
+else
+	echo "→ Unknown GPU, using generic drivers"
+fi
+
+# ═══════════════════════════════════════════════════════════
+# 🔧 SYSTEM BASE
+# ═══════════════════════════════════════════════════════════
+echo "Installing system base..."
+BASE_PACKAGES="base base-devel linux-cachyos linux-cachyos-headers linux-firmware efibootmgr efitools mkinitcpio grub systemd-boot-manager"
+
+if [[ -n "$MICROCODE" ]]; then
+	BASE_PACKAGES="$BASE_PACKAGES $MICROCODE"
+fi
+
+$AUR_HELPER -S --noconfirm --needed $BASE_PACKAGES
+
+# ═══════════════════════════════════════════════════════════
+# 🌐 NETWORKING & BLUETOOTH
+# ═══════════════════════════════════════════════════════════
+echo "Installing networking..."
+$AUR_HELPER -S --noconfirm --needed \
+	networkmanager networkmanager-openvpn network-manager-applet \
+	dhclient dnsmasq iptables-nft iwd wpa_supplicant wireless-regdb \
+	bluez-libs blueman openssh
+
+# ═══════════════════════════════════════════════════════════
+# 🔊 AUDIO & VIDEO
+# ═══════════════════════════════════════════════════════════
+echo "Installing audio/video..."
+$AUR_HELPER -S --noconfirm --needed \
+	pipewire pipewire-alsa pipewire-pulse wireplumber \
+	pavucontrol alsa-firmware alsa-plugins alsa-utils \
+	gst-libav gst-plugin-pipewire gst-plugins-bad gst-plugins-ugly \
+	mpv ffmpegthumbnailer
+
+# ═══════════════════════════════════════════════════════════
+# 🎨 FONTS & THEMES
+# ═══════════════════════════════════════════════════════════
+echo "Installing fonts and themes..."
+$AUR_HELPER -S --noconfirm --needed \
+	adobe-source-han-sans-cn-fonts adobe-source-han-sans-jp-fonts \
+	adobe-source-han-sans-kr-fonts adobe-source-serif-fonts \
+	awesome-terminal-fonts inter-font noto-fonts noto-fonts-cjk noto-fonts-emoji \
+	ttf-bitstream-vera ttf-dejavu ttf-fantasque-nerd ttf-fira-code ttf-fira-mono \
+	ttf-fira-sans ttf-font-awesome-5 ttf-liberation ttf-linux-libertine \
+	ttf-meslo-nerd ttf-ms-win11-auto ttf-opensans otf-font-awesome-5 otf-libertinus \
+	papirus-icon-theme rose-pine-gtk-theme
+
+# ═══════════════════════════════════════════════════════════
+# 💻 DEVELOPMENT TOOLS
+# ═══════════════════════════════════════════════════════════
+echo "Installing development tools..."
+$AUR_HELPER -S --noconfirm --needed \
+	git git-lfs git-crypt github-cli lazygit \
+	go go-task rust python python-defusedxml python-packaging \
+	python-protobuf python-pynvim python-pywlroots lua luarocks \
+	ccls cmake ninja neovim-nightly-bin
+
+# ═══════════════════════════════════════════════════════════
+# 🛠️ CLI UTILITIES
+# ═══════════════════════════════════════════════════════════
+echo "Installing CLI utilities..."
+$AUR_HELPER -S --noconfirm --needed \
+	bat btop duf dust eza fd fzf glances glow httpie micro ncdu \
+	plocate ripgrep tealdeer the_silver_searcher tmux wget \
+	xdg-user-dirs zoxide zellij yazi yq zsh
+
+# ═══════════════════════════════════════════════════════════
+# 🪟 WINDOW MANAGERS & DESKTOP
+# ═══════════════════════════════════════════════════════════
+echo "Installing window managers..."
+$AUR_HELPER -S --noconfirm --needed \
+	swaybg swayfx-git swayidle swaylock-effects waybar \
+	wlogout wdisplays wl-clipboard rofi-lbonn-wayland-git
+
+# ═══════════════════════════════════════════════════════════
+# 🌍 GUI APPLICATIONS
+# ═══════════════════════════════════════════════════════════
+echo "Installing GUI applications..."
+$AUR_HELPER -S --noconfirm --needed \
+	chromium zen-browser-bin \
+	legcord-bin slack-desktop teams-for-linux-bin \
+	obs-studio obsidian sublime-merge dbeaver \
+	libreoffice-fresh keepass kitty nemo nemo-fileroller
+
+# ═══════════════════════════════════════════════════════════
+# 📁 SYSTEM UTILITIES
+# ═══════════════════════════════════════════════════════════
+echo "Installing system utilities..."
+$AUR_HELPER -S --noconfirm --needed \
+	brightnessctl cronie cups cups-pdf gamemode gvfs gvfs-afc gvfs-google \
+	gvfs-gphoto2 gvfs-mtp gvfs-nfs gvfs-smb haveged hdparm less lvm2 \
+	man-db man-pages meld modemmanager mtools mupdf netctl nss-mdns \
+	ntfs-3g ntp nvme-cli opencl-mesa pacman-contrib pass pika-backup \
+	pkgfile power-profiles-daemon pv reflector remmina rsync rtkit \
+	samba seahorse sg3_utils smartmontools snapper solaar steam \
+	steam-native-runtime syncthing system-config-printer timeshift \
+	transmission-qt ufw unrar unzip upower usb_modeswitch usbutils \
+	vi vorta w3m which xdg-desktop-portal xdg-desktop-portal-gnome \
+	xdg-desktop-portal-gtk xdg-desktop-portal-wlr yad zenity
+
+# ═══════════════════════════════════════════════════════════
+# 🎮 GAMING & GRAPHICS
+# ═══════════════════════════════════════════════════════════
+echo "Installing gaming and graphics..."
+GAMING_BASE="lib32-alsa-lib lib32-alsa-plugins lib32-gamemode lib32-libpulse lib32-mesa lib32-openal lib32-vkd3d lib32-vulkan-mesa-layers vkd3d vulkan-mesa-layers vulkan-tools vulkan-validation-layers wine protonup-qt"
+
+if [[ -n "$GPU_PACKAGES" ]]; then
+	$AUR_HELPER -S --noconfirm --needed $GAMING_BASE $GPU_PACKAGES
+else
+	$AUR_HELPER -S --noconfirm --needed $GAMING_BASE
+fi
+
+# ═══════════════════════════════════════════════════════════
+# 📱 MOBILE & HARDWARE
+# ═══════════════════════════════════════════════════════════
+echo "Installing hardware support..."
+$AUR_HELPER -S --noconfirm --needed \
+	sof-firmware xf86-input-libinput xfsprogs \
+	xorg-server xorg-xdpyinfo xorg-xhost xorg-xinit xorg-xinput \
+	xorg-xkill xorg-xrandr xorg-xwayland
+
+# ═══════════════════════════════════════════════════════════
+# ☁️ CLOUD & DEVOPS
+# ═══════════════════════════════════════════════════════════
+echo "Installing cloud and DevOps tools..."
+$AUR_HELPER -S --noconfirm --needed \
+	ansible aws-cli aws-session-manager-plugin helm hugo insomnia-bin \
+	kubectl kubectx kubefwd-bin nomad ngrok postgresql
+
+# ═══════════════════════════════════════════════════════════
+# 📚 DOCUMENT & PRODUCTIVITY
+# ═══════════════════════════════════════════════════════════
+echo "Installing document tools..."
+$AUR_HELPER -S --noconfirm --needed \
+	pandoc-cli texinfo wkhtmltopdf-bin zathura zathura-pdf-mupdf \
+	swappy wf-recorder
+
+# ═══════════════════════════════════════════════════════════
+# 🔐 SECURITY & ENCRYPTION
+# ═══════════════════════════════════════════════════════════
+echo "Installing security tools..."
+$AUR_HELPER -S --noconfirm --needed \
+	yubico-authenticator-bin yubikey-manager-qt
+
+# ═══════════════════════════════════════════════════════════
+# 📦 PACKAGE MANAGERS & MISC
+# ═══════════════════════════════════════════════════════════
+echo "Installing package managers and misc..."
+$AUR_HELPER -S --noconfirm --needed \
+	pyenv rye stow sudo watchman-bin wimlib

runs/boot

@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+# NAME: Configure systemd-boot manager settings
+
+set -euo pipefail
+
+SDBOOT_CONFIG="/etc/sdboot-manage.conf"
+
+echo "Configuring systemd-boot manager..."
+
+# Check if sdboot-manage is installed
+if ! command -v sdboot-manage &>/dev/null; then
+    echo "⚠️  sdboot-manage not found. Install systemd-boot-manager first."
+    exit 1
+fi
+
+# Backup existing config if it exists
+if [[ -f "$SDBOOT_CONFIG" ]]; then
+    sudo cp "$SDBOOT_CONFIG" "$SDBOOT_CONFIG.backup.$(date +%Y%m%d_%H%M%S)"
+    echo "→ Backed up existing config"
+fi
+
+# Create the configuration
+sudo tee "$SDBOOT_CONFIG" >/dev/null <<'EOF'
+# Config file for sdboot-manage
+# Kernel options to be appended to the "options" line
+LINUX_OPTIONS="zswap.enabled=0 nowatchdog ipv6.disable=1 audit=0 loglevel=3 rd.systemd.show_status=auto rd.udev.log_level=3"
+#LINUX_FALLBACK_OPTIONS=""
+
+# When DISABLE_FALLBACK is set to "yes", it will stop creating fallback entries for each kernel.
+DISABLE_FALLBACK="no"
+
+# Use this pattern to match kernels which should be considered native OS kernels
+#KERNEL_PATTERN="vmlinuz-"
+
+# Setting REMOVE_EXISTING to "yes" will remove all your existing systemd-boot entries before building new entries
+REMOVE_EXISTING="yes"
+
+# Unless OVERWRITE_EXISTING is set to "yes" existing entries for currently installed kernels will not be touched
+# this setting has no meaning if REMOVE_EXISTING is set to "yes"
+OVERWRITE_EXISTING="yes"
+
+# When REMOVE_OBSOLETE is set to "yes" entries for kernels no longer available on the system will be removed
+REMOVE_OBSOLETE="yes"
+
+# If PRESERVE_FOREIGN is set to "yes", do not delete entries starting with $ENTRY_ROOT
+#PRESERVE_FOREIGN="no"
+
+# Setting NO_AUTOUPDATE to "yes" will stop the updates to systemd-boot when systemd is updated - not recommended unless you are seperately updating systemd-boot
+#NO_AUTOUPDATE="no"
+
+# Setting NO_AUTOGEN to "yes" will stop the automatic creation of entries when kernels are installed or updated
+#NO_AUTOGEN="no"
+
+# Use this to change the default initramfs prefix (e.g. when using booster)
+#INITRD_PREFIX="initramfs"
+
+# Additional entities to initrd can be added here, such as microcode if your initramfs does not include it.
+#INITRD_ENTRIES=()
+EOF

runs/docker

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+# NAME: Install and configure Docker on Arch Linux
+
+set -euo pipefail
+
+echo "Installing Docker..."
+
+# Install Docker packages
+sudo pacman -S --needed --noconfirm docker docker-compose docker-buildx
+
+# Add current user to docker group
+sudo usermod -aG docker "$USER"
+
+# Enable and start Docker service
+sudo systemctl enable docker.service
+sudo systemctl start docker.service
+
+# Enable containerd service (dependency)
+sudo systemctl enable containerd.service
+sudo systemctl start containerd.service
+
+echo "✅ Docker installed successfully!"
+echo "⚠️  You need to log out and back in (or reboot) for group changes to take effect"
+echo "🐳 Test with: docker run hello-world"

runs/forbi

@@ -0,0 +1,151 @@
+#!/usr/bin/env bash
+# NAME: Setup Forbi's dotfiles and Neovim configuration
+
+set -euo pipefail
+
+DOTFILES_REPO="https://git.mz.uy/marianozunino/dotfiles.git"
+NVIM_REPO="https://github.com/marianozunino/nvim.git"
+DOTFILES_DIR="$HOME/dotfiles"
+NVIM_CONFIG_DIR="$HOME/.config/nvim"
+
+echo "🏠 Setting up Forbi's development environment..."
+
+# ═══════════════════════════════════════════════════════════
+# 📁 CLONE DOTFILES
+# ═══════════════════════════════════════════════════════════
+echo "📦 Cloning dotfiles repository..."
+
+if [[ -d "$DOTFILES_DIR" ]]; then
+    echo "→ Dotfiles directory already exists, updating..."
+    cd "$DOTFILES_DIR"
+    git pull origin main || git pull origin master
+else
+    echo "→ Cloning dotfiles to $DOTFILES_DIR"
+    git clone "$DOTFILES_REPO" "$DOTFILES_DIR"
+fi
+
+# ═══════════════════════════════════════════════════════════
+# 🔐 HANDLE GIT-CRYPT
+# ═══════════════════════════════════════════════════════════
+echo "🔐 Checking for git-crypt..."
+
+cd "$DOTFILES_DIR"
+
+# Check if repo uses git-crypt
+if [[ -f ".git-crypt/.gitattributes" ]] || git-crypt status &>/dev/null; then
+    echo "→ git-crypt repository detected"
+
+    # Check if already unlocked
+    if git-crypt status | grep -q "unlocked"; then
+        echo "→ Repository already unlocked"
+    else
+        echo "→ Repository is encrypted, attempting to unlock..."
+
+        # Check if YubiKey/GPG setup is available
+        if command -v gpg &>/dev/null; then
+            echo "→ GPG found, checking for available keys..."
+
+            # List secret keys to see if YubiKey is connected
+            if gpg --list-secret-keys &>/dev/null; then
+                echo "→ GPG keys detected, attempting git-crypt unlock..."
+
+                # Attempt to unlock with GPG (YubiKey)
+                if git-crypt unlock 2>/dev/null; then
+                    echo "✅ Repository unlocked successfully with GPG/YubiKey!"
+                else
+                    echo "❌ Failed to unlock with GPG"
+                    echo
+                    echo "🔑 Manual unlock required:"
+                    echo "  1. Make sure your YubiKey is connected"
+                    echo "  2. Test GPG: gpg --card-status"
+                    echo "  3. Try: cd $DOTFILES_DIR && git-crypt unlock"
+                    echo "  4. Or unlock with key file: git-crypt unlock /path/to/key"
+                    echo "  5. Then re-run: ./run forbi"
+                    echo
+                    exit 1
+                fi
+            else
+                echo "❌ No GPG secret keys found"
+                echo
+                echo "🔑 YubiKey/GPG setup needed:"
+                echo "  1. Connect your YubiKey"
+                echo "  2. Import your GPG key: gpg --card-status"
+                echo "  3. Set trust level: gpg --edit-key <your-key-id> trust"
+                echo "  4. Then re-run: ./run forbi"
+                echo
+                exit 1
+            fi
+        else
+            echo "❌ GPG not available"
+            echo
+            echo "🔑 To unlock your dotfiles:"
+            echo "  1. Install GPG and connect YubiKey, or"
+            echo "  2. Use key file: cd $DOTFILES_DIR && git-crypt unlock /path/to/key"
+            echo "  3. Then re-run: ./run forbi"
+            echo
+            exit 1
+        fi
+    fi
+else
+    echo "→ No git-crypt encryption detected"
+fi
+
+# ═══════════════════════════════════════════════════════════
+# ⚙️ CLONE NEOVIM CONFIG
+# ═══════════════════════════════════════════════════════════
+echo "📝 Setting up Neovim configuration..."
+
+# Backup existing Neovim config if it exists
+if [[ -d "$NVIM_CONFIG_DIR" ]]; then
+    BACKUP_DIR="$NVIM_CONFIG_DIR.backup.$(date +%Y%m%d_%H%M%S)"
+    echo "→ Backing up existing Neovim config to $BACKUP_DIR"
+    mv "$NVIM_CONFIG_DIR" "$BACKUP_DIR"
+fi
+
+# Clone Neovim configuration
+echo "→ Cloning Neovim config to $NVIM_CONFIG_DIR"
+git clone "$NVIM_REPO" "$NVIM_CONFIG_DIR"
+
+# ═══════════════════════════════════════════════════════════
+# 🔧 CONFIGURE GIT HOOKS
+# ═══════════════════════════════════════════════════════════
+echo "🎣 Setting up Git hooks for Neovim config..."
+
+cd "$NVIM_CONFIG_DIR"
+if [[ -d ".githooks" ]]; then
+    git config core.hooksPath .githooks
+    echo "→ Git hooks configured"
+else
+    echo "→ No .githooks directory found, skipping"
+fi
+
+# ═══════════════════════════════════════════════════════════
+# 📂 CREATE NECESSARY DIRECTORIES
+# ═══════════════════════════════════════════════════════════
+echo "📂 Creating necessary directories..."
+
+# Create .config directory if it doesn't exist
+mkdir -p "$HOME/.config"
+
+# Create common development directories
+mkdir -p "$HOME/Dev"
+mkdir -p "$HOME/.local/bin"
+
+echo
+echo "# Install everything"
+echo "stow */"
+echo
+echo "# Or install individual modules"
+echo "stow zsh"
+echo "stow nvim"
+echo "stow sway"
+echo
+echo "Run these commands in: $DOTFILES_DIR"
+
+# ═══════════════════════════════════════════════════════════
+# 📋 SUMMARY & NEXT STEPS
+# ═══════════════════════════════════════════════════════════
+echo
+echo "📁 Locations:"
+echo "  • Dotfiles: $DOTFILES_DIR"
+echo "  • Neovim config: $NVIM_CONFIG_DIR"

runs/paru

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+echo "🚀 Instalando paru..."
+
+set -euo pipefail
+
+# Comprobar si paru ya está instalado
+if command -v paru &>/dev/null; then
+	echo "paru ya está instalado."
+	exit 0
+fi
+
+echo "Instalando dependencias necesarias..."
+sudo pacman -S --needed --noconfirm base-devel git
+
+# Carpeta temporal para compilar paru
+tmpdir=$(mktemp -d)
+echo "Creando directorio temporal: $tmpdir"
+cd "$tmpdir"
+
+echo "Clonando repo de paru..."
+git clone https://aur.archlinux.org/paru.git
+cd paru
+
+echo "Compilando e instalando paru..."
+makepkg -si --noconfirm
+
+echo "Limpiando directorio temporal..."
+cd ..
+rm -rf "$tmpdir"
+
+echo "paru instalado correctamente."

runs/services

@@ -0,0 +1,105 @@
+#!/usr/bin/env bash
+# NAME: Enable and configure system services
+
+set -euo pipefail
+
+echo "Enabling and configuring system services..."
+
+# ═══════════════════════════════════════════════════════════
+# 🌐 NETWORKING SERVICES
+# ═══════════════════════════════════════════════════════════
+echo "Enabling networking services..."
+
+# NetworkManager (main network management)
+sudo systemctl enable --now NetworkManager.service
+
+# Bluetooth
+sudo systemctl enable --now bluetooth.service
+
+# SSH daemon
+sudo systemctl enable --now sshd.service
+
+# ═══════════════════════════════════════════════════════════
+# 🔊 AUDIO SERVICES
+# ═══════════════════════════════════════════════════════════
+echo "Enabling audio services..."
+
+# PipeWire audio (replaces PulseAudio)
+systemctl --user enable --now pipewire.service
+systemctl --user enable --now pipewire-pulse.service
+systemctl --user enable --now wireplumber.service
+
+# ═══════════════════════════════════════════════════════════
+# 🖨️ PRINTING SERVICES
+# ═══════════════════════════════════════════════════════════
+echo "Enabling printing services..."
+
+# CUPS printing system
+sudo systemctl enable --now cups.service
+
+# ═══════════════════════════════════════════════════════════
+# ⏰ TIME & SCHEDULING SERVICES
+# ═══════════════════════════════════════════════════════════
+echo "Configuring time and scheduling services..."
+
+echo "en_US.UTF-8 UTF-8" | sudo tee -a /etc/locale.gen
+sudo locale-gen
+
+# Set system locale
+echo "LANG=en_US.UTF-8" | sudo tee /etc/locale.conf
+echo "→ System locale set to en_US.UTF-8"
+
+sudo timedatectl set-timezone America/Montevideo
+
+# Enable NTP time synchronization
+sudo timedatectl set-ntp true
+sudo systemctl enable --now systemd-timesyncd.service
+
+# Cron daemon for scheduled tasks
+sudo systemctl enable --now cronie.service
+
+# ═══════════════════════════════════════════════════════════
+# 🔒 SECURITY & FIREWALL SERVICES
+# ═══════════════════════════════════════════════════════════
+echo "Enabling security services..."
+
+# UFW firewall
+sudo systemctl enable --now ufw.service
+
+# Enable basic firewall rules
+sudo ufw --force enable
+sudo ufw default deny incoming
+sudo ufw default allow outgoing
+
+# ═══════════════════════════════════════════════════════════
+# 💾 BACKUP & SYNC SERVICES
+# ═══════════════════════════════════════════════════════════
+echo "Enabling backup services..."
+
+# Snapper for BTRFS snapshots (if using BTRFS)
+if findmnt / -t btrfs &>/dev/null; then
+    sudo systemctl enable --now snapper-timeline.timer
+    sudo systemctl enable --now snapper-cleanup.timer
+    echo "→ Snapper enabled (BTRFS detected)"
+else
+    echo "→ Skipping Snapper (no BTRFS detected)"
+fi
+
+# ═══════════════════════════════════════════════════════════
+# ⚡ POWER MANAGEMENT
+# ═══════════════════════════════════════════════════════════
+echo "Enabling power management..."
+
+# Power profiles daemon
+sudo systemctl enable --now power-profiles-daemon.service
+
+# ═══════════════════════════════════════════════════════════
+# 🔧 SYSTEM OPTIMIZATION
+# ═══════════════════════════════════════════════════════════
+echo "Enabling system optimization..."
+
+# Haveged entropy daemon
+sudo systemctl enable --now haveged.service
+
+# Locate database updates
+sudo systemctl enable --now plocate-updatedb.timer