add hardened_malloc package template

dotfiles/grub/etc/default/grub

@@ -0,0 +1,21 @@
+#
+# Configuration file for GRUB.
+#
+GRUB_DEFAULT=0
+#GRUB_HIDDEN_TIMEOUT=0
+#GRUB_HIDDEN_TIMEOUT_QUIET=false
+GRUB_TIMEOUT=5
+GRUB_DISTRIBUTOR="Void"
+GRUB_CMDLINE_LINUX_DEFAULT="quiet loglevel=0 apparmor=1 security=apparmor slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on randomize_kstack_offset=on vsyscall=on debugfs=off ipv6.disable=1 random.trust_cpu=off"
+# Uncomment to use basic console
+#GRUB_TERMINAL_INPUT="console"
+# Uncomment to disable graphical terminal
+#GRUB_TERMINAL_OUTPUT=console
+#GRUB_BACKGROUND=/usr/share/void-artwork/splash.png
+#GRUB_GFXMODE=1920x1080x32
+#GRUB_DISABLE_LINUX_UUID=true
+#GRUB_DISABLE_RECOVERY=true
+# Uncomment and set to the desired menu colors.  Used by normal and wallpaper
+# modes only.  Entries specified as foreground/background.
+#GRUB_COLOR_NORMAL="light-blue/black"
+#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"

dotfiles/install-grub.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ -e /etc/default/grub ]; then
+  sudo rm /etc/default/grub
+fi
+
+install_dotfiles "/" "$DOTFILES_DIR" "grub"

dotfiles/install-iwd.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ -e /etc/iwd/main.conf ]; then
+  sudo rm /etc/iwd/main.conf
+fi
+
+install_dotfiles "/" "$DOTFILES_DIR" "iwd"

dotfiles/install-machine-id.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ -e /var/lib/dbus/machine-id ]; then
+  sudo rm /var/lib/dbus/machine-id
+fi
+
+install_dotfiles "/" "$DOTFILES_DIR" "machine-id"

dotfiles/install.sh

@@ -6,8 +6,11 @@ INSTALLING DOTFILES:
 
 . "$DOTFILES_DIR/install-emptty.sh"
 . "$DOTFILES_DIR/install-fuzzel.sh"
+. "$DOTFILES_DIR/install-grub.sh"
 . "$DOTFILES_DIR/install-ghostty.sh"
 . "$DOTFILES_DIR/install-helix.sh"
+. "$DOTFILES_DIR/install-iwd.sh"
+. "$DOTFILES_DIR/install-machine-id.sh"
 . "$DOTFILES_DIR/install-mako.sh"
 . "$DOTFILES_DIR/install-mango.sh"
 . "$DOTFILES_DIR/install-scooter.sh"

dotfiles/iwd/etc/iwd/main.conf

@@ -0,0 +1,12 @@
+[General]
+EnableNetworkConfiguration=true
+UseDefaultInterface=true
+AddressRandomization=network
+AddressRandomizationRange=full
+
+[Network]
+NameResolvingService=resolvconf
+EnableIPv6=false
+
+[Scan]
+DisablePeriodicScan=true

dotfiles/machine-id/var/lib/dbus/machine-id

@@ -0,0 +1 @@
+b08dfa6083e7567a1921a715000001fb

dotfiles/mango/.config/mango/scripts/exec-once.sh

@@ -3,6 +3,11 @@
 pkill -9 pipewire
 pipewire &
 
+sleep 0.25
+
+pkill -9 wireplumber
+wireplumber &
+
 awww-daemon --no-cache &
 
 if [ -f ~/.desolate/wallpaper/image.jpg ]; then

groups/assign.sh

@@ -6,11 +6,11 @@ gum style --foreground 4 "
 ASSIGNING GROUPS:
 "
 
-for file in "$GROUPS_DIR"/*; do
+for file in "$GROUPS_DIR"/*.group; do
 
   [ ! -f "$file" ] && continue
 
-  group="$(basename "$file")"
+  group="$(basename "${file%.group}")"
   
   if sudo usermod -aG $group $USER; then
     gum style --foreground 10 "✓ $group"

install.sh

@@ -10,7 +10,7 @@ GROUPS_DIR="$DESOLATE_DIR/groups"
 
 . "$PACKAGES_DIR/install.sh"
 . "$DOTFILES_DIR/install.sh"
-. "$DESOLATE_DIR/assign-groups.sh"
+. "$GROUPS_DIR/assign.sh"
 . "$SERVICES_DIR/install.sh"
 
 gum style --foreground 15 "

packages/install-alsa-pipewire.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+install_package "alsa-pipewire"

packages/install-impala.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+install_package "impala"

packages/install-iwd.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+install_package "iwd"

packages/install-openresolv.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+install_package "openresolv"

packages/install-rtkit.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+install_package "rtkit"

packages/install.sh

@@ -6,6 +6,7 @@ gum style --foreground 4 "
 INSTALLING PACKAGES:
 "
 
+. "$PACKAGES_DIR/install-alsa-pipewire.sh"
 . "$PACKAGES_DIR/install-apparmor.sh"
 . "$PACKAGES_DIR/install-awww.sh"
 . "$PACKAGES_DIR/install-bash-completion.sh"
@@ -19,6 +20,8 @@ INSTALLING PACKAGES:
 . "$PACKAGES_DIR/install-ghostty.sh"
 . "$PACKAGES_DIR/install-grim.sh"
 . "$PACKAGES_DIR/install-helix.sh"
+. "$PACKAGES_DIR/install-impala.sh"
+. "$PACKAGES_DIR/install-iwd.sh"
 . "$PACKAGES_DIR/install-less.sh"
 . "$PACKAGES_DIR/install-libnotify.sh"
 . "$PACKAGES_DIR/install-light.sh"
@@ -26,8 +29,10 @@ INSTALLING PACKAGES:
 . "$PACKAGES_DIR/install-mangowc.sh"
 . "$PACKAGES_DIR/install-mesa-dri.sh"
 . "$PACKAGES_DIR/install-noto-fonts.sh"
+. "$PACKAGES_DIR/install-openresolv.sh"
 . "$PACKAGES_DIR/install-pipewire.sh"
 . "$PACKAGES_DIR/install-ripgrep.sh"
+. "$PACKAGES_DIR/install-rtkit.sh"
 . "$PACKAGES_DIR/install-satty.sh"
 . "$PACKAGES_DIR/install-seatd.sh"
 . "$PACKAGES_DIR/install-slurp.sh"

services/install-iwd.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+if [ -e /etc/resolv.conf ]; then
+  sudo rm /etc/resolv.conf
+fi
+install_service "iwd"

services/install-rtkit.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+install_service "rtkit"

services/install-wireplumber.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+if [ ! -d /etc/pipewire/pipewire.conf.d ]; then
+  sudo mkdir -p /etc/pipewire/pipewire.conf.d
+fi
+
+# Session Manager
+
+if [ -e /etc/pipewire/pipewire.conf.d/10-wireplumber.conf ]; then
+  sudo ln -s /usr/share/examples/wireplumber/10-wireplumber.conf /etc/pipewire/pipewire.conf.d/
+fi
+
+# PulseAudio Interface
+
+if [ -e /etc/pipewire/pipewire.conf.d/20-pipewire-pulse.conf ]; then
+  sudo ln -s /usr/share/examples/pipewire/20-pipewire-pulse.conf /etc/pipewire/pipewire.conf.d/
+fi
+
+# ALSA Integration
+
+if [ ! -d /etc/alsa/conf.d ]; then
+  sudo mkdir -p /etc/alsa/conf.d
+fi
+
+if [ -e /usr/share/alsa/alsa.conf.d/50-pipewire.conf ]; then
+  sudo ln -s /usr/share/alsa/alsa.conf.d/50-pipewire.conf /etc/alsa/conf.d/
+fi
+
+if [ -e /usr/share/alsa/alsa.conf.d/99-pipewire-default.conf ]; then
+  sudo ln -s /usr/share/alsa/alsa.conf.d/99-pipewire-default.conf /etc/alsa/conf.d/
+fi

services/install.sh

@@ -8,8 +8,11 @@ INSTALLING SERVICES:
 
 . "$SERVICES_DIR/install-chronyd.sh"
 . "$SERVICES_DIR/install-dbus.sh"
+. "$SERVICES_DIR/install-iwd.sh"
+. "$SERVICES_DIR/install-rtkit.sh"
 . "$SERVICES_DIR/install-seatd.sh"
 . "$SERVICES_DIR/install-socklog-unix.sh"
 . "$SERVICES_DIR/install-nanoklogd.sh"
+. "$SERVICES_DIR/install-wireplumber.sh"
 
 . "$SERVICES_DIR/install-emptty.sh"

services/run-chronyd.sh

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-run_service "chronyd"

services/run-dbus.sh

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-run_service "dbus"

services/run-emptty.sh

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-run_service "emptty"

services/run-nanoklogd.sh

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-run_service "nanoklogd"

services/run-seatd.sh

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-run_service "seatd"

services/run-socklog-unix.sh

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-run_service "socklog-unix"

services/run-wireplumber.sh

@@ -1,16 +0,0 @@
-
-if [ ! -d /etc/pipewire/pipewire.conf.d ]; then
-  sudo mkdir -p /etc/pipewire/pipewire.conf.d
-fi
-
-# Session Manager
-
-if [ ! -e /etc/pipewire/pipewire.conf.d/10-wireplumber.conf ]; then
-  sudo ln -s /usr/share/examples/wireplumber/10-wireplumber.conf /etc/pipewire/pipewire.conf.d/
-fi
-
-# PulseAudio Interface
-
-if [ ! -e /etc/pipewire/pipewire.conf.d/20-pipewire-pulse.conf ]; then
-  sudo ln -s /usr/share/examples/pipewire/20-pipewire-pulse.conf /etc/pipewire/pipewire.conf.d/
-fi

services/run.sh

@@ -1,15 +0,0 @@
-#!/bin/sh
-
-sudo true
-
-gum style --foreground 4 "
-RUNNING SERVICES:
-"
-
-. "$SERVICES_DIR/run-chronyd.sh"
-. "$SERVICES_DIR/run-dbus.sh"
-. "$SERVICES_DIR/run-emptty.sh"
-. "$SERVICES_DIR/run-seatd.sh"
-. "$SERVICES_DIR/run-wireplumber.sh"
-. "$SERVICES_DIR/run-socklog-unix.sh"
-. "$SERVICES_DIR/run-nanoklogd.sh"

templates/hardened_malloc/INSTALL.msg

@@ -0,0 +1,32 @@
+
+The shared library will be installed at:
+
+	/usr/lib/libhardened_malloc.so
+	/usr/lib/libhardened_malloc-light.so
+
+It's will NOT become active on its own. To enable it system-wide, you must preload it.
+
+1. Test it first! Make sure a normal binary still runs:
+
+		LD_PRELOAD=/usr/lib/libhardened_malloc.so /bin/true && echo OK
+		LD_PRELOAD=/usr/lib/libhardened_malloc-light.so /bin/true && echo OK
+
+	If that prints OK, the library loads cleanly on this system.
+
+2. Enable system-wide by adding this single line to /etc/ld.so.preload
+	(create if file doesn't exist):
+
+		/usr/lib/libhardened_malloc.so
+
+		for light variant:
+		/usr/lib/libhardened_malloc-light.so
+
+	Per-process alternative (safer to trial): just export LD_PRELOAD as above
+	for the programs you want, instead of editing ld.so.preload.
+
+################ WARNING ################
+
+/etc/ld.so.preload is loaded by EVERY dynamically-linked program.
+If provided .so files are ever missing or broken while listed there, essential
+tools (your shell, sudo , xbps) may fail to start and you can lock
+yourself out of a running system.

templates/hardened_malloc/template

@@ -0,0 +1,25 @@
+# Template file for 'hardened_malloc'
+pkgname=hardened_malloc
+version=14
+revision=1
+build_style=gnu-makefile
+short_desc="Hardened memory allocator from GrapheneOS"
+maintainer="desolate.land"
+license="MIT"
+homepage="https://github.com/GrapheneOS/hardened_malloc"
+distfiles="https://github.com/GrapheneOS/hardened_malloc/archive/refs/tags/${version}.tar.gz"
+checksum=4cd95ff3b83c433ebc6269d0778d79eb3480b7d5bc873503e1cc3768546bdbec
+
+do_build()
+{
+	make ${makejobs} VARIANT=default
+	make ${makejobs} VARIANT=light
+}
+
+do_install()
+{
+	vinstall out/libhardened_malloc.so 755 usr/lib
+	vinstall out-light/libhardened_malloc-light.so 755 usr/lib
+
+	vlicense LICENSE
+}

templates/odin/template

@@ -0,0 +1,56 @@
+# Template file for 'odin'
+pkgname=odin
+version=2026.06
+revision=1
+_tag="dev-${version//./-}"
+archs="x86_64"
+hostmakedepends="clang llvm22 llvm22-devel make which"
+makedepends="llvm22-devel"
+checkdepends="python3"
+depends="clang"
+short_desc="Data-oriented programming language"
+maintainer="Desolate"
+license="BSD-3-Clause"
+homepage="https://odin-lang.org/"
+nostrip=yes
+distfiles="https://github.com/odin-lang/Odin/archive/refs/tags/${_tag}.tar.gz"
+checksum=9f91df15e06e782bdd2825926efc256ad1a79b3e022a1398e4e10dcc4d4d95fa
+wrksrc="Odin-${_tag}"
+
+do_build() {
+	export CXX=clang++
+	export LLVM_CONFIG=llvm-config
+	make release
+
+	make -C vendor/cgltf/src
+	make -C vendor/miniaudio/src
+	make -C vendor/stb/src
+}
+
+do_check() {
+	./odin check examples/all -strict-style
+	python3 tests/core/download_assets.py tests/core/assets
+	./odin test tests/core/speed.odin -o:speed -file -all-packages
+	./odin test tests/vendor -all-packages
+	./odin test tests/internal -all-packages
+}
+
+do_install() {
+	vmkdir usr/lib/odin
+	vinstall odin 755 usr/lib/odin
+	for d in base core shared vendor; do
+		vcopy "$d" usr/lib/odin
+	done
+
+	# Create wrapper script to ensure ODIN_ROOT is set correctly
+	cat > odin.sh <<EOF
+#!/bin/sh
+export ODIN_ROOT=/usr/lib/odin
+exec /usr/lib/odin/odin "\$@"
+EOF
+	vbin odin.sh odin
+
+	vlicense LICENSE
+	vdoc PROPOSAL-PROCESS.md
+	vdoc README.md
+}

templates/yazi/template

@@ -0,0 +1,30 @@
+# Template file for 'yazi'
+pkgname=yazi
+version=26.5.6
+revision=1
+build_style=cargo
+hostmakedepends="pkg-config"
+makedepends="oniguruma-devel lua54-devel"
+depends="nerd-fonts-symbols-ttf"
+short_desc="Blazing fast terminal file manager, based on async I/O"
+maintainer="Bnyro <bnyro@tutanota.com>"
+license="MIT"
+homepage="https://yazi-rs.github.io"
+changelog="https://github.com/sxyazi/yazi/releases"
+distfiles="https://github.com/sxyazi/yazi/archive/refs/tags/v${version}.tar.gz"
+checksum=a18445df86a20068f7b17609d12d6f635de488958579ae7a2b143a244ba7e63f
+
+export VERGEN_GIT_SHA="${version}_${revision}"
+# enable the generation of shell auto completions
+export YAZI_GEN_COMPLETIONS=true
+
+do_install() {
+	vbin target/${RUST_TARGET}/release/yazi
+	vbin target/${RUST_TARGET}/release/ya
+	vcompletion yazi-boot/completions/yazi.bash bash
+	vcompletion yazi-boot/completions/yazi.fish fish
+	vcompletion yazi-boot/completions/_yazi zsh
+	vinstall assets/yazi.desktop 644 /usr/share/applications
+	vinstall assets/logo.png 644 /usr/share/pixmaps yazi.png
+	vlicense LICENSE
+}