Userrepository using mirrors

For a few months, I considered using the mirror service from Fosshost in The service results from a partnership between Fosshost and Fastly, giving projects access to several PoP’s around the globe.

Finally, a few days ago, I enabled the service. I also created a package with the mirror’s list, userrepository-mirrors, available in my repository and AUR. The package has all the instructions for enabling the mirrors and what to do if you already have userrepository in your /etc/pacman.conf configuration.

The mirror service syncs every 4 hours. After each build, partial or full, the updated packages will be pushed to the servers with rsync.

If you’re wondering why it took me so long, the answer is simple: fibromyalgia and pain 24/7.


Status on userrepository changes

It took me a while to update you about the latest changes to my Arch and Arch-compatible Linux distributions repository. But first, let me apologize for the delay: work, personal life and, for about 3 weeks now, a horrible back pain (that just doesn’t stop, even with an handful of medication) have kept me from doing this in the time frame I expected.

First on the “agenda”, I experimented with increasing the zstd compression level for the packages like I said I would do in my last post about the repository. The trade-off was not worth it: the increase in packaging time was far superior to the small decrease in package size. So, I’ll keep the zstd compression level to “-12” in the foreseeable future.

Also, up to a few days ago, I would manually update the packages and, from time to time, do a full build. Now, I’m using a cron job and pueue to manage the tasks and it always does a full build.

If you don’t know pueue, this application is a command-line task management tool for sequential and parallel execution of long-running tasks. Besides adding tasks, you can watch the logs for them, the exit codes and even follow what the task is doing (just like using “tail -f /destination/file“). But pueue can do much more. Go check it out at Github. also has a few more packages. For example: vimtips, wego, wttr, plymouth and performance-tweaks. All of them are at AUR and at the Git repository where I have sources, if you want to take a look at the commits (just ignore some of the commit messages, because I can be lazy with them at times ^^’).

One last thing: please become a Patron if you want to support Even €1 will help cover the monthly expenses, just over €15. If I get enough patrons, I’ll be able to upgrade the virtual machine to one with better specs, which will allow a higher package compression level, shorter build times and maybe even packaged kernels. Thank you!


How to set up a simple Wireguard VPN

Install Wireguard

I’m using a Debian virtual machine for the server. In Debian 10, you’ll need to install the following two packages:

apt install wireguard-dkms wireguard-tools

Set up keys

First, navigate to /etc/wireguard (If not created, run mkdir /etc/wireguard as root) and then run the following commands as root:

wg genkey | tee laptop-private.key |  wg pubkey > laptop-public.key
wg genkey | tee server-private.key |  wg pubkey > server-public.key

The first line is for the public and private keys of the client, named laptop because, well, it’ll be used on a laptop. But you can choose any other name.

Configure the Wireguard server

First, enable IP forwarding. Since we’re only using IPv4, edit the /etc/sysctl.conf file as root, locate the net.ipv4.ip_forward line, uncomment it and change the value to 1.

Now, you need to create the /etc/wireguard/wg0.conf. This will be both the name of the connection interface and the configuration file for that interface. I’m using just one for a simple setup.

Address =
ListenPort = 51820
PrivateKey = <copy private key from server-private.key>
PostUp   = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# laptop
PublicKey = <copy public key from laptop-public.key>
AllowedIPs =

Now you are ready to start the Wireguard daemon, so it can accept connections. Just run:

wg-quick up wg0

Some things to know


Address: the private IPv4 addresses (you can also use IPv6 addresses) for the Wireguard server subnet. In this example, clients connection to the server will be assigned IPs ranging from to

ListenPort: the port where Wireguard will listen. Don’t forget to open it in your firewall.

PrivateKey: the content from server-private.key.

PostUp and PostDown: defines steps to be run after the interface is turned on or off, respectively. In this case, iptables is used to set IP masquerade rules to allow all the clients to share the server’s IPv4 address. The rules will then be cleared once the tunnel is down. Don’t forget to change eth0 to your server’s network device.


PublicKey: the content from laptop-public.key.

AllowedIPs: the subnet IP assigned to that client when it connects to the server

Set up the client

On the client side, you’ll also have to install Wireguard. If you’re using Debian, Ubuntu or any distribution based on the previous two, the command will be the same (I’m assuming Ubuntu uses the same package names. If not, change it to your needs). In Arch, the distribution I’m currently using, you can install packages with:

pacman -Syuv wireguard-dkms wireguard-tools

Configure the Wireguard client

Create the /etc/wireguard/wg0.conf file and populate it with the following content:

Address =
PrivateKey = <copy private key from laptop-private.key>

PublicKey = <copy public key from server-public.key>
AllowedIPs =
Endpoint = 
PersistentKeepalive = 25

Some things to know


Addresss: the client’s IP address in Wiregard’s subnet.

PrivateKey: the content from laptop-private.key.


PublicKey: the content from server-public.key.

AllowedIPs: set it to to forward all IPv4 traffic through Wireguard.

Endpoint: the server IP address, followed by the port to connect to.

PersistentKeepalive: the number of seconds you wish the client sends a keepalive packet to the server. This is useful if the client is behind NAT or a firewall

Test the connection

On the client side, run wg-quick up wg0. You should now have a working Wireguard connection just like any VPN.

If you found a typo or an error, please use the comment box to report it. Also, if you found the post useful, please share it on social media, so it can reach a larger audience.


Updates to Jarvis, my Arch buildbot

My Arch buildbot, Jarvis, received an update today in the options logic. Now, it can receive an argument in the add (-a) and delete (-d) options, so the user can specify the package to add or delete.

The option to add a package, for now, only works for AUR. If you want to add a package that’s not in AUR, you’ll need to manually add the submodule. In the future, Jarvis will allow you to use a git repository with a PKGBUILD file.

Tony Stark would be jealous. 😉


Metapackage for a personal installation of Arch Linux and Arch-based distributions

I’ve been using Arch or Arch-based distributions for over a year now. In this time testing a few of them, I’ve always lacked a simple and logical way of installing the same “essential” software. To tackle this, I’ve created a metapackage with all this software and this is what I’ve got so far:

# Maintainer: Bruno Miguel <>

pkgdesc="A metapackage for some packages I find essential. Requires repo"


    # base
	'tmux' 'rxvt-unicode' 'urxvt-tabbedex' 'gotop-git' 'pakku' 'inxi' 'brightnessctl-git' 'broot' 'ranger' 'htop' 'git' 'scat' 'scaleway-cli' 'reflector' 'qjournalctl' 'openvpn' 'openssh' 'cpupower' 'bash-completion'
	# editors
	'vim' 'micro' 'marktext-bin' 'notable-bin' 'quilter'
	# cli utilities
	'terminal-markdown-viewer' 'redshift' 'youtube-dl' 'unrar' 'unzip' 'spicetify-cli' 'pfetch-git' 'profile-cleaner' 'cups'
	# multimedia
	'acestream-launcher' 'gimp' 'gimp-plugin-gmic' 'gimp-refocus' 'spotify' 'pavucontrol' 'vlc' 'curseradio-git' 'mpv-acestream' 'jpegoptim' 'optipng' 'acestream-engine' 'trimage' 'pngzop'
	# fonts
	'ttf-fira-go' 'ttf-fira-mono-ibx' 'ttf-league-mono' 'ttf-inter-ui' 'interui-otf'
	# plasma (somewhat minimal)
	'kvantum-qt5' 'kvantum-theme-materia' 'plasma-desktop' 'konsole' 'ark' 'gwenview' 'kde-gtk-config' 'kdeplasma-addons' 'ksysguard' 'powerdevil' 'user-manager' 'spectacle' 'kio-extras' 'kipi-plugins' 'kcalc' 'kcron' 'okular' 'dolphin' 'dolphin-plugins' 'sweeper' 'kdeconnect' 'oxygen' 'plasma-nm' 'plasma-pa' 'plasma5-applets-redshift-control' 'konsole' 'okular' 'kate' 'print-manager'
	# browsers
	'brave-dev-bin' 'firefox' 'firefox-i18n-pt-pt' 'falkon-git' 'librewolf-bin'
	# desktop utilities
	'roxterm' 'flameshot' 'libreoffice-fresh' 'filelight'
	# security
	# i3
	'i3-gaps-rounded-git' 'polybar' 'rofi' 'compton-tryone-git' 'nitrogen'
	# themes and icons
	'korla-icon-theme' 'arc-icon-theme' 'boston-icon-theme-git'	
	'steam' 'gamehub'

You can keep up with the changes on Github.