git-bug is a standalone, distributed, offline-first issue management tool that embeds issues, comments, and more as objects in a git repository (not files!), enabling you to push and pull them to one or more remotes.
Manage issues, users, and comments directly within your repository - keeping everything versioned and clutter-free. Leverage Git’s decentralized architecture to work offline and sync seamlessly later. List and search issues in mere milliseconds. Easily synchronize issues with platforms like GitHub and GitLab using bridges. Choose how you interact - via CLI, TUI, or a web browser. Start managing issues your repository with minimal setup.
Terramaid transforms your Terraform resources and plans into visually appealing Mermaid diagrams. By converting complex infrastructure into easy-to-understand diagrams, Terramaid enhances documentation, simplifies review processes, and fosters better collaboration among team members. Whether you're looking to enrich your project's documentation, streamline reviews, or just bring a new level of clarity to your Terraform configurations, Terramaid is the perfect utility to integrate into your development workflow. Terramaid is designed to easily integrate with existing pipelines and workflows.
OpenGFW is your very own DIY Great Firewall of China (https://en.wikipedia.org/wiki/Great_Firewall), available as a flexible, easy-to-use open source program on Linux. Why let the powers that be have all the fun? It's time to give power to the people and democratize censorship. Bring the thrill of cyber-sovereignty right into your home router and start filtering like a pro - you too can play Big Brother.
IPv4 and IPv6 support. Full IP/TCP reassembly, various protocol analyzers. Encrypted traffic detection. Flow-based multicore load balancing. Connection offloading. Powerful rule engine based on expr. Hot-reloadable rules.
Nylon is a Resilient Overlay Network built from WireGuard, designed to be performant, secure, reliable, and most importantly, easy to use. Nylon is the integration of the Babel routing protocol with Polyamide (an advanced fork of WireGuard-go that enables routing).
Does not require all nodes to be reachable from each other, unlike mesh-based VPN projects. Runs on a single UDP port (57175), is distributed by a single statically-linked binary, and is auto configured by a single configuration file. You can use your existing WireGuard clients to connect to a nylon network, with reduced functionality. Useful for mobile clients.
What this is: Regular email check-ins. If you don't respond, your emergency contacts get notified.
Who it's for: Activists, journalists, researchers, solo folks. Anyone who needs someone to notice if they go silent.
How it works: Choose daily or weekly pings. Click the link in the email or reply "PONG" to confirm you're okay. Miss the ping? We'll send reminders. Still no response? Your emergency contacts get alerted.
A toolkit for building secure, portable and lean operating systems for containers. Secure defaults without compromising usability. Everything is replaceable and customisable. Immutable infrastructure applied to building Linux distributions. Completely stateless, but persistent storage can be attached if needed. Easy tooling with easy iteration. Designed to create reproducible builds. Designed for building and running clustered applications, including but not limited to container orchestration such as Docker or Kubernetes. Designed from the experience of building Docker Editions, but redesigned as a general-purpose toolkit. Designed to be managed by external tooling.
FyneDesk is an easy to use Linux/Unix desktop environment following material design. It is built using the Fyne toolkit and is designed to be easy to use as well as easy to develop.
Can be run inside an X window using Xephyr for testing and debugging.
Misconfig Mapper has a dedicated open-source CLI tool written in Golang to help you automate the testing of most misconfigurations found on covered services.
It can identify and enumerate instances of services used by your company, and perform detection and misconfiguration checks at scale! By supplying a template with detection fingerprints and misconfiguration check fingerprints, the tool can quickly and accurately identify potential security risks in popular third-party software and services!
The tool is based on templates and is versatile. New services can be easily added by adding them to the services.json file.
FOKS provides a secure, end-to-end encrypted Git hosting service. Your data is encrypted on your machine before it is sent to the server, and the server never sees data or filenames in unencrypted form. Internally, FOKS implements git atop an encrypted key-value store. Clients encrypt keys and values before sending them up to the server, and decrypt them upon retrieval. You can access this key-value store directly, which can store either short strings, or large data files. FOKS provides a federated and generalized team management system. You can create teams, add members, and assign roles. You can also delegate team management to other team members. Teams can be members of other teams, allowing for complex team topologies that can mirror real-world organizations. Morever, teams can cross federated boundaries, allowing users on different FOKS servers to share data with end-to-end encryption.
Github: https://github.com/foks-proj/go-foks
In the AUR.
Co-ATC is an AI-enhanced system designed to monitor airspace activity, supporting (imaginary) ATC operations. It integrates real-time ADSB data (local or remote), streams ATC communications (local VHF radio or LiveATC) while leveraging AI to transcribe and interpret communications, track ATC instructions, and generate alerts for potential conflicts or non-compliance.
Live visualization of aircraft positions, flight paths, and telemetry data. Comprehensive airspace view with aircraft details, weather overlays, and runway information. Connects to your ADSB and VHF band SDRs for mostly local (offline) tracking. Voice-based ATC assistant with comprehensive airspace knowledge and real-time context (OpenAI API key required). Real-time transcription and analysis of ATC communications using AI (OpenAI API key required). Automatic detection and tracking of aircraft flight phases (taxi, takeoff, departure, cruise, arrival, approach, touchdown). AI-powered extraction and tracking of takeoff, landing, and approach clearances (OpenAI API key required). Create and control simulated aircraft for training and testing scenarios.Live METAR, TAF, and NOTAM data integration (using "stolen" Windy APIs - sorry!) Real-time notifications for aircraft status changes and potential issues (incomplete).
Golden Point is a FidoNet (FTN) point package written with in Golang to provide a mailer, tosser and other related utilities. To work with GoldenPoint after starting you will need to open your browser on address http://127.0.0.1:8080
Implements a Binkp/1.0 mailer, the basic FidoNET technical standards and control messages, and traffic tracking.
Koito is a modern, themeable ListenBrainz-compatible scrobbler for self-hosters who want control over their data and insights into their listening habits. It supports relaying to other compatible scrobblers, so you can try it safely without replacing your current setup.
Seems to require Postgres as its back-end.
Uncloud is a lightweight clustering and container orchestration tool that lets you deploy and manage web apps across cloud VMs and bare metal with minimised cluster management overhead. It creates a secure WireGuard mesh network between your Docker hosts and provides automatic service discovery, load balancing, ingress with HTTPS, and simple CLI commands to manage your apps.
Unlike traditional orchestrators, there's no central control plane and quorum to maintain. Each machine maintains a synchronised copy of the cluster state through peer-to-peer communication, keeping cluster operations functional even if some machines go offline.
Uncloud is the solution for developers who want the flexibility of self-hosted infrastructure without the operational complexity of Kubernetes. Tries to stay out of your way so you spend less time troubleshooting Docker. Also doesn't force you to use Docker to manage Docker - supports bare metal (and outside of containers in general) as a first-class citizen.
Unregistry is a lightweight container image registry that stores and serves images directly from your Docker daemon's storage.
You've built a Docker image locally. Now you need it on your server. Your options suck:
- Docker Hub / GitHub Container Registry - Your code is now public, or you're paying for private repos
- Self-hosted registry - Another service to maintain, secure, and pay for storage
- Save/Load -
docker save | ssh | docker loadtransfers the entire image, even if 90% already exists on the server - Rebuild remotely - Wastes time and server resources. Plus now you're debugging why the build fails in production
You just want to move an image from A to B. Why is this so hard?
The included docker pussh command (extra 's' for SSH) lets you push images straight to remote Docker servers over SSH. It transfers only the missing layers, making it fast and efficient.
docker pussh myapp:latest user@server
It's like rsync for Docker images — simple and efficient.
chezmoi helps you manage your personal configuration files (dotfiles, like ~/.gitconfig) across multiple machines. chezmoi provides many features beyond symlinking or using a bare git repo including:
- templates (to handle small differences between machines)
- password manager support (to store your secrets securely)
- importing files from archives (great for shell and editor plugins)
- full file encryption (using gpg or age)
- running scripts (to handle everything else)
Github: https://github.com/twpayne/chezmoi
In Homebrew. In Arch's extra package repo.
Gain another host's network access permissions by establishing a stateful TCP connection with a spoofed source IP. Requires all of the hosts in question to be on the same subnet; uses ARP cache poisoning.
Airstation is a self-hosted web app for streaming music over the internet. It features a simple interface for uploading tracks and managing the playback queue, along with a minimalistic player for listeners. Under the hood, it streams music over HTTP using HLS, stores data in SQLite, and leverages FFmpeg for audio processing — all packaged in a compact Docker container for easy deployment.
SeaweedFS is a fast distributed storage system for blobs, objects, files, and data lake, for billions of files! Blob store has O(1) disk seek, cloud tiering. Filer supports Cloud Drive, cross-DC active-active replication, Kubernetes, POSIX FUSE mount, S3 API, S3 Gateway, Hadoop, WebDAV, encryption, Erasure Coding.
A self-contained emergency web server. For those occasions when your webserver is down and you want to display a quick maintenance note. Or just want to quickly demo a static site. It can take a directory, a file or the bare HTML you want to serve as a string. The -proxy flag can be useful when used as a development server for another project.
Wiretap is a transparent, VPN-like proxy server that tunnels traffic via Wireguard and requires no special privileges to run.
Wireguard configs are generated and deployed on all of the servers. Clients can then interact with local network resources as if on the same network as the server, and optionally chain additional servers to reach new networks. Access to the Wiretap network can also be shared with other clients.
A Wiretap Server is any machine where a Wiretap binary is running the serve command. Servers receive and relay network traffic on behalf of Wiretap Clients, acting like a VPN "exit node." A Wiretap Client is any machine running the Wireguard configurations necessary to send and receive network traffic through a Wiretap Server. It functions much like a client in a VPN connection. Clients are also able to reconfigure parts of the Wiretap network dynamically using the Wiretap binary.
Seems to work like Nebula, only without the certificates expiring every year.