refactor: final architecture audit and hardening

bin/appearance/nomarchy-theme-set-vscode

@@ -1,39 +1,20 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
-# Sync Nomarchy theme to VS Code, VSCodium, and Cursor
+# Nomarchy VS Code Theme Setter
+# This script only updates the global state.json.
+# Home Manager (modules/home/vscode.nix) handles the declarative settings injection.
 
-VS_CODE_THEME="$HOME/.config/nomarchy/current/theme/vscode.json"
+STATE_DIR="$HOME/.config/home-manager"
+STATE_FILE="$STATE_DIR/state.json"
 
-set_theme() {
-  local editor_cmd="$1"
-  local settings_path="$2"
+mkdir -p "$STATE_DIR"
+[[ ! -f $STATE_FILE ]] && echo "{}" > "$STATE_FILE"
 
-  nomarchy-cmd-present "$editor_cmd" && [[ $NNOMARCHY_TOGGLE_SKIP_VSCODE_THEME != "true" ]] || return 0
+# Theme is already set in state.json by nomarchy-theme-set.
+# This script is now mostly a placeholder to maintain the same workflow,
+# triggering an env-update if needed to apply the declarative changes.
 
-  if [[ -f $VS_CODE_THEME ]]; then
-    theme_name=$(jq -r '.name' "$VS_CODE_THEME")
-    extension=$(jq -r '.extension' "$VS_CODE_THEME")
-
-    if [[ -n $extension ]] && ! "$editor_cmd" --list-extensions | grep -Fxq "$extension"; then
-      "$editor_cmd" --install-extension "$extension" >/dev/null
+if [[ $NOMARCHY_TOGGLE_SKIP_VSCODE_THEME != "true" ]]; then
+    # We trigger env-update to apply the new VSCode theme declaratively.
+    env-update
 fi
-
-    mkdir -p "$(dirname "$settings_path")"
-    [[ -f $settings_path ]] || printf '{\n}\n' >"$settings_path"
-
-    if ! grep -q '"workbench.colorTheme"' "$settings_path"; then
-      sed -i --follow-symlinks -E '0,/\{/{s/\{/{\ "workbench.colorTheme": "",/}' "$settings_path"
-    fi
-
-    sed -i --follow-symlinks -E \
-      "s/(\"workbench.colorTheme\"[[:space:]]*:[[:space:]]*\")[^\"]*(\")/\1$theme_name\2/" \
-      "$settings_path"
-  elif [[ -f $settings_path ]]; then
-    sed -i --follow-symlinks -E 's/\"workbench\.colorTheme\"[[:space:]]*:[^,}]*,?//' "$settings_path"
-  fi
-}
-
-set_theme "code" "$HOME/.config/Code/User/settings.json"
-set_theme "code-insiders" "$HOME/.config/Code - Insiders/User/settings.json"
-set_theme "codium" "$HOME/.config/VSCodium/User/settings.json"
-set_theme "cursor" "$HOME/.config/Cursor/User/settings.json"

modules/home/bash.nix

@@ -0,0 +1,45 @@
+{ config, lib, ... }:
+
+{
+  programs.bash = {
+    enable = true;
+    
+    # Safely append user's custom RC file after NixOS setup
+    bashrcExtra = ''
+      if [[ -f ~/.config/nomarchy/default/bash/rc ]]; then
+        source ~/.config/nomarchy/default/bash/rc
+      fi
+    '';
+
+    # Import aliases from the static file logic
+    shellAliases = lib.mkDefault {
+      # File system
+      lsa = "ls -a";
+      
+      # Directories
+      ".." = "cd ..";
+      "..." = "cd ../..";
+      "...." = "cd ../../..";
+
+      # Tools
+      c = "opencode";
+      d = "docker";
+      r = "rails";
+      t = "tmux attach || tmux new -s Work";
+
+      # Git
+      g = "git";
+      gcm = "git commit -m";
+      gcam = "git commit -a -m";
+      gcad = "git commit -a --amend";
+      
+      # NixOS specific (inherited from default.nix but keeping here for consistency)
+      sys-update = "sudo nixos-rebuild switch --flake /etc/nixos#default --impure";
+      env-update = "nomarchy-preflight-migration && home-manager switch --flake /etc/nixos#default --impure";
+    };
+  };
+
+  # Ensure the directory exists in the user's home via xdg.configFile
+  # This mapping is likely already handled in configs.nix, but we ensure it here
+  # or in the main config mapping.
+}

modules/home/default.nix

@@ -32,6 +32,7 @@ in
     ./swayosd.nix
     ./security.nix
     ./battery-monitor.nix
+    ./bash.nix
   ];
 
   colorScheme = lib.mkDefault (palettes.${config.nomarchy.theme} or palettes.nord);
@@ -59,8 +60,5 @@ in
     nerd-fonts.ubuntu-mono
   ] ++ userPackages);
 
-  home.shellAliases = lib.mkDefault {
-    sys-update = "sudo nixos-rebuild switch --flake /etc/nixos#default --impure";
-    env-update = "nomarchy-preflight-migration && home-manager switch --flake /etc/nixos#default --impure";
-  };
+  # Shell aliases are now managed in bash.nix
 }

modules/home/vscode.nix

@@ -1,12 +1,15 @@
 { config, pkgs, ... }:
 
+let
+  themeConfig = builtins.fromJSON (builtins.readFile (../../assets/themes + "/${config.nomarchy.theme}/vscode.json"));
+in
 {
   programs.vscode = {
     enable = true;
     package = pkgs.vscode;
     userSettings = {
       "update.mode" = "none";
-      "workbench.colorTheme" = "Nomarchy Theme"; # Example, would need to be generated
+      "workbench.colorTheme" = themeConfig.name;
       "window.titleBarStyle" = "custom";
     };
     # extensions = with pkgs.vscode-extensions; [ ... ];

modules/system/impermanence.nix

@@ -47,10 +47,10 @@ in
         "/var/log"
         "/var/lib/nixos"
         "/var/lib/systemd/coredump"
-        "/var/lib/systemd/timesync"
+        "/var/lib/NetworkManager"
+        "/etc/NetworkManager/system-connections"
         "/var/lib/bluetooth"
         "/var/lib/fprint"
-        "/etc/NetworkManager/system-connections"
         "/etc/nixos"
         "/etc/ssh"
       ];
@@ -58,6 +58,18 @@ in
         "/etc/machine-id"
         "/etc/supergfxd.conf"
       ];
+      users.nomarchy = {
+        directories = [
+          ".ssh"
+          ".gnupg"
+          ".local/share/keyrings"
+          "Documents"
+          "Downloads"
+          "Pictures"
+          "Videos"
+          "Projects"
+        ];
+      };
     };
   };
 }

modules/system/sddm.nix

@@ -9,6 +9,11 @@ let
       mkdir -p $out/share/sddm/themes/nomarchy
       cp -r * $out/share/sddm/themes/nomarchy/
     '';
+    propagatedBuildInputs = with pkgs.libsForQt5.qt5; [
+      qtgraphicaleffects
+      qtquickcontrols2
+      qtsvg
+    ];
   };
 in
 {