From 27d1506b54dcc7460ade1aa1bfddf71fbe1a0100 Mon Sep 17 00:00:00 2001 From: Bernardo Magri Date: Tue, 19 May 2026 18:28:54 +0100 Subject: [PATCH 1/3] chore(lib): drop dead helpers, document schema boundary MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two unused helpers and a missing comment in the lib/ surface, found during the Pillar 8 sweep. - `readState` in `lib/default.nix` was exported but has no external callers — only `readHomeState` and `readSystemState` use it internally. Removed from the export list; the function stays in the let-block (still wraps the two public readers). - `getWithDefault` in `lib/state-schema.nix` was a complete dead function: declared as a path-walking fallback helper but never called anywhere in the tree. core/{system,home}/state.nix use inline `togglesState. or schema..` instead. Removed. - Added a header comment to `lib/state-schema.nix` explaining the schema's boundary — it lists every state.json field consumed by a Nix option, but state.json may also hold runtime-only fields (`welcome_done` from `nomarchy-welcome`) that are intentionally off-schema because no Nix option reads them. Future readers will otherwise think welcome_done is an orphan. Logged a Later-column roadmap row for consolidating `flake.nix`'s palette/themeNames re-imports with `nomarchyLib` so the theme list has one source of truth instead of two. --- docs/ROADMAP.md | 1 + lib/default.nix | 1 - lib/state-schema.nix | 20 +++++++++----------- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/docs/ROADMAP.md b/docs/ROADMAP.md index a3ea69d..c6c389a 100644 --- a/docs/ROADMAP.md +++ b/docs/ROADMAP.md @@ -39,6 +39,7 @@ Guardrails (apply when adding anything): - **Forgejo release pipeline.** `vYY.MM.x` tags matching the upstream NixOS channel; the pipeline pushes the three ISOs and an updated `flake.lock` snapshot. - **Optional `nomarchy-installer-vm`** rebuilt as a real flake app (not a one-off shell script) so users can install Nomarchy into a libvirt VM declaratively. - **Surface support module** via the relevant `nixos-hardware` profile + Surface kernel patches behind a `nomarchy.hardware.isSurface` toggle. +- **Consolidate palette imports in `flake.nix` via `nomarchyLib`.** `flake.nix:79-80` re-imports `./themes/palettes` and recomputes `themeNames` even though `lib/default.nix` already exports both. Two computations, same result today — drift risk tomorrow. Import `nomarchyLib = import ./lib { inherit lib; }` once and use `nomarchyLib.{palettes,themeNames}` to make `lib/default.nix` the single source of truth for the theme list. ## 3. Pillar: Script & menu audit diff --git a/lib/default.nix b/lib/default.nix index 18c2feb..a90b941 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -98,7 +98,6 @@ let in { inherit palettes - readState readHomeState readSystemState resolveWallpaper diff --git a/lib/state-schema.nix b/lib/state-schema.nix index bc98b87..50bb2d5 100644 --- a/lib/state-schema.nix +++ b/lib/state-schema.nix @@ -1,5 +1,13 @@ # Nomarchy State Schema -# Defines the complete state shape with defaults for both home and system state +# +# Defines the default values for every state.json field that's consumed by a +# Nix option. Read by core/{system,home}/options.nix (for `default = …`) and +# by core/{system,home}/state.nix (for `or` fallbacks). +# +# state.json may also hold runtime-only fields that aren't declared here — +# notably `welcome_done`, managed by `nomarchy-welcome`. Those are intentionally +# off-schema because no Nix option reads them; the schema is the "consumed by +# Nix" surface, not the full state.json shape. { lib }: { @@ -54,14 +62,4 @@ }; }; - # Get a value from state with fallback to default - getWithDefault = state: path: default: - let - pathList = lib.splitString "." path; - getValue = obj: remaining: - if remaining == [] then obj - else if builtins.isAttrs obj && builtins.hasAttr (builtins.head remaining) obj - then getValue obj.${builtins.head remaining} (builtins.tail remaining) - else default; - in getValue state pathList; } From 6e0d17b859352682581bdfee09ec140312efcf0b Mon Sep 17 00:00:00 2001 From: Bernardo Magri Date: Tue, 19 May 2026 18:46:30 +0100 Subject: [PATCH 2/3] fix(welcome): drop Step 4's dead starter home.nix generation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `nomarchy-welcome` wrote a "starter" `~/.config/home-manager/home.nix` for users without one. Two problems: 1. Wrong path. The installer-generated canonical home.nix lives at `/etc/nixos/home.nix` and is imported via the flake (both home-manager.users and the standalone homeConfigurations). Nothing in the installer flow ever reads `~/.config/home-manager/home.nix` — it's a dead file. 2. Broken content. The starter is missing `home.username`, `home.homeDirectory`, `home.stateVersion`, and doesn't import `nomarchy.nixosModules.home`. Even on a hand-migration path it wouldn't evaluate as a standalone HM config. So in the installer flow it's dead, and in the migration flow it's broken. Removed Step 4 entirely. The git-init step (was Step 5) is now Step 4. Hand-migrated users follow `docs/MIGRATION.md`, which has the correct home.nix template. Found during Pillar 8 audit of first-boot UX. --- features/scripts/utils/nomarchy-welcome | 36 +++---------------------- 1 file changed, 3 insertions(+), 33 deletions(-) diff --git a/features/scripts/utils/nomarchy-welcome b/features/scripts/utils/nomarchy-welcome index 4ce78f6..bf30367 100755 --- a/features/scripts/utils/nomarchy-welcome +++ b/features/scripts/utils/nomarchy-welcome @@ -59,39 +59,9 @@ if [[ "$USER" == "nixos" ]]; then exit 0 fi -# 4. Starter home.nix +# 4. Setup Local Repo (Crucial for nomarchy-env-update to work) echo "" -echo "Step 4: Starter home.nix" -HOME_NIX="$HOME/.config/home-manager/home.nix" -if [ ! -f "$HOME_NIX" ]; then - echo "It looks like you don't have a ~/.config/home-manager/home.nix file yet." - echo "Nomarchy uses this file to manage your user-level packages and settings." - if gum confirm "Would you like to generate a starter home.nix?"; then - mkdir -p "$(dirname "$HOME_NIX")" - cat < "$HOME_NIX" -{ pkgs, ... }: -{ - # Nomarchy starter home.nix - # Add your user packages here. - home.packages = with pkgs; [ - btop - fastfetch - chromium - # Add more packages here - ]; - - # home.stateVersion = "25.11"; # Consult docs/MIGRATION.md if you change this -} -EOF - echo "Starter home.nix generated at $HOME_NIX" - fi -else - echo "Detected existing home.nix at $HOME_NIX. Skipping generation." -fi - -# 5. Setup Local Repo (Crucial for nomarchy-env-update to work) -echo "" -echo "Step 5: Git Repository Check" +echo "Step 4: Git Repository Check" echo "Nomarchy relies on a local git repository for declarative updates." if [ ! -d "/etc/nixos/.git" ]; then echo "Warning: /etc/nixos is not a git repository. Declarative updates might fail." @@ -102,7 +72,7 @@ if [ ! -d "/etc/nixos/.git" ]; then fi fi -# 6. Success +# 5. Success echo "" echo "Applying all changes..." nomarchy-env-update From 95101fda3f2525d2101465af04106f014b2d7f14 Mon Sep 17 00:00:00 2001 From: Bernardo Magri Date: Tue, 19 May 2026 18:46:41 +0100 Subject: [PATCH 3/3] fix(sddm): default autoLogin off, not on with hardcoded "nomarchy" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `themes/engine/sddm.nix` defaulted `services.displayManager.autoLogin` to `enable = true; user = "nomarchy";` (both mkDefault). The installer flow overrode both with the real username at normal priority, so this was invisible there — but a hand-migrated user (per docs/MIGRATION.md) who imported `nomarchy.nixosModules.system` without setting `autoLogin.user` would auto-login as a nonexistent "nomarchy" user and SDDM would error. `docs/MIGRATION.md` even documented the override as a post-import chore. Flipped the default to `enable = lib.mkDefault false`. Installer generates `enable = true` directly so its flow is unchanged. Migration flow now gets the safe default — opt-in instead of opt-out — and the docs row is updated to reflect the new shape. The hardcoded "nomarchy" username fallback for `autoLogin.user` is the same class of bug as the impermanence persistence block was. A future roadmap row to consolidate "primary user" across impermanence, autoLogin, and any future modules might be worthwhile, but it's deferred — this commit is the immediate fix. Found during Pillar 8 audit of first-boot UX. --- docs/MIGRATION.md | 2 +- themes/engine/sddm.nix | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/MIGRATION.md b/docs/MIGRATION.md index b3ceb35..5d68162 100644 --- a/docs/MIGRATION.md +++ b/docs/MIGRATION.md @@ -210,7 +210,7 @@ and it's whichever has higher Nix priority. Fix these explicitly: | Graphics | `hardware.graphics.enable = true` (was `hardware.opengl`) | Probably already enabled — fine | | User groups | needs `video render networkmanager` | Add to your `users.users..extraGroups` | | `/etc/os-release` | `ID=nomarchy`, `NAME=Nomarchy` | A few third-party scripts grep `ID=nixos` — adjust them or rely on `ID_LIKE` (TBD) | -| autoLogin | `enable = true; user = "nomarchy";` (mkDefault) | Override with `services.displayManager.autoLogin.user = ""` or disable | +| autoLogin | `enable = false; user = "nomarchy";` (mkDefault) | Off by default — opt in with `services.displayManager.autoLogin = { enable = true; user = ""; };` if you want it | Impermanence is **off** unless you set `nomarchy.system.impermanence.enable = true`, and it requires a BTRFS layout with a `root-blank` snapshot. Don't enable it diff --git a/themes/engine/sddm.nix b/themes/engine/sddm.nix index 6e0e851..eb57ce7 100644 --- a/themes/engine/sddm.nix +++ b/themes/engine/sddm.nix @@ -27,8 +27,12 @@ in services.displayManager.defaultSession = lib.mkDefault "hyprland-uwsm"; + # autoLogin defaults off so hand-migrated configs (no installer-written + # username) don't try to log in as a nonexistent "nomarchy" user. The + # installer-generated system.nix sets both `enable = true;` and + # `user = "$USERNAME";` at normal priority, overriding these defaults. services.displayManager.autoLogin = { - enable = lib.mkDefault true; + enable = lib.mkDefault false; user = lib.mkDefault "nomarchy"; };