feat: implement modular foundation and core system services

- Update flake.nix with 25.11 release and core inputs
- Add dedicated modules for audio (Pipewire), bluetooth, and networking
- Update GEMINI.md with the new Modular Merging Architecture blueprint
- Configure graphical installer ISO and test VM outputs

bin/nomarchy-setup-fingerprint

@@ -1,134 +1,40 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
-set -e
+# Configure Fingerprint support declaratively for Nomarchy NixOS.
 
-GREEN='\033[0;32m'
-RED='\033[0;31m'
-YELLOW='\033[1;33m'
-NC='\033[0m' # No Color
-
-print_success() {
-  echo -e "${GREEN}$1${NC}"
-}
-
-print_error() {
-  echo -e "${RED}$1${NC}"
-}
-
-print_info() {
-  echo -e "${YELLOW}$1${NC}"
-}
-
-check_fingerprint_hardware() {
-  # Get fingerprint devices for the user
-  devices=$(fprintd-list "$USER" 2>/dev/null)
-
-  # Exit if no devices found
-  if [[ -z $devices ]]; then
-    print_error "\nNo fingerprint sensor detected."
-    return 1
-  fi
-  return 0
-}
-
-setup_pam_config() {
-  # Configure sudo
-  if ! grep -q pam_fprintd.so /etc/pam.d/sudo; then
-    print_info "Configuring sudo for fingerprint authentication..."
-    sudo sed -i '1i auth    sufficient pam_fprintd.so' /etc/pam.d/sudo
-  fi
-
-  # Configure polkit
-  if [[ -f /etc/pam.d/polkit-1 ]] && ! grep -q 'pam_fprintd.so' /etc/pam.d/polkit-1; then
-    print_info "Configuring polkit for fingerprint authentication..."
-    sudo sed -i '1i auth      sufficient pam_fprintd.so' /etc/pam.d/polkit-1
-  elif [[ ! -f /etc/pam.d/polkit-1 ]]; then
-    print_info "Creating polkit configuration with fingerprint authentication..."
-    sudo tee /etc/pam.d/polkit-1 >/dev/null <<'EOF'
-auth      sufficient pam_fprintd.so
-auth      required pam_unix.so
-
-account   required pam_unix.so
-password  required pam_unix.so
-session   required pam_unix.so
-EOF
-  fi
-}
-
-add_hyprlock_fingerprint_icon() {
-  print_info "Adding fingerprint icon to hyprlock placeholder text..."
-  sed -i 's/placeholder_text = .*/placeholder_text = <span> Enter Password 󰈷 <\/span>/' ~/.config/hypr/hyprlock.conf
-  sed -i 's/fingerprint:enabled = .*/fingerprint:enabled = true/' ~/.config/hypr/hyprlock.conf
-}
-
-remove_hyprlock_fingerprint_icon() {
-  print_info "Removing fingerprint icon from hyprlock placeholder text..."
-  sed -i 's/placeholder_text = .*/placeholder_text = Enter Password/' ~/.config/hypr/hyprlock.conf
-  sed -i 's/fingerprint:enabled = .*/fingerprint:enabled = false/' ~/.config/hypr/hyprlock.conf
-}
-
-remove_pam_config() {
-  # Remove from sudo
-  if grep -q pam_fprintd.so /etc/pam.d/sudo; then
-    print_info "Removing fingerprint authentication from sudo..."
-    sudo sed -i '/pam_fprintd\.so/d' /etc/pam.d/sudo
-  fi
-
-  # Remove from polkit
-  if [[ -f /etc/pam.d/polkit-1 ]] && grep -Fq 'pam_fprintd.so' /etc/pam.d/polkit-1; then
-    print_info "Removing fingerprint authentication from polkit..."
-    sudo sed -i '/pam_fprintd\.so/d' /etc/pam.d/polkit-1
-  fi
-}
+FEATURE_FILE="/etc/nixos/nomarchy-features/fingerprint.nix"
 
 if [[ "--remove" == $1 ]]; then
-  print_success "Removing fingerprint scanner from authentication.\n"
-
-  # Remove PAM configuration
-  remove_pam_config
-
-  # Remove fingerprint icon from hyprlock placeholder text
-  remove_hyprlock_fingerprint_icon
-
-  # Uninstall packages
-  print_info "Removing fingerprint packages..."
-  sudo pacman -Rns --noconfirm fprintd
-
-  print_success "Fingerprint authentication has been completely removed."
-else
-  print_success "Setting up fingerprint scanner for authentication.\n"
-
-  # Install required packages
-  print_info "Installing required packages..."
-  nomarchy-pkg-add fprintd usbutils
-
-  if ! check_fingerprint_hardware; then
-    exit 1
-  fi
-
-  # Configure PAM
-  setup_pam_config
-
-  # Add fingerprint icon to hyprlock placeholder text
-  add_hyprlock_fingerprint_icon
-
-  # Enroll first fingerprint
-  print_success "\nLet's setup your right index finger as the first fingerprint."
-  print_info "Keep moving the finger around on sensor until the process completes.\n"
-
-  if sudo fprintd-enroll "$USER"; then
-    print_success "\nFingerprint enrolled successfully!"
-
-    # Verify
-    print_info "\nNow let's verify that it's working correctly.\n"
-    if fprintd-verify; then
-      print_success "\nPerfect! Fingerprint authentication is now configured."
-      print_info "You can use your fingerprint for sudo, polkit, and lock screen (Super + Escape)."
+    if [ -f "$FEATURE_FILE" ]; then
+        sudo rm "$FEATURE_FILE"
+        echo "Removed $FEATURE_FILE."
+        echo "IMPORTANT: Remove './nomarchy-features/fingerprint.nix' from your imports and run 'sys-update'."
     else
-      print_error "\nVerification failed. You may want to try enrolling again."
+        echo "Fingerprint support not found."
     fi
-  else
-    print_error "\nEnrollment failed. Please try again."
-    exit 1
-  fi
+    exit 0
+fi
+
+if [ -f "$FEATURE_FILE" ]; then
+    echo "Fingerprint support is already configured in $FEATURE_FILE"
+else
+    sudo mkdir -p "/etc/nixos/nomarchy-features"
+    cat <<EOF | sudo tee "$FEATURE_FILE" > /dev/null
+{ config, pkgs, ... }:
+{
+  services.fprintd.enable = true;
+  # NixOS's fprintd module automatically configures PAM for login/sudo if enabled.
+}
+EOF
+    echo "Created $FEATURE_FILE."
+    echo "IMPORTANT: To finish enabling fingerprint support, add './nomarchy-features/fingerprint.nix' to your imports list in /etc/nixos/system.nix or /etc/nixos/flake.nix,"
+    echo "then run 'sys-update'."
+fi
+
+# Enrollment is still an imperative action
+if command -v fprintd-enroll &> /dev/null; then
+    echo "Let's enroll your fingerprint now."
+    fprintd-enroll "$USER"
+else
+    echo "fprintd-enroll not found. Please run 'sys-update' first if you just enabled it."
 fi