feat: Tier 1 system features — snapper, hibernate, containers, libvirt, keyring

Five opt-in modules lifted from bernardo/nixos and adapted to Nomarchy's nomarchy.system.* option namespace. All default off (except keyring which defaults on); evaluation of the existing VM/ISO is unchanged when the toggles are unset. - core/system/snapper.nix: BTRFS timeline snapshots (5h/7d), nixos-rebuild-snap wrapper that pre-snaps before each switch using the running hostname. Auto-skips when / isn't BTRFS so impermanence/non-BTRFS hosts are safe. - core/system/hibernate.nix: suspend-then-hibernate on lid/idle/power-key with configurable idleMinutes (default 30). Description warns swap is required. - core/system/containers.nix: rootless Podman with dockerCompat + dns + podman-compose, podman-tui, dive. Better default than the docker daemon for a desktop distro. - core/system/virtualization.nix: extends the existing uwsm/Hyprland file with a libvirt + virt-manager + OVMF branch behind nomarchy.system.virtualization.libvirt.enable. - core/system/pam.nix: GNOME Keyring auto-unlock at SDDM/login/hyprlock plus gcr-ssh-agent so SSH keys flow through the keyring instead of a separate ssh-agent. Default on. - core/system/options.nix: declares the five new options. - core/system/default.nix: imports the four new files. - installer/install.sh: surfaces all five toggles as commented one-liners in the "Optional Nomarchy modules" section of the generated system.nix. Verified via the existing dry-run / generator smoke test. Verified each toggle lights up the right NixOS option (services.snapper, logind IdleAction, virtualisation.podman/libvirtd, pam.sddm.enableGnomeKeyring) via nix eval against extendModules. VM and live-ISO toplevels still build. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-25 11:18:15 +01:00
parent 220fc7f699
commit 4ddc91b930
8 changed files with 208 additions and 1 deletions
--- a/core/system/options.nix
+++ b/core/system/options.nix
@@ -51,5 +51,56 @@
      default = "summer-night";
      description = "Selected system theme.";
    };
+
+    # ----- Tier 1 system features (all opt-in, no behavioural change off) ---
+
+    snapper = {
+      enable = lib.mkEnableOption ''
+        Snapper-driven BTRFS timeline snapshots of `/`. Auto-disables when
+        `/` isn't BTRFS. Includes a `nixos-rebuild-snap` wrapper that takes
+        a "Pre-rebuild" snapshot before each switch.
+      '';
+    };
+
+    hibernation = {
+      enable = lib.mkEnableOption ''
+        suspend-then-hibernate (lid close, idle, power button). NOTE: this
+        requires a disk swap device or swapfile sized to at least RAM —
+        zRAM alone is not enough.
+      '';
+      idleMinutes = lib.mkOption {
+        type = lib.types.int;
+        default = 30;
+        description = "Idle minutes before suspend-then-hibernate fires.";
+      };
+    };
+
+    containers = {
+      enable = lib.mkEnableOption ''
+        Rootless Podman with Docker compatibility (`docker` → `podman`),
+        plus podman-compose, podman-tui and dive.
+      '';
+    };
+
+    virtualization = {
+      libvirt = {
+        enable = lib.mkEnableOption ''
+          libvirt daemon + virt-manager + OVMF. The user must be in the
+          `libvirtd` group.
+        '';
+      };
+    };
+
+    keyring = {
+      enable = lib.mkOption {
+        type = lib.types.bool;
+        default = true;
+        description = ''
+          Auto-unlock GNOME Keyring at SDDM/Hyprland login and route SSH
+          keys through `gcr-ssh-agent`. Default on — near-universal QoL
+          improvement.
+        '';
+      };
+    };
  };
 }