fix(impermanence): user must match created account, not hardcoded "nomarchy"

The persistence block at core/system/impermanence.nix:75 read `users.nomarchy = { directories = [...]; }` — the username was a literal, not a reference. For any user not literally named "nomarchy" the block was silently inert and ~/.ssh, ~/.gnupg, ~/.local/share/keyrings, Documents, Downloads, Pictures, Videos, Projects were wiped on every boot. Adds `nomarchy.system.impermanence.user` (str, default "nomarchy") and uses it via `users.${cfg.user}`. The installer now writes the chosen username alongside `enable` and `mainLuksName` so impermanence installs with non-default usernames are correct out of the box. docs/OPTIONS.md: fixes the wrong path on the impermanence row (documented `impermanence.enable`, real option is `nomarchy.system.impermanence.enable`) and adds entries for `mainLuksName` and `user`. Found during Pillar 8 audit of core/system modules.
2026-05-19 17:50:27 +01:00
parent bfd95cb40b
commit 749f970fb0
3 changed files with 23 additions and 3 deletions
--- a/installer/install.sh
+++ b/installer/install.sh
@@ -1459,7 +1459,7 @@ generate_flake_config() {
        if (( ${#_drives[@]} > 1 )); then
            _main_luks_name="crypted_main"
        fi
-        impermanence_opt=$'nomarchy.system.impermanence.enable = true;\n  nomarchy.system.impermanence.mainLuksName = "'"$_main_luks_name"$'";'
+        impermanence_opt=$'nomarchy.system.impermanence.enable = true;\n  nomarchy.system.impermanence.mainLuksName = "'"$_main_luks_name"$'";\n  nomarchy.system.impermanence.user = "'"$USERNAME"$'";'
    fi

    local PROFILE_SYSTEM_OPTS=""