fix(impermanence): user must match created account, not hardcoded "nomarchy"

The persistence block at core/system/impermanence.nix:75 read
`users.nomarchy = { directories = [...]; }` — the username was a
literal, not a reference. For any user not literally named "nomarchy"
the block was silently inert and ~/.ssh, ~/.gnupg, ~/.local/share/keyrings,
Documents, Downloads, Pictures, Videos, Projects were wiped on every boot.

Adds `nomarchy.system.impermanence.user` (str, default "nomarchy") and
uses it via `users.${cfg.user}`. The installer now writes the chosen
username alongside `enable` and `mainLuksName` so impermanence installs
with non-default usernames are correct out of the box.

docs/OPTIONS.md: fixes the wrong path on the impermanence row
(documented `impermanence.enable`, real option is
`nomarchy.system.impermanence.enable`) and adds entries for
`mainLuksName` and `user`.

Found during Pillar 8 audit of core/system modules.

core/system/impermanence.nix

@@ -24,6 +24,18 @@ in
         "crypted_main" on multi-disk installs to match the disko layout.
       '';
     };
+
+    user = lib.mkOption {
+      type = lib.types.str;
+      default = "nomarchy";
+      description = ''
+        Primary user whose home subset (.ssh, .gnupg, keyrings, common
+        directories) survives the rootfs wipe. Must match the user
+        created via `users.users.<name>` — otherwise the persistence
+        block is silently inert and the user's home directory is wiped
+        on every boot. The installer writes this for you.
+      '';
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -72,7 +84,7 @@ in
         "/etc/machine-id"
         "/etc/supergfxd.conf"
       ];
-      users.nomarchy = {
+      users.${cfg.user} = {
         directories = [
           ".ssh"
           ".gnupg"

docs/OPTIONS.md

@@ -153,10 +153,18 @@ Without prime config, supergfxd still switches modes but render-offload via `nvi
 
 `bool`, default `false`. Intel IPU7 camera support (kernel modules + firmware).
 
-### `impermanence.enable`
+### `nomarchy.system.impermanence.enable`
 
 `bool`, default `false`. Erase Your Darlings root wipe on boot. Defined in `core/system/impermanence.nix`. The installer writes the flag based on the impermanence prompt.
 
+### `nomarchy.system.impermanence.mainLuksName`
+
+`str`, default `"crypted"`. Name of the `/dev/mapper` entry holding the BTRFS root. The disko layout uses `"crypted"` on single-disk installs and `"crypted_main"` once multiple drives are selected — the installer writes the matching value automatically.
+
+### `nomarchy.system.impermanence.user`
+
+`str`, default `"nomarchy"`. Primary user whose home subset (`.ssh`, `.gnupg`, `.local/share/keyrings`, `Documents`, `Downloads`, `Pictures`, `Videos`, `Projects`) survives the rootfs wipe. Must match the user created via `users.users.<name>` — otherwise the persistence block is silently inert and the user's home directory is wiped on every boot. The installer writes this for you.
+
 ---
 
 ## Home Manager options (`home.nix`)

installer/install.sh

@@ -1459,7 +1459,7 @@ generate_flake_config() {
         if (( ${#_drives[@]} > 1 )); then
             _main_luks_name="crypted_main"
         fi
-        impermanence_opt=$'nomarchy.system.impermanence.enable = true;\n  nomarchy.system.impermanence.mainLuksName = "'"$_main_luks_name"$'";'
+        impermanence_opt=$'nomarchy.system.impermanence.enable = true;\n  nomarchy.system.impermanence.mainLuksName = "'"$_main_luks_name"$'";\n  nomarchy.system.impermanence.user = "'"$USERNAME"$'";'
     fi
 
     local PROFILE_SYSTEM_OPTS=""