feat: make VM and live ISO match an installed Nomarchy

- Migrate VM and graphical ISO to home-manager.nixosModules.home-manager;
  drop the standalone-HM sudo-based activation script (ran HM against
  /root because HOME wasn't reset) in flake.nix, core/system/vm-guest.nix,
  hosts/live-iso.nix.
- Run swaybg as nomarchy-wallpaper.service instead of a silent Hyprland
  exec-once so failures surface in systemctl.
- Skip the battery monitor unit on hosts without /sys/class/power_supply/BAT*
  (VMs, desktops).
- Don't wrap walker --dmenu in uwsm-app; redirect setsid background std-fds
  in nomarchy-launch-walker so $(menu ...) in nomarchy-menu doesn't hang.
- Restart waybar/walker via systemctl --user rather than pkill + uwsm-app
  to stop the post-theme-switch color race.
- Wire nomarchy-restart-walker/-waybar into nomarchy-theme-set so themes
  that only change the imported CSS reload correctly.
- Waybar: pin #custom-nomarchy to the Nomarchy font and use the U+F000
  codepoint so the logo shows across all themes.
- Auto-install the correct icon-theme package per palette via a new
  nomarchyLib.iconThemePackage helper in lib/default.nix; Everforest now
  actually renders for summer-night.
- Pre-cache every theme's HM generation: new packages.allThemeVariants
  flake output and nomarchy-themes-prebuild script so theme switches are
  cache-only (no Stylix rebuild, no downloads).
- Add nomarchy-test-live-iso to boot the graphical ISO in QEMU the same
  way nomarchy-test-vm does, with virtio-gpu support added to live-iso.nix.
- Installer-generated home.nix/system.nix now ship a curated, commented
  app menu (btop/fastfetch/chromium on by default) plus optional system
  services (Docker, libvirtd, Tailscale, Syncthing, Flatpak, Steam).
- nomarchy-test-vm now wipes the stale nomarchy.qcow2 before launch.
- Remove obsolete GEMINI.md and PLAN.md.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

installer/install.sh

@@ -454,7 +454,8 @@ FLAKE_EOF
 }
 EOF
 
-    # system.nix
+    # system.nix — curated system-level options. Uncomment what you want and
+    # run \`sudo nixos-rebuild switch --flake /etc/nixos#default\` to apply.
     cat > /mnt/etc/nixos/system.nix << EOF
 { pkgs, ... }:
 {
@@ -462,8 +463,18 @@ EOF
 
   $impermanence_opt
 
+  # System-wide packages. Most tools belong in home.nix instead — only put
+  # things here that need to be available to all users or to root (e.g. CLI
+  # tools used by sudo, system admin utilities).
   environment.systemPackages = with pkgs; [
     home-manager
+    # --- CLI tools useful as root ---
+    # wget
+    # curl
+    # rsync
+    # htop
+    # tree
+    # tmux
   ];
 
   services.displayManager.autoLogin.enable = true;
@@ -475,20 +486,111 @@ EOF
     extraGroups = [ "networkmanager" "wheel" "video" "audio" "render" ];
   };
 
+  # --- Optional system services ---
+  # Uncomment to enable. Some require extra groups on your user (see below).
+
+  # Containers / virtualization
+  # virtualisation.docker.enable = true;       # adds "docker" group
+  # virtualisation.libvirtd.enable = true;     # adds "libvirtd" group — needed for virt-manager
+
+  # Networking / sync
+  # services.tailscale.enable = true;
+  # services.syncthing = {
+  #   enable = true;
+  #   user = "$USERNAME";
+  #   dataDir = "/home/$USERNAME";
+  # };
+
+  # Printing
+  # services.printing.enable = true;
+
+  # Flatpak (alternative app delivery)
+  # services.flatpak.enable = true;
+  # xdg.portal.enable = true;
+
+  # Gaming (system-level — pairs with home.packages.steam)
+  # programs.steam.enable = true;
+  # programs.gamemode.enable = true;
+
   system.stateVersion = "25.11";
 }
 EOF
 
-    # home.nix (empty for user customization)
+    # home.nix — curated app menu. Uncomment what you want and run
+    # `nomarchy-env-update` to apply.
     cat > /mnt/etc/nixos/home.nix << 'EOF'
 { pkgs, ... }:
 {
-  # Add your personal packages here
+  # User-level packages (Home Manager).
+  #
+  # Nomarchy already ships a minimal desktop (firefox, thunar, mpv, imv, mako,
+  # hyprlock, swww, wl-clipboard, grim, slurp, rofi-wayland, etc.). The list
+  # below is a menu of extras — uncomment what you want and run
+  # `nomarchy-env-update`.
   home.packages = with pkgs; [
-    # example: firefox thunderbird libreoffice
+    # --- Enabled by default ---
+    btop                # Resource monitor (TUI)
+    fastfetch           # System info at login
+    chromium            # Secondary browser
+
+    # --- Editors & dev ---
+    # vscode
+    # jetbrains.idea-community
+    # neovide
+    # zed-editor
+    # lazygit
+    # gh                  # GitHub CLI
+    # docker-compose
+    # postman
+    # dbeaver-bin
+
+    # --- Productivity ---
+    # obsidian
+    # libreoffice
+    # thunderbird
+    # zathura             # PDF viewer
+    # zotero
+    # xournalpp
+
+    # --- Media ---
+    # vlc
+    # obs-studio
+    # gimp
+    # inkscape
+    # kdenlive
+    # spotify
+    # audacity
+    # yt-dlp
+
+    # --- Comms ---
+    # discord
+    # telegram-desktop
+    # signal-desktop
+    # slack
+    # zoom-us
+
+    # --- Security ---
+    # keepassxc
+    # bitwarden-desktop
+    # _1password-gui
+
+    # --- Gaming ---
+    # steam
+    # lutris
+    # heroic
+
+    # --- CLI / utilities ---
+    # ripgrep
+    # fd
+    # bat
+    # eza
+    # zoxide
+    # fzf
+    # httpie
+    # tldr
   ];
 
-  # Add your personal home-manager configuration here
+  # Extra Home Manager modules go here (program configs, services, etc.).
 }
 EOF
 }
@@ -510,6 +612,9 @@ finish() {
     echo "  3. Log in with username: $USERNAME"
     echo "  4. Your configuration is at /etc/nixos/"
     echo ""
+    echo "Tip: run 'nomarchy-themes-prebuild' once to pre-cache every theme"
+    echo "     variant. Theme switches after that are instant (no rebuild)."
+    echo ""
 
     if nrun gum confirm "Reboot now?"; then
         reboot