From 95101fda3f2525d2101465af04106f014b2d7f14 Mon Sep 17 00:00:00 2001 From: Bernardo Magri Date: Tue, 19 May 2026 18:46:41 +0100 Subject: [PATCH] fix(sddm): default autoLogin off, not on with hardcoded "nomarchy" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `themes/engine/sddm.nix` defaulted `services.displayManager.autoLogin` to `enable = true; user = "nomarchy";` (both mkDefault). The installer flow overrode both with the real username at normal priority, so this was invisible there — but a hand-migrated user (per docs/MIGRATION.md) who imported `nomarchy.nixosModules.system` without setting `autoLogin.user` would auto-login as a nonexistent "nomarchy" user and SDDM would error. `docs/MIGRATION.md` even documented the override as a post-import chore. Flipped the default to `enable = lib.mkDefault false`. Installer generates `enable = true` directly so its flow is unchanged. Migration flow now gets the safe default — opt-in instead of opt-out — and the docs row is updated to reflect the new shape. The hardcoded "nomarchy" username fallback for `autoLogin.user` is the same class of bug as the impermanence persistence block was. A future roadmap row to consolidate "primary user" across impermanence, autoLogin, and any future modules might be worthwhile, but it's deferred — this commit is the immediate fix. Found during Pillar 8 audit of first-boot UX. --- docs/MIGRATION.md | 2 +- themes/engine/sddm.nix | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/MIGRATION.md b/docs/MIGRATION.md index b3ceb35..5d68162 100644 --- a/docs/MIGRATION.md +++ b/docs/MIGRATION.md @@ -210,7 +210,7 @@ and it's whichever has higher Nix priority. Fix these explicitly: | Graphics | `hardware.graphics.enable = true` (was `hardware.opengl`) | Probably already enabled — fine | | User groups | needs `video render networkmanager` | Add to your `users.users..extraGroups` | | `/etc/os-release` | `ID=nomarchy`, `NAME=Nomarchy` | A few third-party scripts grep `ID=nixos` — adjust them or rely on `ID_LIKE` (TBD) | -| autoLogin | `enable = true; user = "nomarchy";` (mkDefault) | Override with `services.displayManager.autoLogin.user = ""` or disable | +| autoLogin | `enable = false; user = "nomarchy";` (mkDefault) | Off by default — opt in with `services.displayManager.autoLogin = { enable = true; user = ""; };` if you want it | Impermanence is **off** unless you set `nomarchy.system.impermanence.enable = true`, and it requires a BTRFS layout with a `root-blank` snapshot. Don't enable it diff --git a/themes/engine/sddm.nix b/themes/engine/sddm.nix index 6e0e851..eb57ce7 100644 --- a/themes/engine/sddm.nix +++ b/themes/engine/sddm.nix @@ -27,8 +27,12 @@ in services.displayManager.defaultSession = lib.mkDefault "hyprland-uwsm"; + # autoLogin defaults off so hand-migrated configs (no installer-written + # username) don't try to log in as a nonexistent "nomarchy" user. The + # installer-generated system.nix sets both `enable = true;` and + # `user = "$USERNAME";` at normal priority, overriding these defaults. services.displayManager.autoLogin = { - enable = lib.mkDefault true; + enable = lib.mkDefault false; user = lib.mkDefault "nomarchy"; };