fix(impermanence): user must match created account, not hardcoded "nomarchy"

The persistence block at core/system/impermanence.nix:75 read `users.nomarchy = { directories = [...]; }` — the username was a literal, not a reference. For any user not literally named "nomarchy" the block was silently inert and ~/.ssh, ~/.gnupg, ~/.local/share/keyrings, Documents, Downloads, Pictures, Videos, Projects were wiped on every boot. Adds `nomarchy.system.impermanence.user` (str, default "nomarchy") and uses it via `users.${cfg.user}`. The installer now writes the chosen username alongside `enable` and `mainLuksName` so impermanence installs with non-default usernames are correct out of the box. docs/OPTIONS.md: fixes the wrong path on the impermanence row (documented `impermanence.enable`, real option is `nomarchy.system.impermanence.enable`) and adds entries for `mainLuksName` and `user`. Found during Pillar 8 audit of core/system modules.
2026-05-19 17:50:27 +01:00
parent 85ef8745d7
commit 99a6c7d547
3 changed files with 23 additions and 3 deletions
--- a/core/system/impermanence.nix
+++ b/core/system/impermanence.nix
@@ -24,6 +24,18 @@ in
        "crypted_main" on multi-disk installs to match the disko layout.
      '';
    };
+
+    user = lib.mkOption {
+      type = lib.types.str;
+      default = "nomarchy";
+      description = ''
+        Primary user whose home subset (.ssh, .gnupg, keyrings, common
+        directories) survives the rootfs wipe. Must match the user
+        created via `users.users.<name>` — otherwise the persistence
+        block is silently inert and the user's home directory is wiped
+        on every boot. The installer writes this for you.
+      '';
+    };
  };

  config = lib.mkIf cfg.enable {
@@ -72,7 +84,7 @@ in
        "/etc/machine-id"
        "/etc/supergfxd.conf"
      ];
-      users.nomarchy = {
+      users.${cfg.user} = {
        directories = [
          ".ssh"
          ".gnupg"