From a31023c03750acf88265a7f3675f036009798aaf Mon Sep 17 00:00:00 2001 From: Bernardo Magri Date: Mon, 6 Apr 2026 21:45:33 +0100 Subject: [PATCH] refactor: systemic refactor for FHS compliance, native systemd migration, and script hardening --- config/nomarchy/default/hypr/autostart.conf | 1 - modules/home/battery-monitor.nix | 34 +++++++++++++++++++++ modules/home/default.nix | 2 ++ modules/home/scripts.nix | 5 ++- modules/home/security.nix | 22 +++++++++++++ 5 files changed, 62 insertions(+), 2 deletions(-) create mode 100644 modules/home/battery-monitor.nix create mode 100644 modules/home/security.nix diff --git a/config/nomarchy/default/hypr/autostart.conf b/config/nomarchy/default/hypr/autostart.conf index 2df79df..8d37339 100644 --- a/config/nomarchy/default/hypr/autostart.conf +++ b/config/nomarchy/default/hypr/autostart.conf @@ -4,7 +4,6 @@ exec-once = uwsm-app -- waybar exec-once = uwsm-app -- fcitx5 --disable notificationitem exec-once = uwsm-app -- swaybg -i ~/.config/nomarchy/current/background -m fill exec-once = uwsm-app -- swayosd-server -exec-once = /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 exec-once = nomarchy-cmd-first-run # Slow app launch fix -- set systemd vars diff --git a/modules/home/battery-monitor.nix b/modules/home/battery-monitor.nix new file mode 100644 index 0000000..d646887 --- /dev/null +++ b/modules/home/battery-monitor.nix @@ -0,0 +1,34 @@ +{ pkgs, ... }: + +{ + systemd.user.services.nomarchy-battery-monitor = { + Unit = { + Description = "Nomarchy Battery Monitor Check"; + After = [ "graphical-session.target" ]; + }; + + Service = { + Type = "oneshot"; + # The script is packaged in nomarchy-scripts which is in the home profile + ExecStart = "nomarchy-battery-monitor"; + Environment = [ "DISPLAY=:0" ]; + LogLevelMax = "warning"; + }; + }; + + systemd.user.timers.nomarchy-battery-monitor = { + Unit = { + Description = "Nomarchy Battery Monitor Timer"; + }; + + Timer = { + OnBootSec = "1min"; + OnUnitActiveSec = "30sec"; + AccuracySec = "10sec"; + }; + + Install = { + WantedBy = [ "timers.target" ]; + }; + }; +} diff --git a/modules/home/default.nix b/modules/home/default.nix index e57f3f8..7a12a26 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -30,6 +30,8 @@ in ./scripts.nix ./configs.nix ./swayosd.nix + ./security.nix + ./battery-monitor.nix ]; colorScheme = lib.mkDefault (palettes.${config.nomarchy.theme} or palettes.nord); diff --git a/modules/home/scripts.nix b/modules/home/scripts.nix index d67f2e3..01141ea 100644 --- a/modules/home/scripts.nix +++ b/modules/home/scripts.nix @@ -41,7 +41,10 @@ let mkdir -p $out/bin find . -type f -exec cp {} $out/bin/ \; chmod +x $out/bin/* - + patchShebangs $out/bin + ''; + + postFixup = '' # Wrap every script to ensure dependencies are in PATH and inject configuration for file in $out/bin/*; do if [ -f "$file" ]; then diff --git a/modules/home/security.nix b/modules/home/security.nix new file mode 100644 index 0000000..67fbdfd --- /dev/null +++ b/modules/home/security.nix @@ -0,0 +1,22 @@ +{ pkgs, ... }: + +{ + systemd.user.services.polkit-gnome-authentication-agent-1 = { + Unit = { + Description = "Polkit GNOME Authentication Agent"; + After = [ "graphical-session.target" ]; + PartOf = [ "graphical-session.target" ]; + }; + + Service = { + ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; + Restart = "on-failure"; + RestartSec = 1; + TimeoutStopSec = 10; + }; + + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + }; +}