refactor: systemic refactor for FHS compliance, native systemd migration, and script hardening

config/nomarchy/default/hypr/autostart.conf

@@ -4,7 +4,6 @@ exec-once = uwsm-app -- waybar
 exec-once = uwsm-app -- fcitx5 --disable notificationitem
 exec-once = uwsm-app -- swaybg -i ~/.config/nomarchy/current/background -m fill
 exec-once = uwsm-app -- swayosd-server
-exec-once = /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1
 exec-once = nomarchy-cmd-first-run
 
 # Slow app launch fix -- set systemd vars

modules/home/battery-monitor.nix

@@ -0,0 +1,34 @@
+{ pkgs, ... }:
+
+{
+  systemd.user.services.nomarchy-battery-monitor = {
+    Unit = {
+      Description = "Nomarchy Battery Monitor Check";
+      After = [ "graphical-session.target" ];
+    };
+
+    Service = {
+      Type = "oneshot";
+      # The script is packaged in nomarchy-scripts which is in the home profile
+      ExecStart = "nomarchy-battery-monitor";
+      Environment = [ "DISPLAY=:0" ];
+      LogLevelMax = "warning";
+    };
+  };
+
+  systemd.user.timers.nomarchy-battery-monitor = {
+    Unit = {
+      Description = "Nomarchy Battery Monitor Timer";
+    };
+
+    Timer = {
+      OnBootSec = "1min";
+      OnUnitActiveSec = "30sec";
+      AccuracySec = "10sec";
+    };
+
+    Install = {
+      WantedBy = [ "timers.target" ];
+    };
+  };
+}

modules/home/default.nix

@@ -30,6 +30,8 @@ in
     ./scripts.nix
     ./configs.nix
     ./swayosd.nix
+    ./security.nix
+    ./battery-monitor.nix
   ];
 
   colorScheme = lib.mkDefault (palettes.${config.nomarchy.theme} or palettes.nord);

modules/home/scripts.nix

@@ -41,7 +41,10 @@ let
       mkdir -p $out/bin
       find . -type f -exec cp {} $out/bin/ \;
       chmod +x $out/bin/*
-      
+      patchShebangs $out/bin
+    '';
+
+    postFixup = ''
       # Wrap every script to ensure dependencies are in PATH and inject configuration
       for file in $out/bin/*; do
         if [ -f "$file" ]; then

modules/home/security.nix

@@ -0,0 +1,22 @@
+{ pkgs, ... }:
+
+{
+  systemd.user.services.polkit-gnome-authentication-agent-1 = {
+    Unit = {
+      Description = "Polkit GNOME Authentication Agent";
+      After = [ "graphical-session.target" ];
+      PartOf = [ "graphical-session.target" ];
+    };
+
+    Service = {
+      ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+      Restart = "on-failure";
+      RestartSec = 1;
+      TimeoutStopSec = 10;
+    };
+
+    Install = {
+      WantedBy = [ "graphical-session.target" ];
+    };
+  };
+}