Several installer reliability fixes that were left uncommitted:
- Impermanence + multi-disk LUKS: disko-config.nix names the main LUKS
mapping `crypted` for single-disk and `crypted_main` once extraDrives is
non-empty. The impermanence rollback hook used to hardcode `crypted`,
which made every multi-disk install fail to mount root in initrd. Added
a `nomarchy.system.impermanence.mainLuksName` option and wired the
installer to write the correct value into the generated system.nix
based on the drive count.
- Password no longer cleartext in /etc/nixos: installer now hashes the
user password with `mkpasswd -m sha-512` and emits
`initialHashedPassword` instead of `initialPassword`. Added mkpasswd to
the live ISO. Cleartext is unset immediately after hashing.
USER_PASSWORD_HASH is deliberately not persisted in --resume state —
configure_user re-prompts on resume.
- Revision pinning that actually works on the live ISO: `inputs.self`
strips .git in the Nix store copy, so `git rev-parse HEAD` would silently
return empty on a real install and the generated flake would track main.
Live ISO now writes `/etc/nomarchy-rev` from `inputs.self.rev` at build
time; install.sh reads it first, falls back to git, and aborts with a
loud confirmation prompt if both are empty (instead of silently
installing an unpinned system).
- Generated `/mnt/etc/nixos/state.json`: toggle scripts (nomarchy-tz-select,
nomarchy-setup-{fido2,fingerprint}, nomarchy-toggle-hybrid-gpu,
nomarchy-wifi-powersave) `jq` this file in place and fail hard if it
doesn't exist. Fresh installs now ship a schema-conformant file matching
lib/state-schema.nix.
- Unmount /mnt before exiting `finish()` regardless of reboot choice. Clean
unmount avoids dirty BTRFS on reboot; on "no", leaving /mnt mounted
blocked a second installer run on the same live ISO.
- Removed obsolete `installer/disko-btrfs-luks.nix` (superseded by
`disko-config.nix` per commit 3aadc36) and dropped its dangling
`docs/STRUCTURE.md` reference.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- installer: set recursive ownership of /etc/nixos to main user post-install
- themes: fix NOMARCHY_PATH and discovery logic for Lua theme menu
- scripts: update CLI wrappers (font, theme, wallpaper) to use Walker menus
- core: remove obsolete NOMARCHY_PATH and cleanup dead code
- features: add pkgs.lua for Walker and remove obsolete switcher.nix
- docs: update ROADMAP.md, SCRIPTS.md and STRUCTURE.md
The post-install standalone HM activation kept failing in new ways
(daemon access, git ownership, missing PATH on first boot). Wire HM as
a NixOS module in the generated flake instead, so first-boot dotfiles
are activated by `nixos-install` itself with proper system context. The
standalone `homeConfigurations.<user>` is kept alongside for fast
iteration via `nomarchy-env-update`. Also:
- Drop the chroot HM activation block from the installer entirely.
- Move `nomarchy-env-update` from `features/scripts/utils/` to
`core/system/scripts/` so it ships in `nomarchy-system-scripts` and
exists on a freshly-installed system regardless of HM state.
- Set system-wide git `safe.directory` for /etc/nixos and the
impermanence-relocated /persist/etc/nixos so the user-mode HM run
doesn't trip on the root-owned flake repo.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Pass --yes-wipe-all-disks to disko so the silent gum-spin path no
longer hangs forever waiting on a hidden "yes" confirmation prompt
(added in disko 1.13's destroy,format,mount mode).
- Stop threading an externally-built pkgs into the user flake's
nixosSystem; configure nixpkgs through the module system instead so
core/system/default.nix's nixpkgs.config.allowUnfree stops conflicting
with the assertion "system configures nixpkgs with an externally
created instance".
- Enable boot.loader.systemd-boot in the generated system.nix so the
installed system has an actual bootloader (disko already lays out a
1 GiB ESP at /boot).
- Bump nix.settings.download-buffer-size to 512 MiB to silence the
"download buffer is full" warning on large NAR fetches.
- Activate home-manager via `runuser -l` instead of `runuser -u … --
env HOME=…`. The latter only switches uid and leaves \$USER=root, so
HM's activation script saw root, warned, and wrote dotfiles into
/root/ — meaning the user's first login had no Hyprland config.
- Revert default Hyprland monitor line back to highres (live ISO and
user default) — preferred falls back to EDID's 1024x768 in QEMU and
on several laptop panels, which is the bug highres was put there to
defeat.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Fix critical bash dynamic scoping bug in install.sh (Impermanence/Form Factor).
- Polished Live ISO with auto-login and passwordless sudo.
- Repurposed nomarchy-toggle-suspend to directly execute systemctl suspend.
- Updated nomarchy-launch-wifi to use nmtui in alacritty.
- Optimized nomarchy-welcome to avoid redundant rebuilds via --no-update flag.
- Enabled nomarchy-welcome in Hyprland autostart.
- Wrapped Live ISO-modifying steps in welcome wizard to prevent failures.
- Removed obsolete hardware auto-detection from nomarchy-on-boot.
- Hardened script doc generator against false-positive wildcard tokens.
- Regenerated docs/SCRIPTS.md and updated docs/ROADMAP.md.
Set boot.kernelPackages to pkgs.linuxPackages_latest by default. This ensures Nomarchy users benefit from the latest hardware support and security features in the mainline kernel.
Sweep across the three script directories: features/scripts/utils,
core/system/scripts, themes/engine/scripts. 142 of 169 bash scripts
gained `set -e`; 27 already had it; the one Python helper
(nomarchy-haptic-touchpad) was skipped via shebang detection.
Why: bash's default behavior is to continue past a failed command,
which means a script that does "do A; do B; do C" leaves the system
in a half-applied state when B fails - and the user gets no signal.
Several recent fix commits (theme partial-apply, waybar reload race,
installer prewipe silent failures) all trace back to this. set -e
turns silent corruption into a loud abort the user can act on.
The 11 scripts with explicit `|| true` markers stay safe under set -e
because || true coerces the exit to zero; the markers continue to
mean "I deliberately tolerate this failure here."
Deliberate exception: nomarchy-menu runs WITHOUT set -e. It is an
interactive UX loop where action branches do `cmd; back_to <self>`
so a failed action would abort the script under set -e and the menu
would disappear without feedback. Soft-failure - menu re-displays,
user picks again - is the right semantic. Documented inline.
Validation: bash -n on every modified script (zero failures). The
new pre-commit hook (27f5663) was just updated to filter by shebang
so it doesn't try to bash-syntax-check the Python helper - that
filter was uncovered by this sweep.
Risk: set -e can surface latent bugs in scripts that previously
relied on silent continuation. If anything breaks, it's a real bug
that was already broken and is now visible. Easy per-script revert
if any UX glitches show up.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Rename installerIso and installerIsoGraphical to nomarchy-installer and nomarchy-live.
- Update host configurations with proper Nomarchy branding and volume IDs.
- Fix nomarchy-test-live-iso QEMU launch by using -drive if=pflash for UEFI firmware.
- Add nomarchy-build-live-iso utility script.
- Scrub remaining Omarchy references in Plymouth, installer messages, and docs.
- Regenerate docs/SCRIPTS.md to reflect new and renamed utilities.
Opt-in `nomarchy.system.gaming.enable` (default false). Wires
`programs.steam` (with `remotePlay` and `localNetworkGameTransfers`
firewall holes opened via `mkDefault`), `programs.gamemode` (the
launching user must be in the `gamemode` group), and
`services.flatpak`.
Two pieces of the original roadmap entry split into separate
Next-column rows so the system-side preset ships now:
1. Hyprland fullscreen-on-Steam-launch window rule (home-side).
2. Declarative flathub remote (nixpkgs has no API for this; needs
either an overlay or a one-shot systemd unit).
The flatpak service is enabled but the user must add flathub
manually after first boot — documented in OPTIONS.md.
Opt-in `nomarchy.system.accessibility.enable` (default false —
accessibility is a personal preference, not hardware-derived). Wires
`services.gnome.at-spi2-core`, installs `pkgs.orca`, and sets
`XCURSOR_SIZE` to a configurable `accessibility.cursorSize` (default
32, up from NixOS's 24).
The original roadmap entry bundled Hyprland-side bits (slower
key-repeat, Orca launch keybinding, high-contrast palette). Those
require touching home-manager / theme files and a new palette
directory; split into a separate Next-column row so the system-side
preset ships now and the desktop integration follows independently.
Mirror of the laptop preset for the desktop form factor. New
`nomarchy.system.desktop.enable` defaults to `formFactor == "desktop"`,
so the installer's existing formFactor write auto-flips it on without
installer changes (same pattern as laptop).
The module pins `powerManagement.cpuFreqGovernor` to `"performance"`
(via mkDefault) and enables `services.zfs.{autoScrub,trim}` so a
future ZFS pool gets sensible maintenance for free. The ZFS knobs are
no-ops until the user adds zfs to `boot.supportedFilesystems`.
Battery widget filtering is already driven by `formFactor` itself in
`features/desktop/waybar/default.nix`, so the preset doesn't repeat
it. Closes the "Desktop preset module" Next item.
New `nomarchy.system.laptop.{enable,thermald}` options. `enable`
defaults to `formFactor == "laptop"`, so the installer's existing
formFactor write auto-flips the preset on without installer changes.
The module wires TLP (governors + 75/80 charge thresholds),
force-disables power-profiles-daemon (mutually exclusive with TLP),
enables upower and thermald (x86_64), adds the brightnessctl udev
rule so the existing brightness scripts work without root, and sets
a logind lid-switch policy that resolves to suspend-then-hibernate
when `hibernation.enable` is on, plain suspend otherwise.
Closes the "Form-factor → laptop preset auto-enable" Now item and
the "Laptop preset module" Next item from docs/ROADMAP.md in one
change.
- Implement nomarchy-skill, nomarchy-manual, nomarchy-backup, nomarchy-install
- Implement nomarchy-install-docker-dbs (stub)
- Port nomarchy-docs-keybindings and nomarchy-docs-scripts to packaged scripts
- Add installerVm to flake.nix nixosConfigurations, packages, and apps
- Update nomarchy-test-installer to use nix run .#installerVm
- Add docker support to virtualization.nix and options.nix
- Add glow to script dependencies
- Finalize docs/SCRIPTS.md update
- Move 18 Hyprland/desktop scripts from features/desktop/scripts/ to packaged directories
- Add nomarchy.hardware.fwupd option (default false) and enable service
- Implement nomarchy-update-firmware wrapper for fwupdmgr
- Add hyprland, swayosd, and fwupd to nomarchy-system-scripts dependencies
- Update docs/SCRIPTS.md with 'kept' status for ported scripts
Phase B verdict on four core/system/scripts/nomarchy-hw-* entries
flagged `unused?` in the Phase A inventory. Wide grep confirmed
the only references were the audit doc itself.
Removed:
- nomarchy-hw-framework16 (superseded by `nomarchy-hw-match "Laptop 16"`
in nomarchy-on-boot)
- nomarchy-hw-surface (no caller; "Surface" string would route
through nomarchy-hw-match if needed)
- nomarchy-hw-intel (no caller; vendor detection isn't a public
API — installer/hardware-db.sh handles install-time dispatch and
nomarchy.hardware.* options handle build-time)
- nomarchy-hw-intel-ptl (same — Panther Lake GPU detection isn't
used anywhere)
Kept: nomarchy-hw-match (the dispatcher), nomarchy-hw-asus-rog
(called by nomarchy-on-boot), nomarchy-hw-vulkan (called by
nomarchy-voxtype-install).
SCRIPTS.md regenerated: unused? 40 → 36; nix flake check clean.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- autostart nm-applet --indicator under uwsm-app
- install networkmanagerapplet system-wide
- swap Nautilus for Thunar in file-manager bindings
- close-window bound to SUPER+Q (was SUPER+W)
- switch the active monitor preset from retina/2x to 1x 1080p/1440p
- summer-night waybar: drop custom/battery + backlight from modules-right
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Installer prompts for keyboard layout (with optional variant) and locale
via curated short list + Other… fallback into the full localectl list;
applies to the live session immediately (loadkeys + hyprctl) so the
rest of the install types correctly. Generated system.nix emits
console.keyMap, i18n.defaultLocale, and services.xserver.xkb.{layout,
variant}.
- New nomarchy.{system,}.formFactor enum (laptop|desktop, default laptop).
Installer auto-detects via /sys/class/power_supply/BAT* and lets the
user flip the answer. Waybar drops the battery widget on desktop;
battery-monitor service is gated on the same option.
- Lift waybar tray out of the collapsed group/tray-expander in the default
theme so nm-applet's icon is visible without expanding the drawer.
- Live ISOs (TTY + graphical) get baseline mkDefault keyMap/locale so the
installer's runtime override always wins.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Tier A removals — small, half-wired modules nobody had asked for:
- makima (Copilot-key remapper): drop core/system/makima.nix, the
features/apps/makima/ keyboard.toml, the nomarchy-restart-makima script,
the `nomarchy.system.features.makima` option, the state-file binding,
the import in core/system/default.nix, and the "Key Remapping" entry
in nomarchy-menu. ~50 LoC + a service nobody asked for.
- Typora theme dir (core/home/config/Typora/) — Typora is a paid tool
Nomarchy doesn't even ship; the SUPER+SHIFT+W keybinding pointed at a
binary that wasn't on PATH.
- xournalpp settings (core/home/config/xournalpp/) — referenced
/usr/share paths that don't exist on NixOS.
- core/home/config/environment.d/fcitx.conf — manual env vars are
redundant once fcitx5 routes through NixOS's i18n.inputMethod.
Optionalization — three half-wired features now sit behind explicit
toggles, all default off (except keyring which keeps its existing
default-on):
- nomarchy.system.inputMethod.enable: new core/system/input-method.nix
uses NixOS's i18n.inputMethod with fcitx5 + mozc/chinese/table addons.
Drops the Hyprland exec-once line — i18n.inputMethod handles autostart.
- nomarchy.system.voxtype.enable: marker option for users who install
voxtype out-of-band (it's not in nixpkgs). Today it just documents
intent; the existing keybinding + waybar widget no-op gracefully.
- nomarchy.apps.opencode.enable: gates the existing
features/apps/opencode/default.nix xdg.configFile so the opencode
config only deploys when the user opts in.
Installer:
- system.nix and home.nix templates now surface the new toggles in their
"Optional Nomarchy modules" comment blocks.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Five opt-in modules lifted from bernardo/nixos and adapted to Nomarchy's
nomarchy.system.* option namespace. All default off (except keyring which
defaults on); evaluation of the existing VM/ISO is unchanged when the
toggles are unset.
- core/system/snapper.nix: BTRFS timeline snapshots (5h/7d), nixos-rebuild-snap
wrapper that pre-snaps before each switch using the running hostname.
Auto-skips when / isn't BTRFS so impermanence/non-BTRFS hosts are safe.
- core/system/hibernate.nix: suspend-then-hibernate on lid/idle/power-key
with configurable idleMinutes (default 30). Description warns swap is
required.
- core/system/containers.nix: rootless Podman with dockerCompat + dns +
podman-compose, podman-tui, dive. Better default than the docker daemon
for a desktop distro.
- core/system/virtualization.nix: extends the existing uwsm/Hyprland file
with a libvirt + virt-manager + OVMF branch behind
nomarchy.system.virtualization.libvirt.enable.
- core/system/pam.nix: GNOME Keyring auto-unlock at SDDM/login/hyprlock
plus gcr-ssh-agent so SSH keys flow through the keyring instead of a
separate ssh-agent. Default on.
- core/system/options.nix: declares the five new options.
- core/system/default.nix: imports the four new files.
- installer/install.sh: surfaces all five toggles as commented one-liners
in the "Optional Nomarchy modules" section of the generated system.nix.
Verified via the existing dry-run / generator smoke test.
Verified each toggle lights up the right NixOS option (services.snapper,
logind IdleAction, virtualisation.podman/libvirtd, pam.sddm.enableGnomeKeyring)
via nix eval against extendModules. VM and live-ISO toplevels still build.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Hardware:
- New installer/hardware-db.sh: flat regex table mapping sys_vendor +
product_name to nixos-hardware modules (Framework, Dell, Lenovo, Surface,
ASUS, Apple T2, System76).
- install.sh:select_hardware now auto-detects CPU vendor, GPU vendor, chassis
type, and known model, then offers Accept / Add / Override. Manual menu
retained as a fallback.
- Fixes a latent bug where HARDWARE_MODULES used literal "\n" inside a
heredoc, producing invalid Nix.
Downstream flake:
- Capture the running Nomarchy commit and pin `nomarchy.url` to it so the
installed system can't drift onto a newer breaking main.
- Prompt for a real hostname; nixosConfigurations.<hostname> replaces the
generic .default. networking.hostName lands in system.nix.
- Generated flake now derives a single `pkgs` from nixpkgs + Nomarchy's
`overlays.default` and shares it between nixosSystem and the standalone
homeManagerConfiguration so dotfile-fast-iteration with nomarchy-env-update
stays separate from `nixos-rebuild` while still seeing Nomarchy packages.
- `nix flake lock` runs in /mnt/etc/nixos before nixos-install so first boot
consumes the resolved set.
- Post-install, run home-manager switch inside `nixos-enter` via runuser so
the user's first login already has dotfiles. Failure is non-fatal.
Disk layout:
- /boot bumped to 1 GiB (was 512 MiB; tight with multi-generation kernels).
- New @snapshots subvolume at /.snapshots for snapper/btrbk/rollback.
- LUKS passphrase moved from /tmp/secret.key to /dev/shm/nomarchy-luks.key
(tmpfs), shredded after disko, LUKS_PASSWORD unset.
Branding:
- New core/system/branding.nix sets system.nixos.distroId = "nomarchy" and
distroName = "Nomarchy". /etc/os-release now reports Nomarchy, so fastfetch
and other os-release readers show the right name.
Cleanup:
- flake.nix exposes `overlays.default = nomarchyOverlay` for downstream use.
- Trailing duplicated `main "$@"` + orphan `}` removed from install.sh.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Migrate VM and graphical ISO to home-manager.nixosModules.home-manager;
drop the standalone-HM sudo-based activation script (ran HM against
/root because HOME wasn't reset) in flake.nix, core/system/vm-guest.nix,
hosts/live-iso.nix.
- Run swaybg as nomarchy-wallpaper.service instead of a silent Hyprland
exec-once so failures surface in systemctl.
- Skip the battery monitor unit on hosts without /sys/class/power_supply/BAT*
(VMs, desktops).
- Don't wrap walker --dmenu in uwsm-app; redirect setsid background std-fds
in nomarchy-launch-walker so $(menu ...) in nomarchy-menu doesn't hang.
- Restart waybar/walker via systemctl --user rather than pkill + uwsm-app
to stop the post-theme-switch color race.
- Wire nomarchy-restart-walker/-waybar into nomarchy-theme-set so themes
that only change the imported CSS reload correctly.
- Waybar: pin #custom-nomarchy to the Nomarchy font and use the U+F000
codepoint so the logo shows across all themes.
- Auto-install the correct icon-theme package per palette via a new
nomarchyLib.iconThemePackage helper in lib/default.nix; Everforest now
actually renders for summer-night.
- Pre-cache every theme's HM generation: new packages.allThemeVariants
flake output and nomarchy-themes-prebuild script so theme switches are
cache-only (no Stylix rebuild, no downloads).
- Add nomarchy-test-live-iso to boot the graphical ISO in QEMU the same
way nomarchy-test-vm does, with virtio-gpu support added to live-iso.nix.
- Installer-generated home.nix/system.nix now ship a curated, commented
app menu (btop/fastfetch/chromium on by default) plus optional system
services (Docker, libvirtd, Tailscale, Syncthing, Flatpak, Steam).
- nomarchy-test-vm now wipes the stale nomarchy.qcow2 before launch.
- Remove obsolete GEMINI.md and PLAN.md.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Add 'nixpkgs.config.allowUnfree = true' to core/system/default.nix for global NixOS configuration.
- Add 'nixpkgs.config.allowUnfree = true' to features/default.nix for Home Manager package set.
- This resolves evaluation errors when VS Code is included in the build.
- Move 32+ app-specific scripts from features/apps/scripts/ to features/scripts/utils/ for centralized packaging.
- Create individual Nix modules for orphaned app configurations (btop, kitty, tmux, etc.) in features/apps/ using xdg.configFile.
- Fix broken paths in core/system/makima.nix and features/apps/vscode.nix.
- Update VSCode configuration to use the modern 'profiles.default.userSettings' API, resolving deprecation warnings.
- Merge duplicate 'nomarchy-launch-walker' scripts into a single robust utility.
- Remove stale root 'config/' directory.
- Update README.md and docs/creating-themes.md to reflect the new architecture and keybindings.
- Ensure all modules are correctly imported and verified via nix flake check.
- Fix QEMU syntax and root filesystem conflicts in vm-guest.nix.
- Repair numerous broken relative paths and imports across the codebase.
- Set 'summer-night' as the default distro theme with full branding integration.
- Implement declarative system-wide font installation including the 'nomarchy' font.
- Fix Waybar startup by dynamically generating theme-aware CSS.
- Restore Hyprland keybindings (Super+Return, Super+Space) and wallpaper loading.
- Add missing scripts: nomarchy-launch-walker, nomarchy-toggle-waybar, nomarchy-refresh-config.
- Enable UWSM and correctly disable conflicting Hyprland systemd services.
- Reorganize directory structure into core/, features/, and themes/
- Colocate application Nix logic, configs, scripts, and theme overrides
- Implement 'Inversion of Control' for theming: apps now pull theme-specific layouts
- Update flake.nix and shared library paths to match the new structure
- Document the new Feature-Centric architecture in README.md
