chore(hygiene): final script cleanup and persistence fixes

- Remove remaining obsolete Arch-era scripts (branch-set, debug, upload-log, etc.) - Add /var/lib/fprint to impermanence persistence for fingerprint survival - Add /etc/supergfxd.conf to impermanence persistence for GPU mode survival
feat(system): professionalize system configurations
2026-04-04 19:54:01 +01:00 · 2026-04-04 19:22:47 +01:00
25 changed files with 227 additions and 449 deletions
--- a/bin/nomarchy-branch-set
+++ b/bin/nomarchy-branch-set
@@ -1,17 +0,0 @@
 #!/bin/bash
 # Set the branch for Nomarchy's git repository.
 if (($# == 0)); then
  echo "Usage: nomarchy-branch-set [master|rc|dev]"
  exit 1
 else
  branch="$1"
 fi
 if [[ $branch != "master" && $branch != "rc" && $branch != "dev" ]]; then
  echo "Error: Invalid branch '$branch'. Must be one of: master, rc, dev"
  exit 1
 fi
 git -C $OMARCHY_PATH switch $branch
--- a/bin/nomarchy-channel-set
+++ b/bin/nomarchy-channel-set
@@ -1,31 +0,0 @@
 #!/bin/bash
 # Set the Nomarchy channel, which dictates what git branch and package repository is used.
 #
 # Stable uses the master branch, which only sees updates on official releases, and
 # the stable package repository, which typically lags the edge by a month to ensure
 # better compatibility.
 #
 # Edge tracks the latest package repository, but still relies on the master branch,
 # so new packages which require config changes may cause conflicts or errors.
 #
 # Dev tracks the active development dev branch, which may include partial or broken updates,
 # as well as the latest package repository. This should only be used by Nomarchy developers
 # and people with a lot of experience managing Linux systems.
 if (($# == 0)); then
  echo "Usage: nomarchy-channel-set [stable|rc|edge|dev]"
  exit 1
 else
  channel="$1"
 fi
 case "$channel" in
 "stable") nomarchy-branch-set "master" && nomarchy-refresh-pacman "stable" ;;
 "rc") nomarchy-branch-set "rc" && nomarchy-refresh-pacman "rc" ;;
 "edge") nomarchy-branch-set "master" && nomarchy-refresh-pacman "edge" ;;
 "dev") nomarchy-branch-set "dev" && nomarchy-refresh-pacman "edge" ;;
 *) echo "Unknown channel: $channel"; exit 1; ;;
 esac
 nomarchy-update -y
--- a/bin/nomarchy-debug
+++ b/bin/nomarchy-debug
@@ -1,95 +0,0 @@
 #!/bin/bash
 # Return exhaustive debugging information about the system to help diagnose problems.
 NO_SUDO=false
 PRINT_ONLY=false
 while (( $# > 0 )); do
  case "$1" in
    --no-sudo)
      NO_SUDO=true
      shift
      ;;
    --print)
      PRINT_ONLY=true
      shift
      ;;
    *)
      echo "Unknown option: $1"
      echo "Usage: nomarchy-debug [--no-sudo] [--print]"
      exit 1
      ;;
  esac
 done
 LOG_FILE="/tmp/nomarchy-debug.log"
 if [[ $NO_SUDO = "true" ]]; then
  DMESG_OUTPUT="(skipped - --no-sudo flag used)"
 else
  DMESG_OUTPUT="$(sudo dmesg)"
 fi
 cat > "$LOG_FILE" <<EOF
 Date: $(date)
 Hostname: $(hostname)
 Nomarchy Branch: $(git -C "$OMARCHY_PATH" branch --show-current 2>/dev/null || echo "unknown")
 =========================================
 SYSTEM INFORMATION
 =========================================
 $(inxi -Farz)
 =========================================
 DMESG
 =========================================
 $DMESG_OUTPUT
 =========================================
 JOURNALCTL (CURRENT BOOT, WARNINGS+ERRORS)
 =========================================
 $(journalctl -b -p 4..1)
 =========================================
 INSTALLED PACKAGES
 =========================================
 $({ expac -S '%n %v (%r)' $(pacman -Qqe) 2>/dev/null; comm -13 <(pacman -Sql | sort) <(pacman -Qqe | sort) | xargs -r expac -Q '%n %v (AUR)'; } | sort)
 EOF
 if [[ $PRINT_ONLY = "true" ]]; then
  cat "$LOG_FILE"
  exit 0
 fi
 OPTIONS=("View log" "Save in current directory")
 if ping -c 1 8.8.8.8 >/dev/null 2>&1; then
  OPTIONS=("Upload log" "${OPTIONS[@]}")
 fi
 ACTION=$(gum choose "${OPTIONS[@]}")
 case "$ACTION" in
  "Upload log")
    echo "Uploading debug log to 0x0.st..."
    URL=$(curl -sF "file=@$LOG_FILE" -Fexpires=24 https://0x0.st)
    if (( $? == 0 )) && [[ -n $URL ]]; then
      echo "✓ Log uploaded successfully!"
      echo "Share this URL:"
      echo ""
      echo "  $URL"
      echo ""
      echo "This link will expire in 24 hours."
    else
      echo "Error: Failed to upload log file"
      exit 1
    fi
    ;;
  "View log")
    less "$LOG_FILE"
    ;;
  "Save in current directory")
    cp "$LOG_FILE" "./nomarchy-debug.log"
    echo "✓ Log saved to $(pwd)/nomarchy-debug.log"
    ;;
 esac
--- a/bin/nomarchy-setup-dns
+++ b/bin/nomarchy-setup-dns
@@ -1,27 +1,9 @@
-#!/bin/bash
+#!/usr/bin/env bash
-lock_dns_to_resolved() {
+# Configure DNS declaratively for Nomarchy NixOS.
-  for file in /etc/systemd/network/*.network; do
+# Hybrid: updates /etc/nixos/state.json and runs sys-update.
    [[ -f $file ]] || continue
    if ! grep -q "^\[DHCPv4\]" "$file"; then continue; fi
-    if ! sed -n '/^\[DHCPv4\]/,/^\[/p' "$file" | grep -q "^UseDNS="; then
+STATE_FILE="/etc/nixos/state.json"
      sudo sed -i '/^\[DHCPv4\]/a UseDNS=no' "$file"
    fi
    if grep -q "^\[IPv6AcceptRA\]" "$file" && ! sed -n '/^\[IPv6AcceptRA\]/,/^\[/p' "$file" | grep -q "^UseDNS="; then
      sudo sed -i '/^\[IPv6AcceptRA\]/a UseDNS=no' "$file"
    fi
  done
 }
 unlock_dns_to_dhcp() {
  for file in /etc/systemd/network/*.network; do
    [[ -f $file ]] || continue
    sudo sed -i '/^\[DHCPv4\]/{n;/^UseDNS=no$/d}' "$file"
    sudo sed -i '/^\[IPv6AcceptRA\]/{n;/^UseDNS=no$/d}' "$file"
  done
 }
 if [[ -z $1 ]]; then
  dns=$(gum choose --height 6 --header "Select DNS provider" Cloudflare Google DHCP Custom)
@@ -30,32 +12,8 @@ else
 fi
 case "$dns" in
-Cloudflare)
+Cloudflare|Google|DHCP)
-  sudo tee /etc/systemd/resolved.conf >/dev/null <<'EOF'
+  sudo jq ".dns = \"$dns\"" "$STATE_FILE" > /tmp/state.json && sudo mv /tmp/state.json "$STATE_FILE"
 [Resolve]
 DNS=1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com
 FallbackDNS=9.9.9.9 149.112.112.112
 DNSOverTLS=opportunistic
 EOF
  lock_dns_to_resolved
  ;;
 Google)
  sudo tee /etc/systemd/resolved.conf >/dev/null <<'EOF'
 [Resolve]
 DNS=8.8.8.8#dns.google 8.8.4.4#dns.google
 FallbackDNS=9.9.9.9 149.112.112.112
 DNSOverTLS=opportunistic
 EOF
  lock_dns_to_resolved
  ;;
 DHCP)
  sudo tee /etc/systemd/resolved.conf >/dev/null <<'EOF'
 [Resolve]
 DNSOverTLS=no
 EOF
  unlock_dns_to_dhcp
  ;;
 Custom)
@@ -67,13 +25,11 @@ Custom)
    exit 1
  fi
-  sudo tee /etc/systemd/resolved.conf >/dev/null <<EOF
+  # Convert to JSON array
-[Resolve]
+  dns_array=$(echo "$dns_servers" | jq -R 'split(" ")')
-DNS=$dns_servers
+  sudo jq ".dns = \"Custom\" | .customDns = $dns_array" "$STATE_FILE" > /tmp/state.json && sudo mv /tmp/state.json "$STATE_FILE"
 FallbackDNS=9.9.9.9 149.112.112.112
 EOF
  lock_dns_to_resolved
  ;;
 esac
-sudo systemctl restart systemd-networkd systemd-resolved
+echo "DNS configured to $dns. Applying changes..."
 sudo sys-update
--- a/bin/nomarchy-setup-fido2
+++ b/bin/nomarchy-setup-fido2
@@ -2,38 +2,18 @@
 # Configure FIDO2 support declaratively for Nomarchy NixOS.
-FEATURE_FILE="/etc/nixos/nomarchy-features/fido2.nix"
+STATE_FILE="/etc/nixos/state.json"
 if [[ "--remove" == $1 ]]; then
-    if [ -f "$FEATURE_FILE" ]; then
+    sudo jq ".features.fido2 = false" "$STATE_FILE" > /tmp/state.json && sudo mv /tmp/state.json "$STATE_FILE"
-        sudo rm "$FEATURE_FILE"
+    echo "FIDO2 support disabled. Applying changes..."
-        echo "Removed $FEATURE_FILE."
+    sudo sys-update
        echo "IMPORTANT: Remove './nomarchy-features/fido2.nix' from your imports and run 'sys-update'."
    else
        echo "FIDO2 support not found."
    fi
    exit 0
 fi
-if [ -f "$FEATURE_FILE" ]; then
+sudo jq ".features.fido2 = true" "$STATE_FILE" > /tmp/state.json && sudo mv /tmp/state.json "$STATE_FILE"
-    echo "FIDO2 support is already configured in $FEATURE_FILE"
+echo "FIDO2 support enabled. Applying changes..."
-else
+sudo sys-update
    sudo mkdir -p "/etc/nixos/nomarchy-features"
    cat <<EOF | sudo tee "$FEATURE_FILE" > /dev/null
 { config, pkgs, ... }:
 {
  security.pam.u2f = {
    enable = true;
    control = "sufficient";
    cue = true;
    # authFile = "/etc/fido2/fido2"; # Default is ~/.config/Yubico/u2f_keys
  };
 }
 EOF
    echo "Created $FEATURE_FILE."
    echo "IMPORTANT: To finish enabling FIDO2 support, add './nomarchy-features/fido2.nix' to your imports list in /etc/nixos/system.nix or /etc/nixos/flake.nix,"
    echo "then run 'sys-update'."
 fi
 # Enrollment is still an imperative action
 if command -v pamu2fcfg &> /dev/null; then
@@ -42,5 +22,5 @@ if command -v pamu2fcfg &> /dev/null; then
    pamu2fcfg > ~/.config/Yubico/u2f_keys
    echo "FIDO2 key registered."
 else
-    echo "pamu2fcfg not found. Please run 'nomarchy-pkg-add pam-u2f' or 'sys-update' if you just enabled it."
+    echo "pamu2fcfg not found. It will be available after the next reboot or sys-update."
 fi
--- a/bin/nomarchy-setup-fingerprint
+++ b/bin/nomarchy-setup-fingerprint
@@ -1,40 +1,25 @@
 #!/usr/bin/env bash
-# Configure Fingerprint support declaratively for Nomarchy NixOS.
+# Configure fingerprint support declaratively for Nomarchy NixOS.
-FEATURE_FILE="/etc/nixos/nomarchy-features/fingerprint.nix"
+STATE_FILE="/etc/nixos/state.json"
 if [[ "--remove" == $1 ]]; then
-    if [ -f "$FEATURE_FILE" ]; then
+    sudo jq ".features.fingerprint = false" "$STATE_FILE" > /tmp/state.json && sudo mv /tmp/state.json "$STATE_FILE"
-        sudo rm "$FEATURE_FILE"
+    echo "Fingerprint support disabled. Applying changes..."
-        echo "Removed $FEATURE_FILE."
+    sudo sys-update
        echo "IMPORTANT: Remove './nomarchy-features/fingerprint.nix' from your imports and run 'sys-update'."
    else
        echo "Fingerprint support not found."
    fi
    exit 0
 fi
-if [ -f "$FEATURE_FILE" ]; then
+sudo jq ".features.fingerprint = true" "$STATE_FILE" > /tmp/state.json && sudo mv /tmp/state.json "$STATE_FILE"
-    echo "Fingerprint support is already configured in $FEATURE_FILE"
+echo "Fingerprint support enabled. Applying changes..."
-else
+sudo sys-update
    sudo mkdir -p "/etc/nixos/nomarchy-features"
    cat <<EOF | sudo tee "$FEATURE_FILE" > /dev/null
 { config, pkgs, ... }:
 {
  services.fprintd.enable = true;
  # NixOS's fprintd module automatically configures PAM for login/sudo if enabled.
 }
 EOF
    echo "Created $FEATURE_FILE."
    echo "IMPORTANT: To finish enabling fingerprint support, add './nomarchy-features/fingerprint.nix' to your imports list in /etc/nixos/system.nix or /etc/nixos/flake.nix,"
    echo "then run 'sys-update'."
 fi
 # Enrollment is still an imperative action
 if command -v fprintd-enroll &> /dev/null; then
    echo "Let's enroll your fingerprint now."
-    fprintd-enroll "$USER"
+    fprintd-enroll
    echo "Fingerprint enrolled."
 else
-    echo "fprintd-enroll not found. Please run 'sys-update' first if you just enabled it."
+    echo "fprintd not found. It will be available after the next reboot or sys-update."
 fi
--- a/bin/nomarchy-theme-set
+++ b/bin/nomarchy-theme-set
@@ -32,6 +32,12 @@ fi
 TMP_JSON=$(mktemp)
 jq ".theme = \"$THEME_NAME\"" "$STATE_FILE" > "$TMP_JSON" && mv "$TMP_JSON" "$STATE_FILE"
 # Sync to system state if we have permissions (for system-level theming like browser policies)
 SYSTEM_STATE_FILE="/etc/nixos/state.json"
 if [ -w "$SYSTEM_STATE_FILE" ] || [ -w "/etc/nixos" ]; then
    sudo jq ".theme = \"$THEME_NAME\"" "$SYSTEM_STATE_FILE" > /tmp/system-state.json 2>/dev/null && sudo mv /tmp/system-state.json "$SYSTEM_STATE_FILE" 2>/dev/null || true
 fi
 # Try to find a background for this theme
 BG_DIR="$THEMES_DIR/$THEME_NAME/backgrounds"
 if [ -d "$BG_DIR" ]; then
--- a/bin/nomarchy-theme-set-browser
+++ b/bin/nomarchy-theme-set-browser
@@ -1,24 +0,0 @@
 #!/bin/bash
 CHROMIUM_THEME=~/.config/nomarchy/current/theme/chromium.theme
 if nomarchy-cmd-present chromium || nomarchy-cmd-present brave; then
  if [[ -f $CHROMIUM_THEME ]]; then
    THEME_RGB_COLOR=$(<$CHROMIUM_THEME)
    THEME_HEX_COLOR=$(printf '#%02x%02x%02x' ${THEME_RGB_COLOR//,/ })
  else
    # Use a default, neutral grey if theme doesn't have a color
    THEME_RGB_COLOR="28,32,39"
    THEME_HEX_COLOR="#1c2027"
  fi
  if nomarchy-cmd-present chromium; then
    echo "{\"BrowserThemeColor\": \"$THEME_HEX_COLOR\", \"BrowserColorScheme\": \"device\"}" | tee "/etc/chromium/policies/managed/color.json" >/dev/null
    chromium --refresh-platform-policy --no-startup-window >/dev/null
  fi
  if nomarchy-cmd-present brave; then
    echo "{\"BrowserThemeColor\": \"$THEME_HEX_COLOR\", \"BrowserColorScheme\": \"device\"}" | tee "/etc/brave/policies/managed/color.json" >/dev/null
    brave --refresh-platform-policy --no-startup-window >/dev/null
  fi
 fi
--- a/bin/nomarchy-toggle-hybrid-gpu
+++ b/bin/nomarchy-toggle-hybrid-gpu
@@ -3,20 +3,23 @@
 # Toggle dedicated vs integrated GPU mode via supergfxd (for hybrid gpu laptops, like Asus G14).
 # Declarative enablement + Runtime mode switching for Nomarchy NixOS.
-FEATURE_FILE="/etc/nixos/nomarchy-features/supergfxd.nix"
+STATE_FILE="/etc/nixos/state.json"
 # Check if supergfxd is enabled in config
 if [[ $(sudo jq -r '.features.hybridGPU // false' "$STATE_FILE") != "true" ]]; then
    if gum confirm "Hybrid GPU support is not enabled. Enable it now? (Requires sys-update)"; then
        sudo jq ".features.hybridGPU = true" "$STATE_FILE" > /tmp/state.json && sudo mv /tmp/state.json "$STATE_FILE"
        echo "Hybrid GPU support enabled in configuration. Applying changes..."
        sudo sys-update
        echo "Please run this command again after the update."
        exit 0
    fi
    exit 1
 fi
 if ! command -v supergfxctl &> /dev/null; then
-    sudo mkdir -p "/etc/nixos/nomarchy-features"
+    echo "supergfxctl not found. Is the system updated?"
-    cat <<EOF | sudo tee "$FEATURE_FILE" > /dev/null
+    exit 1
 { config, pkgs, ... }:
 {
  services.supergfxd.enable = true;
 }
 EOF
    echo "Created $FEATURE_FILE to enable supergfxd."
    echo "IMPORTANT: To finish enabling hybrid GPU support, add './nomarchy-features/supergfxd.nix' to your imports list in /etc/nixos/system.nix or /etc/nixos/flake.nix,"
    echo "then run 'sys-update'."
    exit 0
 fi
 gpu_mode=$(supergfxctl -g)
--- a/bin/nomarchy-tz-select
+++ b/bin/nomarchy-tz-select
@@ -1,6 +1,12 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Select system timezone declaratively for Nomarchy NixOS.
 STATE_FILE="/etc/nixos/state.json"
 timezone=$(timedatectl list-timezones | gum filter --height 20 --header "Set timezone") || exit 1
-sudo timedatectl set-timezone "$timezone"
+
-echo "Timezone is now set to $timezone"
+sudo jq ".timezone = \"$timezone\"" "$STATE_FILE" > /tmp/state.json && sudo mv /tmp/state.json "$STATE_FILE"
-nomarchy-restart-waybar
+
 echo "Timezone is now set to $timezone. Applying changes..."
 sudo sys-update
--- a/bin/nomarchy-update
+++ b/bin/nomarchy-update
@@ -22,7 +22,7 @@ sudo nix --extra-experimental-features "nix-command flakes" flake update --flake
 # 2. Rebuild System
 echo "Applying system-level updates..."
-sudo nixos-rebuild switch --flake "$REPO_DIR#default"
+sudo nixos-rebuild switch --flake "$REPO_DIR#default" --impure
 # 3. Rebuild Home Environment
 echo "Applying user-level updates..."
--- a/bin/nomarchy-update-analyze-logs
+++ b/bin/nomarchy-update-analyze-logs
@@ -1,11 +0,0 @@
 #!/bin/bash
 update_log="/tmp/nomarchy-update.log"
 # Check for initramfs generation failure
 if grep -q "Updating linux initcpios" "$update_log"; then
  if ! grep -q "Initcpio image generation successful" "$update_log"; then
    echo -e '\e[31mError: Initramfs generation may have failed. Review logs before restart.\e[0m'
    echo
  fi
 fi
--- a/bin/nomarchy-upload-log
+++ b/bin/nomarchy-upload-log
@@ -1,126 +0,0 @@
 #!/bin/bash
 # Upload logs to 0x0.st
 LOG_TYPE="${1:-install}"
 TEMP_LOG="/tmp/upload-log.txt"
 SYSTEM_INFO="/tmp/system-info.txt"
 # Get system information if fastfetch is available
 if command -v fastfetch >/dev/null 2>&1; then
  {
    echo "========================================="
    echo "SYSTEM INFORMATION"
    echo "========================================="
    # Use fastfetch with no logo to get clean output
    fastfetch --logo none --pipe 2>/dev/null || echo "Failed to get system info"
    echo ""
    echo "========================================="
    echo "LOG CONTENT"
    echo "========================================="
    echo ""
  } >"$SYSTEM_INFO"
 else
  # Fallback to basic info if fastfetch isn't available
  {
    echo "========================================="
    echo "SYSTEM INFORMATION"
    echo "========================================="
    echo "Hostname: $(hostname)"
    echo "Kernel: $(uname -r)"
    echo "Date: $(date)"
    echo ""
    echo "========================================="
    echo "LOG CONTENT"
    echo "========================================="
    echo ""
  } >"$SYSTEM_INFO"
 fi
 case "$LOG_TYPE" in
 install)
  ARCHINSTALL_LOG="/var/log/archinstall/install.log"
  OMARCHY_LOG="/var/log/nomarchy-install.log"
  # Combine system info with logs
  cat "$SYSTEM_INFO" >"$TEMP_LOG"
  cat $ARCHINSTALL_LOG $OMARCHY_LOG >>"$TEMP_LOG" 2>/dev/null
  if [[ ! -s $TEMP_LOG ]]; then
    echo "Error: No install logs found"
    exit 1
  fi
  echo "Uploading installation log to 0x0.st..."
  ;;
 this-boot)
  # Combine system info with boot logs
  cat "$SYSTEM_INFO" >"$TEMP_LOG"
  journalctl -b 0 >>"$TEMP_LOG" 2>/dev/null
  if [[ ! -s $TEMP_LOG ]]; then
    echo "Error: No logs found for current boot"
    exit 1
  fi
  echo "Uploading current boot logs to 0x0.st..."
  ;;
 last-boot)
  # Combine system info with previous boot logs
  cat "$SYSTEM_INFO" >"$TEMP_LOG"
  journalctl -b -1 >>"$TEMP_LOG" 2>/dev/null
  if [[ ! -s $TEMP_LOG ]]; then
    echo "Error: No logs found for previous boot"
    exit 1
  fi
  echo "Uploading previous boot logs to 0x0.st..."
  ;;
 installed|system-info)
  # System info plus all installed packages
  cat "$SYSTEM_INFO" >"$TEMP_LOG"
  {
    echo ""
    echo "========================================="
    echo "INSTALLED PACKAGES (pacman -Q)"
    echo "========================================="
    pacman -Q 2>/dev/null || echo "Failed to get package list"
  } >>"$TEMP_LOG"
  if [[ ! -s $TEMP_LOG ]]; then
    echo "Error: Failed to gather system information"
    exit 1
  fi
  echo "Uploading system information to 0x0.st..."
  ;;
 *)
  echo "Usage: $0 [install|this-boot|last-boot|installed|system-info]"
  echo "  install      - Upload installation logs (default)"
  echo "  this-boot    - Upload logs from current boot"
  echo "  last-boot    - Upload logs from previous boot"
  echo "  installed    - Upload system info and installed packages"
  exit 1
  ;;
 esac
 echo ""
 URL=$(curl -sF "file=@$TEMP_LOG" -Fexpires=24 https://0x0.st)
 if (( $? == 0 )) && [[ -n $URL ]]; then
  echo "✓ Log uploaded successfully!"
  echo "Share this URL:"
  echo ""
  echo "  $URL"
  echo ""
  echo "This link will expire in 24 hours."
 else
  echo "Error: Failed to upload log file"
  exit 1
 fi
--- a/bin/nomarchy-version
+++ b/bin/nomarchy-version
@@ -1,2 +0,0 @@
 #!/bin/bash
 cat $OMARCHY_PATH/version
--- a/bin/nomarchy-version-branch
+++ b/bin/nomarchy-version-branch
@@ -1,3 +0,0 @@
 #!/bin/bash
 echo $(git -C "$OMARCHY_PATH" rev-parse --abbrev-ref HEAD)
--- a/bin/nomarchy-wifi-powersave
+++ b/bin/nomarchy-wifi-powersave
@@ -1,5 +1,17 @@
-#!/bin/bash
+#!/usr/bin/env bash
-for iface in /sys/class/net/*/wireless; do
+
-  iface="$(basename "$(dirname "$iface")")"
+# Toggles wifi power saving declaratively.
-  iw dev "$iface" set power_save "$1" 2>/dev/null
+# Usage: nomarchy-wifi-powersave <on|off>
-done
+
 STATE_FILE="/etc/nixos/state.json"
 case "$1" in
 on)  value="true" ;;
 off) value="false" ;;
 *) echo "Usage: nomarchy-wifi-powersave <on|off>"; exit 1 ;;
 esac
 sudo jq ".wifi.powersave = $value" "$STATE_FILE" > /tmp/state.json && sudo mv /tmp/state.json "$STATE_FILE"
 echo "Wifi powersave set to $1. Applying changes..."
 sudo sys-update
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@@ -58,7 +58,7 @@ in
  ] ++ userPackages;
  home.shellAliases = {
-    sys-update = "sudo nixos-rebuild switch --flake /etc/nixos#default";
+    sys-update = "sudo nixos-rebuild switch --flake /etc/nixos#default --impure";
    env-update = "home-manager switch --flake /etc/nixos#default --impure";
  };
 }
--- a/modules/system/browser.nix
+++ b/modules/system/browser.nix
@@ -0,0 +1,22 @@
 { config, pkgs, lib, ... }:
 let
  palettes = import ../../themes/nomarchy-palettes.nix;
  activeThemeName = config.nomarchy.system.theme;
  currentPalette = (palettes.${activeThemeName} or palettes.nord).palette;
  # Hex color for browser theme (base00 is background)
  themeColor = "#${currentPalette.base00}";
  policy = {
    BrowserThemeColor = themeColor;
    BrowserColorScheme = if lib.strings.hasInfix "light" activeThemeName then "light" else "dark";
  };
 in
 {
  # Chromium policies
  programs.chromium.extraOpts = policy;
  # Brave policies (Brave on NixOS also respects some chromium policies if set via extraOpts)
  # But better to use the specific brave module if available or just the same policy.
 }
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@@ -2,12 +2,17 @@
 {
  imports = [
    ./options.nix
    ./state.nix
    ./plymouth.nix
    ./sddm.nix
    ./hardware.nix
    ./audio.nix
    ./bluetooth.nix
    ./network.nix
    ./browser.nix
    ./impermanence.nix
  ];
  time.timeZone = config.nomarchy.system.timezone;
 }
--- a/modules/system/hardware.nix
+++ b/modules/system/hardware.nix
@@ -46,5 +46,22 @@ in
        options brcmfmac feature_disable=0x82000
      '';
    })
    # System Features
    (mkIf config.nomarchy.system.features.fingerprint {
      services.fprintd.enable = true;
    })
    (mkIf config.nomarchy.system.features.fido2 {
      security.pam.u2f = {
        enable = true;
        control = "sufficient";
        cue = true;
      };
    })
    (mkIf config.nomarchy.system.features.hybridGPU {
      services.supergfxd.enable = true;
    })
  ];
 }
--- a/modules/system/impermanence.nix
+++ b/modules/system/impermanence.nix
@@ -49,12 +49,14 @@ in
        "/var/lib/systemd/coredump"
        "/var/lib/systemd/timesync"
        "/var/lib/bluetooth"
        "/var/lib/fprint"
        "/etc/NetworkManager/system-connections"
        "/etc/nixos"
        "/etc/ssh"
      ];
      files = [
        "/etc/machine-id"
        "/etc/supergfxd.conf"
      ];
    };
  };
--- a/modules/system/network.nix
+++ b/modules/system/network.nix
@@ -1,5 +1,26 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 let
  cfg = config.nomarchy.system;
 in
 {
  networking.networkmanager.enable = true;
  networking.networkmanager.wifi.powersave = cfg.wifi.powersave;
  # DNS Configuration
  networking.nameservers = if cfg.dns == "Cloudflare" then [ "1.1.1.1" "1.0.0.1" ]
                           else if cfg.dns == "Google" then [ "8.8.8.8" "8.8.4.4" ]
                           else if cfg.dns == "Custom" then cfg.customDns
                           else []; # DHCP lets NM handle it
  services.resolved = {
    enable = cfg.dns != "DHCP";
    dnssec = "allow-downgrade";
    domains = [ "~." ];
    fallbackDns = [ "9.9.9.9" "149.112.112.112" ];
    extraConfig = ''
      DNSOverTLS=opportunistic
    '';
  };
 }
--- a/modules/system/options.nix
+++ b/modules/system/options.nix
@@ -0,0 +1,50 @@
 { lib, ... }:
 {
  options.nomarchy.system = {
    dns = lib.mkOption {
      type = lib.types.enum [ "Cloudflare" "Google" "DHCP" "Custom" ];
      default = "DHCP";
      description = "Selected DNS provider.";
    };
    customDns = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = [];
      description = "List of custom DNS servers.";
    };
    wifi = {
      powersave = lib.mkOption {
        type = lib.types.bool;
        default = true;
        description = "Whether to enable wifi power saving.";
      };
    };
    timezone = lib.mkOption {
      type = lib.types.str;
      default = "UTC";
      description = "System timezone.";
    };
    features = {
      fingerprint = lib.mkOption {
        type = lib.types.bool;
        default = false;
        description = "Whether to enable fingerprint support.";
      };
      fido2 = lib.mkOption {
        type = lib.types.bool;
        default = false;
        description = "Whether to enable FIDO2 support.";
      };
      hybridGPU = lib.mkOption {
        type = lib.types.bool;
        default = false;
        description = "Whether to enable hybrid GPU support (supergfxd).";
      };
    };
    theme = lib.mkOption {
      type = lib.types.str;
      default = "nord";
      description = "Selected system theme.";
    };
  };
 }
--- a/modules/system/state.nix
+++ b/modules/system/state.nix
@@ -0,0 +1,28 @@
 { lib, ... }:
 let
  stateFile = "/etc/nixos/state.json";
  # Helper to read state from a file, with a default
  readState = file: default:
    if builtins.pathExists file then
      builtins.fromJSON (builtins.readFile file)
    else
      default;
  systemState = readState stateFile {};
 in
 {
  config.nomarchy.system = {
    dns = systemState.dns or "DHCP";
    customDns = systemState.customDns or [];
    wifi.powersave = systemState.wifi.powersave or true;
    timezone = systemState.timezone or "UTC";
    features = {
      fingerprint = systemState.features.fingerprint or false;
      fido2 = systemState.features.fido2 or false;
      hybridGPU = systemState.features.hybridGPU or false;
    };
    theme = systemState.theme or "nord";
  };
 }
--- a/modules/system/supergfxd.nix
+++ b/modules/system/supergfxd.nix
@@ -1,6 +0,0 @@
 { config, pkgs, ... }:
 {
  services.supergfxd.enable = true;
  # NixOS handles the configuration of supergfxd
 }
		`@@ -1,3 +0,0 @@`
			`#!/bin/bash`

			`echo $(git -C "$OMARCHY_PATH" rev-parse --abbrev-ref HEAD)`