docs(roadmap): log uwsm-in-virtualization module placement (Later)

core/system/virtualization.nix wires `programs.uwsm` + the Hyprland session config at the top of the file — loaded unconditionally on every install, with no actual relationship to libvirt/docker. Cosmetic mislocation, not a behavior bug; logged as a Later row so it can be fixed in a dedicated session module without growing this audit PR. Found during Pillar 8 audit of core/system modules.
fix(hibernate): mkDefault on HandlePowerKey / IdleAction / IdleActionSec
2026-05-19 17:50:44 +01:00 · 2026-05-19 17:50:37 +01:00 · 2026-05-19 17:50:32 +01:00 · 2026-05-19 17:50:27 +01:00
6 changed files with 27 additions and 7 deletions
--- a/core/system/hibernate.nix
+++ b/core/system/hibernate.nix
@@ -15,9 +15,9 @@ in
      settings.Login = {
        HandleLidSwitch = lib.mkDefault "suspend-then-hibernate";
        HandleLidSwitchExternalPower = lib.mkDefault "suspend";
-        HandlePowerKey = "hibernate";
-        IdleAction = "suspend-then-hibernate";
-        IdleActionSec = toString (cfg.idleMinutes * 60);
+        HandlePowerKey = lib.mkDefault "hibernate";
+        IdleAction = lib.mkDefault "suspend-then-hibernate";
+        IdleActionSec = lib.mkDefault (toString (cfg.idleMinutes * 60));
      };
    };
  };
--- a/core/system/impermanence.nix
+++ b/core/system/impermanence.nix
@@ -24,6 +24,18 @@ in
        "crypted_main" on multi-disk installs to match the disko layout.
      '';
    };
+
+    user = lib.mkOption {
+      type = lib.types.str;
+      default = "nomarchy";
+      description = ''
+        Primary user whose home subset (.ssh, .gnupg, keyrings, common
+        directories) survives the rootfs wipe. Must match the user
+        created via `users.users.<name>` — otherwise the persistence
+        block is silently inert and the user's home directory is wiped
+        on every boot. The installer writes this for you.
+      '';
+    };
  };

  config = lib.mkIf cfg.enable {
@@ -72,7 +84,7 @@ in
        "/etc/machine-id"
        "/etc/supergfxd.conf"
      ];
-      users.nomarchy = {
+      users.${cfg.user} = {
        directories = [
          ".ssh"
          ".gnupg"
--- a/docs/OPTIONS.md
+++ b/docs/OPTIONS.md
@@ -153,10 +153,18 @@ Without prime config, supergfxd still switches modes but render-offload via `nvi

 `bool`, default `false`. Intel IPU7 camera support (kernel modules + firmware).

-### `impermanence.enable`
+### `nomarchy.system.impermanence.enable`

 `bool`, default `false`. Erase Your Darlings root wipe on boot. Defined in `core/system/impermanence.nix`. The installer writes the flag based on the impermanence prompt.

+### `nomarchy.system.impermanence.mainLuksName`
+
+`str`, default `"crypted"`. Name of the `/dev/mapper` entry holding the BTRFS root. The disko layout uses `"crypted"` on single-disk installs and `"crypted_main"` once multiple drives are selected — the installer writes the matching value automatically.
+
+### `nomarchy.system.impermanence.user`
+
+`str`, default `"nomarchy"`. Primary user whose home subset (`.ssh`, `.gnupg`, `.local/share/keyrings`, `Documents`, `Downloads`, `Pictures`, `Videos`, `Projects`) survives the rootfs wipe. Must match the user created via `users.users.<name>` — otherwise the persistence block is silently inert and the user's home directory is wiped on every boot. The installer writes this for you.
+
 ---

 ## Home Manager options (`home.nix`)
--- a/docs/ROADMAP.md
+++ b/docs/ROADMAP.md
@@ -39,6 +39,7 @@ Guardrails (apply when adding anything):
 - **Forgejo release pipeline.** `vYY.MM.x` tags matching the upstream NixOS channel; the pipeline pushes the three ISOs and an updated `flake.lock` snapshot.
 - **Optional `nomarchy-installer-vm`** rebuilt as a real flake app (not a one-off shell script) so users can install Nomarchy into a libvirt VM declaratively.
 - **Surface support module** via the relevant `nixos-hardware` profile + Surface kernel patches behind a `nomarchy.hardware.isSurface` toggle.
+- **Move `programs.uwsm` Hyprland session out of `core/system/virtualization.nix`.** Session-manager config is wired in the virtualization module by historical accident — it's loaded unconditionally on every install and has nothing to do with libvirt/docker. Move to a dedicated `core/system/session.nix` (or fold into the Hyprland feature module) so the location matches the responsibility.

 ## 3. Pillar: Script & menu audit

--- a/installer/install.sh
+++ b/installer/install.sh
@@ -1459,7 +1459,7 @@ generate_flake_config() {
        if (( ${#_drives[@]} > 1 )); then
            _main_luks_name="crypted_main"
        fi
-        impermanence_opt=$'nomarchy.system.impermanence.enable = true;\n  nomarchy.system.impermanence.mainLuksName = "'"$_main_luks_name"$'";'
+        impermanence_opt=$'nomarchy.system.impermanence.enable = true;\n  nomarchy.system.impermanence.mainLuksName = "'"$_main_luks_name"$'";\n  nomarchy.system.impermanence.user = "'"$USERNAME"$'";'
    fi

    local PROFILE_SYSTEM_OPTS=""
--- a/lib/state-schema.nix
+++ b/lib/state-schema.nix
@@ -50,7 +50,6 @@
      fingerprint = false;
      fido2 = false;
      hybridGPU = false;
-      makima = false;
    };
  };
Author	SHA1	Message	Date
Bernardo Magri	28a0e28f2d	docs(roadmap): log uwsm-in-virtualization module placement (Later) core/system/virtualization.nix wires `programs.uwsm` + the Hyprland session config at the top of the file — loaded unconditionally on every install, with no actual relationship to libvirt/docker. Cosmetic mislocation, not a behavior bug; logged as a Later row so it can be fixed in a dedicated session module without growing this audit PR. Found during Pillar 8 audit of core/system modules.	2026-05-19 17:50:44 +01:00
Bernardo Magri	0e93639702	fix(hibernate): mkDefault on HandlePowerKey / IdleAction / IdleActionSec These three settings.Login fields were set at default priority, so a downstream system.nix that wrote (e.g.) `services.logind.settings.Login.HandlePowerKey = "poweroff"` would collide with Nomarchy's value instead of overriding it. Same mkDefault treatment as the other lid-switch settings in this block. Found during Pillar 8 audit of core/system modules.	2026-05-19 17:50:37 +01:00
Bernardo Magri	0656f33611	chore(schema): drop orphan features.makima `lib/state-schema.nix` declared `system.features.makima = false` but the field was never wired anywhere: no matching option in core/system/options.nix, no consumer in core/system/state.nix, no references in the wider tree. Schema-only ghost — removed. Found during Pillar 8 audit of core/system modules.	2026-05-19 17:50:32 +01:00
Bernardo Magri	749f970fb0	fix(impermanence): user must match created account, not hardcoded "nomarchy" The persistence block at core/system/impermanence.nix:75 read `users.nomarchy = { directories = [...]; }` — the username was a literal, not a reference. For any user not literally named "nomarchy" the block was silently inert and ~/.ssh, ~/.gnupg, ~/.local/share/keyrings, Documents, Downloads, Pictures, Videos, Projects were wiped on every boot. Adds `nomarchy.system.impermanence.user` (str, default "nomarchy") and uses it via `users.${cfg.user}`. The installer now writes the chosen username alongside `enable` and `mainLuksName` so impermanence installs with non-default usernames are correct out of the box. docs/OPTIONS.md: fixes the wrong path on the impermanence row (documented `impermanence.enable`, real option is `nomarchy.system.impermanence.enable`) and adds entries for `mainLuksName` and `user`. Found during Pillar 8 audit of core/system modules.	2026-05-19 17:50:27 +01:00