bernardo/Nomarchy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: bernardo:main
Branches Tags
bernardo:main
...
compare: bernardo:28a0e28f2d791248588007878cad4ef8ff504fe3
Branches Tags
bernardo:main

4 Commits
main ... 28a0e28f2d

Author SHA1 Message Date
Bernardo Magri
28a0e28f2d docs(roadmap): log uwsm-in-virtualization module placement (Later) 
core/system/virtualization.nix wires `programs.uwsm` + the Hyprland
session config at the top of the file — loaded unconditionally on every
install, with no actual relationship to libvirt/docker. Cosmetic
mislocation, not a behavior bug; logged as a Later row so it can be
fixed in a dedicated session module without growing this audit PR.

Found during Pillar 8 audit of core/system modules.
 2026-05-19 17:50:44 +01:00
Bernardo Magri
0e93639702 fix(hibernate): mkDefault on HandlePowerKey / IdleAction / IdleActionSec 
These three settings.Login fields were set at default priority, so a
downstream system.nix that wrote (e.g.) `services.logind.settings.Login.HandlePowerKey = "poweroff"`
would collide with Nomarchy's value instead of overriding it. Same
mkDefault treatment as the other lid-switch settings in this block.

Found during Pillar 8 audit of core/system modules.
 2026-05-19 17:50:37 +01:00
Bernardo Magri
0656f33611 chore(schema): drop orphan features.makima 
`lib/state-schema.nix` declared `system.features.makima = false` but
the field was never wired anywhere: no matching option in
core/system/options.nix, no consumer in core/system/state.nix, no
references in the wider tree. Schema-only ghost — removed.

Found during Pillar 8 audit of core/system modules.
 2026-05-19 17:50:32 +01:00
Bernardo Magri
749f970fb0 fix(impermanence): user must match created account, not hardcoded "nomarchy" 
The persistence block at core/system/impermanence.nix:75 read
`users.nomarchy = { directories = [...]; }` — the username was a
literal, not a reference. For any user not literally named "nomarchy"
the block was silently inert and ~/.ssh, ~/.gnupg, ~/.local/share/keyrings,
Documents, Downloads, Pictures, Videos, Projects were wiped on every boot.

Adds `nomarchy.system.impermanence.user` (str, default "nomarchy") and
uses it via `users.${cfg.user}`. The installer now writes the chosen
username alongside `enable` and `mainLuksName` so impermanence installs
with non-default usernames are correct out of the box.

docs/OPTIONS.md: fixes the wrong path on the impermanence row
(documented `impermanence.enable`, real option is
`nomarchy.system.impermanence.enable`) and adds entries for
`mainLuksName` and `user`.

Found during Pillar 8 audit of core/system modules.
 2026-05-19 17:50:27 +01:00
6 changed files with 27 additions and 7 deletions
Expand all files Collapse all files

6
core/system/hibernate.nix
View File

@@ -15,9 +15,9 @@ in
settings.Login = { settings.Login = {
HandleLidSwitch = lib.mkDefault "suspend-then-hibernate"; HandleLidSwitch = lib.mkDefault "suspend-then-hibernate";
HandleLidSwitchExternalPower = lib.mkDefault "suspend"; HandleLidSwitchExternalPower = lib.mkDefault "suspend";
HandlePowerKey = "hibernate"; HandlePowerKey = lib.mkDefault "hibernate";
IdleAction = "suspend-then-hibernate"; IdleAction = lib.mkDefault "suspend-then-hibernate";
IdleActionSec = toString (cfg.idleMinutes * 60); IdleActionSec = lib.mkDefault (toString (cfg.idleMinutes * 60));
}; };
}; };
}; };

14
core/system/impermanence.nix
View File

@@ -24,6 +24,18 @@ in
"crypted_main" on multi-disk installs to match the disko layout. "crypted_main" on multi-disk installs to match the disko layout.
''; '';
}; };
user = lib.mkOption {
type = lib.types.str;
default = "nomarchy";
description = ''
Primary user whose home subset (.ssh, .gnupg, keyrings, common
directories) survives the rootfs wipe. Must match the user
created via `users.users.<name>` otherwise the persistence
block is silently inert and the user's home directory is wiped
on every boot. The installer writes this for you.
'';
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@@ -72,7 +84,7 @@ in
"/etc/machine-id" "/etc/machine-id"
"/etc/supergfxd.conf" "/etc/supergfxd.conf"
]; ];
users.nomarchy = { users.${cfg.user} = {
directories = [ directories = [
".ssh" ".ssh"
".gnupg" ".gnupg"

10
docs/OPTIONS.md
View File

@@ -153,10 +153,18 @@ Without prime config, supergfxd still switches modes but render-offload via `nvi
`bool`, default `false`. Intel IPU7 camera support (kernel modules + firmware). `bool`, default `false`. Intel IPU7 camera support (kernel modules + firmware).
### `impermanence.enable` ### `nomarchy.system.impermanence.enable`
`bool`, default `false`. Erase Your Darlings root wipe on boot. Defined in `core/system/impermanence.nix`. The installer writes the flag based on the impermanence prompt. `bool`, default `false`. Erase Your Darlings root wipe on boot. Defined in `core/system/impermanence.nix`. The installer writes the flag based on the impermanence prompt.
### `nomarchy.system.impermanence.mainLuksName`
`str`, default `"crypted"`. Name of the `/dev/mapper` entry holding the BTRFS root. The disko layout uses `"crypted"` on single-disk installs and `"crypted_main"` once multiple drives are selected — the installer writes the matching value automatically.
### `nomarchy.system.impermanence.user`
`str`, default `"nomarchy"`. Primary user whose home subset (`.ssh`, `.gnupg`, `.local/share/keyrings`, `Documents`, `Downloads`, `Pictures`, `Videos`, `Projects`) survives the rootfs wipe. Must match the user created via `users.users.<name>` — otherwise the persistence block is silently inert and the user's home directory is wiped on every boot. The installer writes this for you.
--- ---
## Home Manager options (`home.nix`) ## Home Manager options (`home.nix`)

1
docs/ROADMAP.md
View File

@@ -39,6 +39,7 @@ Guardrails (apply when adding anything):
- **Forgejo release pipeline.** `vYY.MM.x` tags matching the upstream NixOS channel; the pipeline pushes the three ISOs and an updated `flake.lock` snapshot. - **Forgejo release pipeline.** `vYY.MM.x` tags matching the upstream NixOS channel; the pipeline pushes the three ISOs and an updated `flake.lock` snapshot.
- **Optional `nomarchy-installer-vm`** rebuilt as a real flake app (not a one-off shell script) so users can install Nomarchy into a libvirt VM declaratively. - **Optional `nomarchy-installer-vm`** rebuilt as a real flake app (not a one-off shell script) so users can install Nomarchy into a libvirt VM declaratively.
- **Surface support module** via the relevant `nixos-hardware` profile + Surface kernel patches behind a `nomarchy.hardware.isSurface` toggle. - **Surface support module** via the relevant `nixos-hardware` profile + Surface kernel patches behind a `nomarchy.hardware.isSurface` toggle.
- **Move `programs.uwsm` Hyprland session out of `core/system/virtualization.nix`.** Session-manager config is wired in the virtualization module by historical accident — it's loaded unconditionally on every install and has nothing to do with libvirt/docker. Move to a dedicated `core/system/session.nix` (or fold into the Hyprland feature module) so the location matches the responsibility.
## 3. Pillar: Script & menu audit ## 3. Pillar: Script & menu audit

2
installer/install.sh
View File

@@ -1459,7 +1459,7 @@ generate_flake_config() {
if (( ${#_drives[@]} > 1 )); then if (( ${#_drives[@]} > 1 )); then
_main_luks_name="crypted_main" _main_luks_name="crypted_main"
fi fi
impermanence_opt=$'nomarchy.system.impermanence.enable = true;\n nomarchy.system.impermanence.mainLuksName = "'"$_main_luks_name"$'";' impermanence_opt=$'nomarchy.system.impermanence.enable = true;\n nomarchy.system.impermanence.mainLuksName = "'"$_main_luks_name"$'";\n nomarchy.system.impermanence.user = "'"$USERNAME"$'";'
fi fi
local PROFILE_SYSTEM_OPTS="" local PROFILE_SYSTEM_OPTS=""

1
lib/state-schema.nix
View File

@@ -50,7 +50,6 @@
fingerprint = false; fingerprint = false;
fido2 = false; fido2 = false;
hybridGPU = false; hybridGPU = false;
makima = false;
}; };
}; };