Adds command-line flags and safety rails on top of the existing install.sh.
CLI:
- `--dry-run` generates the flake into /tmp/nomarchy-dryrun.* and parse-checks
every produced file without touching the disk. Skips LUKS / user password
prompts and the destructive confirmation; sets safe stub values.
- `--resume` reloads non-secret answers from /tmp/nomarchy-install.state.sh
(saved via `declare -p` after each step) and skips already-answered prompts.
Passwords are NEVER persisted — the user re-enters them.
- `--help` documents the flags.
Safety:
- Bail early in check_environment if /sys/firmware/efi is absent. The disko
config assumes UEFI + ESP; on a BIOS-booted host we'd partially install
before failing.
- After nixos-install, run `nixos-rebuild dry-build --flake /etc/nixos#$HOSTNAME`
inside `nixos-enter` to surface evaluation errors while the live ISO is
still around to fix them.
- ENABLE_IMPERMANENCE now defaults to "" so the resume path can distinguish
"not yet asked" from a deliberate "false" answer.
Generated config:
- system.nix gets `zramSwap.enable = true;` — near-free memory headroom on
small machines, harmless on big ones (kernel only uses it under pressure).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
e66537523a