Merge networking.nix and cleanup

2025-12-24 16:56:09 +01:00 · 2025-12-24 16:56:09 +01:00 · abd055702b
commit abd055702b
parent 7c553dbf9a
5 changed files with 97 additions and 91 deletions
--- a/profiles/desktop.linux.nix
+++ b/profiles/desktop.linux.nix
@ -6,23 +6,31 @@
 }:
 let
  inherit (lib) mkForce mkIf;
-
-  sessionVariables = {
-    NIXOS_OZONE_WL = "1";
-  };
-
-  systemPackages = with pkgs; [
-    adwaita-icon-theme
-    ddcutil
-    gsettings-desktop-schemas
-    libva-utils
-    sbctl
-    vdpauinfo
-  ];
 in
 {
  environment = {
-    inherit sessionVariables systemPackages;
+    sessionVariables = {
+      NIXOS_OZONE_WL = "1";
+    };
+
+    systemPackages = with pkgs; [
+      adwaita-icon-theme
+      ddcutil
+      gsettings-desktop-schemas
+      libva-utils
+      sbctl
+      vdpauinfo
+    ];
+  };
+
+  environment.etc = mkIf config.programs._1password-gui.enable {
+    "1password/custom_allowed_browsers" = {
+      text = ''
+        firefox
+        brave
+      '';
+      mode = "0755";
+    };
  };

  fonts.fontconfig = {
@ -59,24 +67,34 @@ in
    };
  };

-  programs.dconf.enable = config.programs.niri.enable;
-  security.polkit.enable = config.programs.niri.enable;
+  networking.wireless.iwd = {
+    enable = true;
+    settings = {
+      General = {
+        EnableNetworkConfiguration = false; # Let dhcpcd handle this
+      };
+      Network = {
+        EnableIPv6 = true;
+        NameResolvingService = "systemd";
+      };
+    };
+  };
+
+  networking.dhcpcd = {
+    enable = true;
+    extraConfig = ''
+      nohook resolv.conf  # Don't let dhcpcd manage resolv.conf
+    '';
+  };
+
+  networking.resolvconf.enable = !config.services.resolved.enable;

  programs._1password-gui = mkIf config.programs._1password.enable {
    enable = true;
    polkitPolicyOwners = [ "pml" ];
  };

-  environment.etc = mkIf config.programs._1password-gui.enable {
-    "1password/custom_allowed_browsers" = {
-      text = ''
-        firefox
-        brave
-      '';
-      mode = "0755";
-    };
-  };
-
+  programs.dconf.enable = config.programs.niri.enable;
  programs.niri.enable = true;

  programs.regreet = {
@ -93,6 +111,7 @@ in

  programs.zsh.enable = true;

+  security.polkit.enable = config.programs.niri.enable;
  security.rtkit.enable = config.services.pipewire.enable;

  services.pipewire = mkIf config.services.pipewire.enable {
@ -102,10 +121,26 @@ in
    jack.enable = true;
  };

-  system.activationScripts.openrgbOff =
-    mkIf (config.services.hardware.openrgb.startupProfile == "off") ''
-      mkdir -p /var/lib/OpenRGB
-      cp ${../config/openrgb/off.orp} /var/lib/OpenRGB/off.orp
-      chmod 0644 /var/lib/OpenRGB/off.orp
+  services.resolved = {
+    enable = true;
+    dnssec = "true";
+    domains = [ "~." ];
+    fallbackDns = [
+      "9.9.9.9#dns.quad9.net"
+      "149.112.112.112#dns.quad9.net"
+      "2620:fe::fe#dns.quad9.net"
+      "2620:fe::9#dns.quad9.net"
+    ];
+    extraConfig = ''
+      DNSOverTLS=yes
    '';
+  };
+
+  system.activationScripts.openrgbOff =
+    mkIf (config.services.hardware.openrgb.startupProfile == "off")
+      ''
+        mkdir -p /var/lib/OpenRGB
+        cp ${../config/openrgb/off.orp} /var/lib/OpenRGB/off.orp
+        chmod 0644 /var/lib/OpenRGB/off.orp
+      '';
 }
--- a/profiles/minimal.linux.nix
+++ b/profiles/minimal.linux.nix
@ -1,4 +1,10 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
 let
  bootUUID = config.machine.fs.bootUUID;
  efiUUID = config.machine.fs.efiUUID;
@ -6,11 +12,15 @@ let
  cryptrootUUID = config.machine.fs.cryptrootUUID;
 in
 {
-  imports = [ ./minimal.nix ];
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    ./minimal.nix
+  ];

  boot.bootspec.enable = true;
  boot.initrd = {
    kernelModules = [ ];
+    luks.devices."cryptroot".device = "/dev/disk/by-uuid/${luuksUUID}";
    systemd.enable = true;
  };

@ -43,8 +53,6 @@ in
    ];
  };

-  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/${luuksUUID}";
-
  environment.sessionVariables = {
    EDITOR = "${pkgs.vim}/bin/vim";
    PAGER = "${pkgs.less}/bin/less";
@ -104,6 +112,9 @@ in
    options = [ "subvol=@var_lib_portables" ];
  };

+  services.avahi.enable = true;
+  services.openssh.enable = true;
+
  swapDevices = [ ];

  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
--- a/profiles/minimal.nix
+++ b/profiles/minimal.nix
@ -1,5 +1,12 @@
-{ pkgs, ... }:
-
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  inherit (lib) mkDefault;
+in
 {
  environment.systemPackages = with pkgs; [
    curl
@ -8,6 +15,11 @@
    wget
  ];

+  networking = {
+    hostName = "${config.machine.hostName}";
+    useDHCP = mkDefault true;
+  };
+
  nix.package = pkgs.lixPackageSets.stable.lix;

  nix.settings = {