Restructure flake.nix for a simpler config for building different images off the same NixOS config.

2025-10-11 00:08:02 -04:00
parent 69b5cf9217
commit 3bf84445a3
121 changed files with 2937 additions and 3074 deletions
--- a/nix/configuration/roles/network/default.nix
+++ b/nix/configuration/roles/network/default.nix
@@ -2,7 +2,6 @@
  config,
  lib,
  pkgs,
-  pkgs-dda3dcd3f,
  ...
 }:

@@ -19,114 +18,108 @@
 {
  imports = [ ];

-  networking.dhcpcd.enable = lib.mkDefault false;
-  networking.useDHCP = lib.mkDefault false;
-  networking.nameservers = [
-    "194.242.2.2#doh.mullvad.net"
-    "2a07:e340::2#doh.mullvad.net"
-  ];
-  services.resolved = {
-    enable = true;
-    # dnssec = "true";
-    domains = [ "~." ];
-    fallbackDns = [ ];
-    dnsovertls = "true";
-  };
-
-  # Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection hanging and timing out. This causes firefox startup to take an extra 10+ seconds.
-  #
-  # Test with: drill @127.0.0.53 odo.home.arpa
-  # TODO: The 127.0.0.1 address should probably be moved to a host-specific file.
-  networking.extraHosts = ''
-    127.0.0.1 ${config.networking.hostName}.home.arpa
-    10.216.1.1		homeserver
-    10.216.1.6		media
-    10.216.1.12		odo
-    10.216.1.14		neelix
-    10.216.1.15		quark
-    10.217.1.1		drmario
-    10.217.2.1		mrmanager
-  '';
-
-  networking.wireless.iwd = {
-    enable = true;
-
-    settings = {
-      General = {
-        EnableNetworkConfiguration = true;
-        AddressRandomization = "network";
-      };
-      # Rank = {
-      #   BandModifier2_4GHz = 1.0;
-      #   BandModifier5GHz = 1.0;
-      #   BandModifier6GHz = 1.0;
-      # };
-      DriverQuirks = {
-        PowerSaveDisable = "*";
-        # ath12k_pci
-      };
-      # Scan = {
-      #   DisablePeriodicScan = true;
-      #   DisableRoamingScan = true;
-      # };
+  options.me = {
+    network.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install network.";
    };
  };
-  environment.systemPackages = with pkgs; [
-    iw
-    iwd
-    ldns # for drill
-    arp-scan # To find devices on the network
-    wavemon
-    dhcpcd # For Android USB tethering.
-  ];

-  boot.extraModprobeConfig = ''
-    # Set wifi to US
-    options cfg80211 ieee80211_regdom=US
-  '';
+  config = lib.mkIf config.me.network.enable {
+    networking.dhcpcd.enable = lib.mkDefault false;
+    networking.useDHCP = lib.mkDefault false;
+    networking.nameservers = [
+      "194.242.2.2#doh.mullvad.net"
+      "2a07:e340::2#doh.mullvad.net"
+    ];
+    services.resolved = {
+      enable = true;
+      # dnssec = "true";
+      domains = [ "~." ];
+      fallbackDns = [ ];
+      dnsovertls = "true";
+    };

-  boot.kernel.sysctl = {
-    # Enable TCP packetization-layer PMTUD when an ICMP black hole is detected.
-    "net.ipv4.tcp_mtu_probing" = 1;
-    # Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi.
-    # We set this in the kernel config, but include this here for unoptimized builds.
-    "net.ipv4.tcp_congestion_control" = "bbr";
-    # Don't do a slow start after a connection has been idle for a single RTO.
-    "net.ipv4.tcp_slow_start_after_idle" = 0;
-    # 3x time to accumulate filesystem changes before flushing to disk.
-    "vm.dirty_writeback_centisecs" = 1500;
-    # Adjust ttl
-    "net.ipv4.ip_default_ttl" = 65;
-    "net.ipv6.conf.all.hop_limit" = 65;
-    "net.ipv6.conf.default.hop_limit" = 65;
-    # Enable IPv6 Privacy Extensions
-    "net.ipv6.conf.all.use_tempaddr" = 2;
-    # Enable IPv6 Privacy Extensions
-    # This is enabled by default in nixos.
-    # "net.ipv6.conf.default.use_tempaddr" = 2;
+    # Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection hanging and timing out. This causes firefox startup to take an extra 10+ seconds.
+    #
+    # Test with: drill @127.0.0.53 odo.home.arpa
+    # TODO: The 127.0.0.1 address should probably be moved to a host-specific file.
+    networking.extraHosts = ''
+      127.0.0.1 ${config.networking.hostName}.home.arpa
+      10.216.1.1		homeserver
+      10.216.1.6		media
+      10.216.1.12		odo
+      10.216.1.14		neelix
+      10.216.1.15		quark
+      10.217.1.1		drmario
+      10.217.2.1		mrmanager
+    '';
+
+    networking.wireless.iwd = {
+      enable = true;
+
+      settings = {
+        General = {
+          EnableNetworkConfiguration = true;
+          AddressRandomization = "network";
+        };
+        # Rank = {
+        #   BandModifier2_4GHz = 1.0;
+        #   BandModifier5GHz = 1.0;
+        #   BandModifier6GHz = 1.0;
+        # };
+        DriverQuirks = {
+          PowerSaveDisable = "*";
+          # ath12k_pci
+        };
+        # Scan = {
+        #   DisablePeriodicScan = true;
+        #   DisableRoamingScan = true;
+        # };
+      };
+    };
+    environment.systemPackages = with pkgs; [
+      iw
+      iwd
+      ldns # for drill
+      arp-scan # To find devices on the network
+      wavemon
+      dhcpcd # For Android USB tethering.
+    ];
+
+    boot.extraModprobeConfig = ''
+      # Set wifi to US
+      options cfg80211 ieee80211_regdom=US
+    '';
+
+    boot.kernel.sysctl = {
+      # Enable TCP packetization-layer PMTUD when an ICMP black hole is detected.
+      "net.ipv4.tcp_mtu_probing" = 1;
+      # Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi.
+      # We set this in the kernel config, but include this here for unoptimized builds.
+      "net.ipv4.tcp_congestion_control" = "bbr";
+      # Don't do a slow start after a connection has been idle for a single RTO.
+      "net.ipv4.tcp_slow_start_after_idle" = 0;
+      # 3x time to accumulate filesystem changes before flushing to disk.
+      "vm.dirty_writeback_centisecs" = 1500;
+      # Adjust ttl
+      "net.ipv4.ip_default_ttl" = 65;
+      "net.ipv6.conf.all.hop_limit" = 65;
+      "net.ipv6.conf.default.hop_limit" = 65;
+      # Enable IPv6 Privacy Extensions
+      "net.ipv6.conf.all.use_tempaddr" = 2;
+      # Enable IPv6 Privacy Extensions
+      # This is enabled by default in nixos.
+      # "net.ipv6.conf.default.use_tempaddr" = 2;
+    };
+
+    environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
+      hideMounts = true;
+      directories = [
+        "/var/lib/iwd" # Wifi settings
+      ];
+    };
  };
-
-  # nixpkgs.overlays = [
-  #   (final: prev: {
-  #     inherit (pkgs-dda3dcd3f)
-  #       linux-firmware
-  #       ;
-  #   })
-  # ];
-
-  # nixpkgs.overlays = [
-  #   (final: prev: {
-  #     linux-firmware = prev.linux-firwmare.overrideAttrs (old: rec {
-  #       version = "20250917";
-
-  #       src = final.fetchFromGitLab {
-  #         owner = "kernel-firmware";
-  #         repo = "linux-firmware";
-  #         tag = version;
-  #         hash = "sha256-tecFB6WYEfBK9FB7Rv8nHLdefIoaFnHrpzXBl+iSd08=";
-  #       };
-  #     });
-  #   })
-  # ];
-
 }