feat(system): professionalize system configurations

- Consolidate imperative system settings into /etc/nixos/state.json - Implement nomarchy.system options for DNS, Wifi powersave, Timezone, and hardware features - Add declarative browser policies for Chromium/Brave based on theme - Update toggles scripts to mutate system JSON and run sys-update --impure - Remove obsolete imperative browser theme and redundant system modules
2026-04-04 19:22:47 +01:00
parent 42f515f4a9
commit 08e2b4e248
17 changed files with 225 additions and 164 deletions
--- a/bin/nomarchy-setup-dns
+++ b/bin/nomarchy-setup-dns
@@ -1,27 +1,9 @@
-#!/bin/bash
+#!/usr/bin/env bash

-lock_dns_to_resolved() {
-  for file in /etc/systemd/network/*.network; do
-    [[ -f $file ]] || continue
-    if ! grep -q "^\[DHCPv4\]" "$file"; then continue; fi
+# Configure DNS declaratively for Nomarchy NixOS.
+# Hybrid: updates /etc/nixos/state.json and runs sys-update.

-    if ! sed -n '/^\[DHCPv4\]/,/^\[/p' "$file" | grep -q "^UseDNS="; then
-      sudo sed -i '/^\[DHCPv4\]/a UseDNS=no' "$file"
-    fi
-
-    if grep -q "^\[IPv6AcceptRA\]" "$file" && ! sed -n '/^\[IPv6AcceptRA\]/,/^\[/p' "$file" | grep -q "^UseDNS="; then
-      sudo sed -i '/^\[IPv6AcceptRA\]/a UseDNS=no' "$file"
-    fi
-  done
-}
-
-unlock_dns_to_dhcp() {
-  for file in /etc/systemd/network/*.network; do
-    [[ -f $file ]] || continue
-    sudo sed -i '/^\[DHCPv4\]/{n;/^UseDNS=no$/d}' "$file"
-    sudo sed -i '/^\[IPv6AcceptRA\]/{n;/^UseDNS=no$/d}' "$file"
-  done
-}
+STATE_FILE="/etc/nixos/state.json"

 if [[ -z $1 ]]; then
  dns=$(gum choose --height 6 --header "Select DNS provider" Cloudflare Google DHCP Custom)
@@ -30,32 +12,8 @@ else
 fi

 case "$dns" in
-Cloudflare)
-  sudo tee /etc/systemd/resolved.conf >/dev/null <<'EOF'
-[Resolve]
-DNS=1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com
-FallbackDNS=9.9.9.9 149.112.112.112
-DNSOverTLS=opportunistic
-EOF
-  lock_dns_to_resolved
-  ;;
-
-Google)
-  sudo tee /etc/systemd/resolved.conf >/dev/null <<'EOF'
-[Resolve]
-DNS=8.8.8.8#dns.google 8.8.4.4#dns.google
-FallbackDNS=9.9.9.9 149.112.112.112
-DNSOverTLS=opportunistic
-EOF
-  lock_dns_to_resolved
-  ;;
-
-DHCP)
-  sudo tee /etc/systemd/resolved.conf >/dev/null <<'EOF'
-[Resolve]
-DNSOverTLS=no
-EOF
-  unlock_dns_to_dhcp
+Cloudflare|Google|DHCP)
+  sudo jq ".dns = \"$dns\"" "$STATE_FILE" > /tmp/state.json && sudo mv /tmp/state.json "$STATE_FILE"
  ;;

 Custom)
@@ -66,14 +24,12 @@ Custom)
    echo "Error: No DNS servers provided."
    exit 1
  fi
-
-  sudo tee /etc/systemd/resolved.conf >/dev/null <<EOF
-[Resolve]
-DNS=$dns_servers
-FallbackDNS=9.9.9.9 149.112.112.112
-EOF
-  lock_dns_to_resolved
+  
+  # Convert to JSON array
+  dns_array=$(echo "$dns_servers" | jq -R 'split(" ")')
+  sudo jq ".dns = \"Custom\" | .customDns = $dns_array" "$STATE_FILE" > /tmp/state.json && sudo mv /tmp/state.json "$STATE_FILE"
  ;;
 esac

-sudo systemctl restart systemd-networkd systemd-resolved
+echo "DNS configured to $dns. Applying changes..."
+sudo sys-update