feat(system): professionalize system configurations

- Consolidate imperative system settings into /etc/nixos/state.json - Implement nomarchy.system options for DNS, Wifi powersave, Timezone, and hardware features - Add declarative browser policies for Chromium/Brave based on theme - Update toggles scripts to mutate system JSON and run sys-update --impure - Remove obsolete imperative browser theme and redundant system modules
2026-04-04 19:22:47 +01:00
parent 42f515f4a9
commit 08e2b4e248
17 changed files with 225 additions and 164 deletions
--- a/modules/system/browser.nix
+++ b/modules/system/browser.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, lib, ... }:
+
+let
+  palettes = import ../../themes/nomarchy-palettes.nix;
+  activeThemeName = config.nomarchy.system.theme;
+  currentPalette = (palettes.${activeThemeName} or palettes.nord).palette;
+  
+  # Hex color for browser theme (base00 is background)
+  themeColor = "#${currentPalette.base00}";
+  
+  policy = {
+    BrowserThemeColor = themeColor;
+    BrowserColorScheme = if lib.strings.hasInfix "light" activeThemeName then "light" else "dark";
+  };
+in
+{
+  # Chromium policies
+  programs.chromium.extraOpts = policy;
+  
+  # Brave policies (Brave on NixOS also respects some chromium policies if set via extraOpts)
+  # But better to use the specific brave module if available or just the same policy.
+}
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@@ -2,12 +2,17 @@

 {
  imports = [
+    ./options.nix
+    ./state.nix
    ./plymouth.nix
    ./sddm.nix
    ./hardware.nix
    ./audio.nix
    ./bluetooth.nix
    ./network.nix
+    ./browser.nix
    ./impermanence.nix
  ];
+
+  time.timeZone = config.nomarchy.system.timezone;
 }
--- a/modules/system/hardware.nix
+++ b/modules/system/hardware.nix
@@ -46,5 +46,22 @@ in
        options brcmfmac feature_disable=0x82000
      '';
    })
+
+    # System Features
+    (mkIf config.nomarchy.system.features.fingerprint {
+      services.fprintd.enable = true;
+    })
+
+    (mkIf config.nomarchy.system.features.fido2 {
+      security.pam.u2f = {
+        enable = true;
+        control = "sufficient";
+        cue = true;
+      };
+    })
+
+    (mkIf config.nomarchy.system.features.hybridGPU {
+      services.supergfxd.enable = true;
+    })
  ];
 }
--- a/modules/system/network.nix
+++ b/modules/system/network.nix
@@ -1,5 +1,26 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:

+let
+  cfg = config.nomarchy.system;
+in
 {
  networking.networkmanager.enable = true;
+  
+  networking.networkmanager.wifi.powersave = cfg.wifi.powersave;
+
+  # DNS Configuration
+  networking.nameservers = if cfg.dns == "Cloudflare" then [ "1.1.1.1" "1.0.0.1" ]
+                           else if cfg.dns == "Google" then [ "8.8.8.8" "8.8.4.4" ]
+                           else if cfg.dns == "Custom" then cfg.customDns
+                           else []; # DHCP lets NM handle it
+
+  services.resolved = {
+    enable = cfg.dns != "DHCP";
+    dnssec = "allow-downgrade";
+    domains = [ "~." ];
+    fallbackDns = [ "9.9.9.9" "149.112.112.112" ];
+    extraConfig = ''
+      DNSOverTLS=opportunistic
+    '';
+  };
 }
--- a/modules/system/options.nix
+++ b/modules/system/options.nix
@@ -0,0 +1,50 @@
+{ lib, ... }:
+
+{
+  options.nomarchy.system = {
+    dns = lib.mkOption {
+      type = lib.types.enum [ "Cloudflare" "Google" "DHCP" "Custom" ];
+      default = "DHCP";
+      description = "Selected DNS provider.";
+    };
+    customDns = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [];
+      description = "List of custom DNS servers.";
+    };
+    wifi = {
+      powersave = lib.mkOption {
+        type = lib.types.bool;
+        default = true;
+        description = "Whether to enable wifi power saving.";
+      };
+    };
+    timezone = lib.mkOption {
+      type = lib.types.str;
+      default = "UTC";
+      description = "System timezone.";
+    };
+    features = {
+      fingerprint = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Whether to enable fingerprint support.";
+      };
+      fido2 = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Whether to enable FIDO2 support.";
+      };
+      hybridGPU = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Whether to enable hybrid GPU support (supergfxd).";
+      };
+    };
+    theme = lib.mkOption {
+      type = lib.types.str;
+      default = "nord";
+      description = "Selected system theme.";
+    };
+  };
+}
--- a/modules/system/state.nix
+++ b/modules/system/state.nix
@@ -0,0 +1,28 @@
+{ lib, ... }:
+
+let
+  stateFile = "/etc/nixos/state.json";
+  
+  # Helper to read state from a file, with a default
+  readState = file: default:
+    if builtins.pathExists file then
+      builtins.fromJSON (builtins.readFile file)
+    else
+      default;
+
+  systemState = readState stateFile {};
+in
+{
+  config.nomarchy.system = {
+    dns = systemState.dns or "DHCP";
+    customDns = systemState.customDns or [];
+    wifi.powersave = systemState.wifi.powersave or true;
+    timezone = systemState.timezone or "UTC";
+    features = {
+      fingerprint = systemState.features.fingerprint or false;
+      fido2 = systemState.features.fido2 or false;
+      hybridGPU = systemState.features.hybridGPU or false;
+    };
+    theme = systemState.theme or "nord";
+  };
+}
--- a/modules/system/supergfxd.nix
+++ b/modules/system/supergfxd.nix
@@ -1,6 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  services.supergfxd.enable = true;
-  # NixOS handles the configuration of supergfxd
-}