11 files changed, 44 insertions, 49 deletions

diff --git a/modules/system/access/gnupg.nix b/modules/system/access/gnupg.nix
index aeffb23..e60da30 100644
--- a/modules/system/access/gnupg.nix
+++ b/modules/system/access/gnupg.nix
@@ -4,6 +4,8 @@
     enable = true;
     enableSSHSupport = true;
     pinentryPackage = pkgs.pinentry-curses;
+    enableExtraSocket = true;
+    enableBrowserSocket = true;
 
     settings = {
       enable-ssh-support = "";
diff --git a/modules/system/boot/default.nix b/modules/system/boot/default.nix
index 0798849..acc21fb 100644
--- a/modules/system/boot/default.nix
+++ b/modules/system/boot/default.nix
@@ -6,7 +6,7 @@
   ];
 
   boot = {
-    tmp.cleanOnBoot = true;
+    tmp.cleanOnBoot = false;
     crashDump.enable = false;
     consoleLogLevel = 3;
     kernelPackages = pkgs.linuxPackages_zen;
diff --git a/modules/system/datetime/default.nix b/modules/system/datetime/default.nix
deleted file mode 100644
index 97ba4c8..0000000
--- a/modules/system/datetime/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  imports = [
-    ./datetime.nix
-    ./openntpd.nix
-  ];
-}
diff --git a/modules/system/datetime/openntpd.nix b/modules/system/datetime/openntpd.nix
deleted file mode 100644
index ec59d5b..0000000
--- a/modules/system/datetime/openntpd.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ pkgs, ... }:
-{
-  services.openntpd = {
-    enable = true;
-
-    extraConfig = ''
-      listen on 127.0.0.1
-      listen on ::1
-    '';
-  };
-
-  environment.systemPackages = [ pkgs.openntpd ];
-}
diff --git a/modules/system/default.nix b/modules/system/default.nix
index d6f1656..87ef0a7 100644
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@@ -2,11 +2,12 @@
   imports = [
     ./access
     ./boot
-    ./datetime
     ./desktop
     ./networking
     ./services
     # ./gaming.nix
+    ./input.nix
+    ./locale.nix
     ./encryption.nix
     ./programs.nix
     ./systemd.nix
diff --git a/modules/system/datetime/datetime.nix b/modules/system/input.nix
index 7451fa2..e9f3c45 100644
--- a/modules/system/datetime/datetime.nix
+++ b/modules/system/input.nix
@@ -1,13 +1,5 @@
 { pkgs, ... }:
 {
-  time.timeZone = "America/Los_Angeles";
-  location.provider = "geoclue2";
-
-  services = {
-    chrony.enable = false;
-    timesyncd.enable = true;
-  };
-
   i18n = {
     defaultLocale = "en_US.UTF-8";
 
diff --git a/modules/system/locale.nix b/modules/system/locale.nix
new file mode 100644
index 0000000..2648b82
--- /dev/null
+++ b/modules/system/locale.nix
@@ -0,0 +1,9 @@
+{ secrets, ... }:
+{
+  location.provider = "geoclue2";
+
+  time = {
+    timeZone = "${secrets.timezone}";
+    hardwareClockInLocalTime = false;
+  };
+}
diff --git a/modules/system/networking/default.nix b/modules/system/networking/default.nix
index 6f25d7b..ddc8d10 100644
--- a/modules/system/networking/default.nix
+++ b/modules/system/networking/default.nix
@@ -1,3 +1,4 @@
+{ secrets, ... }:
 {
   imports = [
     ./firewall
@@ -11,15 +12,22 @@
     ./tor.nix
   ];
 
+  # https://discourse.nixos.org/t/rebuild-error-failed-to-start-network-manager-wait-online/41977/2
+  systemd.network.wait-online.enable = false;
+  boot.initrd.systemd.network.wait-online.enable = false;
+
+  # https://discourse.nixos.org/t/how-to-disable-networkmanager-wait-online-service-in-the-configuration-file/19963/2
+  systemd.services.NetworkManager-wait-online.enable = false;
+
   networking = {
     hostName = "kansai";
     nftables.enable = true;
 
     nameservers = [
-      "1.1.1.1#one.one.one.one"
-      "1.0.0.1#one.one.one.one"
-      "9.9.9.9#dns.quad9.net"
-      "149.112.112.112#dns.quad9.net"
+      "45.90.28.0#${secrets.nextdns_id}.dns.nextdns.io"
+      "2a07:a8c0::#${secrets.nextdns_id}.dns.nextdns.io"
+      "45.90.30.0#${secrets.nextdns_id}.dns.nextdns.io"
+      "2a07:a8c1::#${secrets.nextdns_id}.dns.nextdns.io"
     ];
 
     timeServers = [
@@ -29,11 +37,4 @@
       "3.nixos.pool.ntp.org"
     ];
   };
-
-  # environment.etc."resolv.conf" = lib.mkForce {
-  #   source = pkgs.writeText "resolv.conf" ''
-  #     ${lib.concatStringsSep "\n" (map (ns: "nameserver ${ns}") config.networking.nameservers)}
-  #     options edns0
-  #   '';
-  # };
 }
diff --git a/modules/system/networking/dhcpcd.nix b/modules/system/networking/dhcpcd.nix
index 99ac0f3..f46b657 100644
--- a/modules/system/networking/dhcpcd.nix
+++ b/modules/system/networking/dhcpcd.nix
@@ -1,6 +1,12 @@
 {
   networking.dhcpcd = {
     wait = "background";
-    extraConfig = "noarp";
+
+    extraConfig = ''
+      noarp
+      nooption domain_name_servers, domain_name, domain_search, host_name
+      nooption ntp_servers
+      nohook resolv.conf, wpa_supplicant
+    '';
   };
 }
diff --git a/modules/system/networking/networkmanager.nix b/modules/system/networking/networkmanager.nix
index e5fdfc1..8672759 100644
--- a/modules/system/networking/networkmanager.nix
+++ b/modules/system/networking/networkmanager.nix
@@ -5,7 +5,8 @@
   networking.networkmanager = {
     enable = true;
     plugins = [ pkgs.networkmanager-openvpn ];
-    dns = "systemd-resolved";
+    # dns =
+    dns = "none"; # "systemd-resolved"
     wifi.backend = "iwd";
 
     unmanaged = [
diff --git a/modules/system/networking/resolved.nix b/modules/system/networking/resolved.nix
index 632ca7a..82effbe 100644
--- a/modules/system/networking/resolved.nix
+++ b/modules/system/networking/resolved.nix
@@ -1,15 +1,17 @@
+{ secrets, ... }:
 {
   services.resolved = {
-    enable = true;
+    enable = false;
     dnssec = "true";
     domains = [ "~." ];
     dnsovertls = "true";
+    llmnr = "false";
 
-    fallbackDns = [
-      "1.1.1.1#one.one.one.one"
-      "1.0.0.1#one.one.one.one"
-      "9.9.9.9#dns.quad9.net"
-      "149.112.112.112#dns.quad9.net"
-    ];
+    extraConfig = ''
+      DNS=45.90.28.0#${secrets.nextdns_id}.dns.nextdns.io
+      DNS=2a07:a8c0::#${secrets.nextdns_id}.dns.nextdns.io
+      DNS=45.90.30.0#${secrets.nextdns_id}.dns.nextdns.io
+      DNS=2a07:a8c1::#${secrets.nextdns_id}.dns.nextdns.io
+    '';
   };
 }